A hacker told me how to make a super strong password I can actually remember

Advertisement

Ryan Manship and Kurt Muhl

Paul Szoldra/Tech Insider

Kurt Muhl (right), an ethical hacker with RedTeam Security.

May 5 was World Password Day, so it's time to change up your passwords to something better.

Advertisement

Fortunately, there's an easy way to come up with a complex password that you won't end up forgetting five minutes later.

"One of the easiest ways to give yourself a strong password would be using a full sentence," said Kurt Muhl of RedTeam Security, an ethical hacking firm in St. Paul, Minn.

The full-sentence technique works like this: Think of an everyday phrase that you can remember, like "My #1 favorite thing in the world is my family," or as Muhl gives as an example, "I bought my house for $1."

Then you take that sentence and convert it to a password by grabbing the first letter of each word. "I bought my house for $1" then becomes Ibmhf$1.

Advertisement

"That's going to give your uppercase, lowercase, a number, and special characters in there," Muhl said. "It's something that's easy to remember. All you gotta do is remember that sentence."

It seems simple, yet many people still resort to weak passwords, which hackers can easily guess using free software tools like John the Ripper. A password that has a word found in a dictionary with a number thrown on the end is something that a tool like "John" could break in about an hour, Muhl explained.

Passwords like "123456" or "password" - consistently found on worst password lists - would only take seconds to crack.

"That is the first thing that we try to go after," Muhl said.

As Muhl explained, John works off dictionary lists - massive text files you can find on any number of hacker forums - that contain words, phrases, numbers, and other password possibilities. It basically keeps trying combinations of words and numbers until it gets it right, which wouldn't take long if the password is particularly weak.

Advertisement

But Muhl's technique makes a dictionary attack fairly impossible, since it's not a word at all. The password becomes even stronger if you have more characters, since the added length ups the number of possibilities.

"The longer your passwords could possibly be," Muhl said. "The more guesses it's gonna take for me to get it right."

NOW WATCH: The biggest security mistakes people make when buying things online