Frequently Asked Question

How do I create a strong password, that I also can remember?
Last Updated 10 years ago

The most common problems with passwords are:
1. Too short or to weak
2. Too complex or to long, which makes it hard to remember, then people starts writing it down on papers!
3. Never change password late nights, or if you are tired or drunk!!! You will not remember it the next day :) We have no "password reset" function, such reset functions is almost impossible to have in an end-to-end security system, as we use.

It's easiest to create and remember good passwords/passphrases if you combine words with some random letters and numbers or special characters. Here is one method that you can try.

Step 1: - select words or sentence
In this case we take a sentence, but you can also use 2-6 words that you know you will remember.
Do not shoot the Messenger


Step 2: - change casing and spacing
Transform it by injecting random characters as spaces, before/after the words, and also change some lowercase letter to an uppercase letter,
We used "<" and ">" for the first two spaces, then we removed one space between the words "the Messenger", but we also kept one space intact between the words "shoot the",  in this step we changed it to:
Do<not>shoot thEMessenger


Step 3: - add prefix and/or suffix
It's always good to have some extra characters as prefix (before the first word) or/and a suffix (the ending), you can vary the length, anywhere between 1-10 characters. If you want multiple letters as suffix/prefix, it's easier to remember if you repeat the same character. You can choose any character as prefix and/or suffix, it doesn't matter so much, but if your passphrase do not yet have any special characters, like: !"#¤%&/()=--;:_|<[]>, then you should use some special character as prefix/suffix. We choose "=" as prefix,  and then two "Z" as suffix, now we have:
=Do<not>shoot thEMessengerZZ


Step 4 (optional): - replace simliar looking characters
Finally you can also replace characters with other similiar looking characters, do not replace too many, 1-4 is replaces is enough.
this time we will replace one "o" (in shoot) with "()" which then becomes "sho()t", and we also replaced an "s" with a "5" in the word "Mes5enger", so the final passphrase in this example is:
=Do<not>sho()t thEMes5engerZZ

Step 4 is optional, you can get a good password with only step 1-3, but it it will be even stronger if you include step 4.


If you only use the sentence "Do not shoot the Messenger" as password, without modifications, it may be possible to crack it with a dictionary or hybrid-attack. But after our transformations it becomes a 29-letter strong passphrase that will be impossible to bruteforce within a reasonable time frame. Especially if the provider is using a strong password-hashing-function (#1), like OpenPGP S2K.

After you have changed or created a strong password, it's recommended to log out and login several times in a row, directly after creation, this will help your brain remember the keystrokes.


(#1)

Many mail providers and sites don't use strong password-hashing-functions (also called KDF) , such providers are more vulnerable to all sorts of password attacks. Today it's not enough to use a single hash process on the user passwords, like one or two iterations of MD5 or SHA1. We must use multi-iterating hash functions, that also includes the addition of a random string of characters, called "salt". These functions can be the difference between a successful password attack or total failure for the attacker. Some good password functions (KDF:s) are: OpenPGP S2K, PBKDF2 and SCRYPT. Ask you current provider which KDF they use,  if they don't know what a KDF is or if they don't use any at all, you should avoid them, or at least don't store any sensitive information with them.


Password creation example 2:


Step 1: - select words or sentence

Big brother is watching you

Step 2: - change casing and spacing

In this case, we remove two spacings and we replace two other with "#", and we change "you" to uppercase "YOU".
bigbrother#iswatching#YOU

Step 3: - add prefix and/or suffix
We add "§" as prefix and "!!" as suffix.
§bigbrother#iswatching#YOU!!

Step 4 (optional): - replace simliar looking characters
We replace the word the "b" in "brother" with an "8" = "8rother", and "is" become "i$", "watching" becomes "w@tch1ng"
§big8rother#i$w@tch1ng#YOU!!



Password creation example 3:

Step 1: - select words or sentence

You can also select a sentence or words from another language to make it harder, in this case we take German words for "One Two Three"
Eins Zwei Drei

Step 2: - change casing and spacing

In this case, we replace spacings with ","
Eins,Zwei,Drei

Step 3: - add prefix and/or suffix
We add "11" as prefix and "***" (three stars) as suffix
11Eins,Zwei,Drei***

Step 4: - replace simliar looking characters
We replace the word the "i" in "Eins" with a line "|" (this is NOT a uppercase i or lowercase L), you get this usually  with an ALT GR-key + some other key, check on your keyboard. Finally we replace "D" in "Drei" with "[" + ")" = "[)" which looks like a D
11E|ns,Zwei,[)rei***

Even though this is only 17 characters, it will hold up against most password attacks, after it has been processed in our strong KDF.


If you somehow managed to forget your password
Leave the computer. Take a pen and papers and take a walk to the park, or something, it's always good to get some "space".
You must try to remember the sentence or words you selected in Step 1.
If you still can't remember them, well then you are doomed! But if you remember the sentence/words, then you have a decent chance to get your memory back. Because it's only 3 steps left...
Step 2 was "change casing and spacing", write down the different variations on the paper from those you get the strongest "feeling" for.
Step 3 was "add prefix and/or suffix", again write down those prefixes/suffixes you have the strongest memory of.
Step 4 was "replace simliar looking characters", this is probably the easiest to remember, since you know the sentence/words, there are not too many combinations of characters that looks "similar" to you, write down the words/sentence with those letters you may have changed.

Go back to your computer and use a Text editor and write the first combinations from your paper, then use copy and paste in the text editor to create a full list of all possible password combinations you can get from your paper and memory. One password per row. Save the textfile with you combinations.Then try to login. Use Cut and paste on every row from the text document you created, paste it into the password field, make sure you don't copy any newline characters or other white spaces. If you use Cut and Paste instead of Copy and paste, you can keep track on which row you are on. But don't save the document anymore, since you been using Cut and Paste you don't want to overwrite the original "combination-file" that have all combinations you have written down earlier. If you had no success logging in and you reached the end of your text document, load the combination-file, and check if you missed some possible combination, if so, try these new combinations. After you succeeded with your password recovery OR if you have given up, open your "combination-file" and delete all rows, and paste some junk/random text inside it, then save your file, and then delete it. This is a simple form of secure delete, because you don't want anyone else finding this file.

By using a "password system" you have much better chance to remember your password. Without any system at all it's much harder to get your password back from your memory. With our method above, it's only 4 steps you need to re-create.



Options
If you use our USB-key feature together with our webmail, you don't need long passwords at all, 7-8 characters is enough. Since the USB-feature adds a file with 64 randomly created characters to your password, this feature is also called "keyfile", or "two factor authentication".
We are also adding a mobile app, which also gives you Two Factor Authentication to the login process.

If you use a password manager, like our SafeBox, you only need to remember one strong password, all the passwords to all your other sites can then be randomized passwords.


But there are many different ways to create strong passwords, below is a link to a Google search:
https://www.google.com/search?q=create+strong+password


Keywords: private key protect select password strong password create password passphrase keyfile two factor authentication

Please Wait!

Please wait... it will take a second!