Creating an Impossible to Crack Password


An impossible to crack password is actually a misnomer. Give me enough time and the right software, and I can crack any password. This is what’s known as the “brute force” method of password cracking. It takes a little effort to configure the software and, usually, a huge amount of time to work through the trillions of different possible combinations. However, a password that would take password crunching software decades to crack is considered to be a password that is impossible to crack.

What Not to Use as a Password

Most people use some combination of letters and numbers that are easy to remember. A birth date, parts of your driver license number or social security number, a phone number, an anniversary; these are all examples of passwords that people pick because they’re easy to remember. However, if the person looking to break your password knows you, the fact that they’re easy to remember also means that they are most likely easy to guess, as well.

It happens to me at least once a week:

  • Me: “OK, so what’s the password you use to get into email?”
  • Client: “Password.”
  • Me: “Really? That’s it? And nobody has broken in yet?”

The one that is really frustrating to hear is “12345678”, though. “I can’t remember all those numbers and letters!.”

Don’t come crying to me when you discover that your PayPal or bank accounts have been broken into and emptied. You’re the one that is using a password that is one of the first five anyone tries when trying to guess a password. Get original. Get creative. Make it bulletproof.

How to Pick an Impossible to Crack Password

An impossible to crack password is one that doesn’t contain any identifying information, or it doesn’t contain enough identifying information to make cracking the password easy. Typically, if you follow the advice of security experts and pick random numbers, letters and punctuation, you’re going to have a password that is very secure, but you’re also going to have one that isn’t easy to remember. Tell me that you’d find W38kH)a3z* easy to remember and I’ll tell you that you’re not being completely honest with me or yourself. However, you can pick character combinations that look random, but aren’t.

The Easy-to-Remember/Hard-to-Guess Password

Most sites require passwords that are eight characters in length and contain upper- and lower-case letters and numbers; some sites even insist on having punctuation characters in the password to make guessing even more difficult. In order to have an impossible to crack password, I use a secret from message encryption, the substitution method. I use this method two ways. This method still uses information that is really easy to remember, but it puts that information together in hard-to-decipher ways.

The first way is by taking my kids’ initials and years of birth, then mixing them up. My kids are Casey and Justin and they were born in 1988 and 1990, respectively. So, a typical password might look something like Cm(0jM8*. If the site requires more than eight characters in the password, I might add my initials and birth year.

Have a Quote-Worthy Password

Use your favorite quote to create the ideal impossible to crack password. One of my favorites is an exchange between Sir Winston Churchill and Lady Nancy Astor:

“Lady Nancy Astor: Winston, if you were my husband, I’d poison your tea.
Churchill: Nancy, if I were your husband, I’d drink it.”

This can be turned into a hefty password using the substitution method: Take the first letter from each word, capitalize every third character, and substitute a punctuation character at either end. So, the password generated using the exchange above might look something like this: L@IywMH*pyT (Lady Astor If You Were My Husband I’d Poison Your Tea).

Make Your Password Musical

Another idea is to use the refrain or chorus from your favorite song. Do you have a favorite excerpt from a book or movie? Same thing: Take the first letters from each word, leave some lower case and make others upper case, toss in a number and/or punctuation, and you’ve got a password you’ll remember easily, but that others will crack their skulls against for hours unsuccessfully.

Quote a Favorite Book Passage

The substitution method also works by using a passage from a book. Open the book to any page and pick a paragraph. Using the first character on each line, read down eight lines (or however many lines the password requires) to create the basic password. Capitalize some of the letters, and substitute numbers and characters for some. My rule of thumb is that the letters “a” through “j” correspond to the numbers one through ten (a = 1, b= 2, etc.). Next, I’ll split the characters evenly between upper and lower case letters, numbers and characters, so an eight position password will have two lower-, two upper-case letters, two numbers, and two special characters.

What I Do

Every single website that I use that requires a password has a very different password. After creating and verifying my password, I input it into a table in a Word document with the name of the site, my username there, and my password. I then encrypt that file with a password that is 15 characters in length and memorize that password. I then upload the password file to a private server so I have access to my passwords no matter where I am. No, I don’t memorize any of my passwords, except the main one, but I also have impossible to crack passwords.

Do you have any password secrets you’d like to share? Drop me a line in the comments section below.

Photo Credit: Monty Montgomery