Passwords reinvented: easy to remember, hard to crack

How do you make passwords for the cloud that are hard for hackers to guess yet easy to remember?

Below is a transcript of the video. It was prepared in a hurry and may contain spelling errors.


David Engel: What I am talking about here – for your visual reference – is the old way.

The old way of doing passwords, where you would try to make it hard to crack the passwords. But the converse is its hard to remember. Easy to remember is easy to crack.

Now, I want to introduce you to a new way that I’ve invented to make passwords that’s easy to remember but hard to crack.

The old way is that, you end up with – in reality – the same password for several sites. The new way is to have different passwords for each website. But it’s still going to be easy to remember.

The solution – the basic premise of this all – is to make password the domain of the website. If you go to Chase bank, your password is going to be chase.com. But that’s to easy to crack.

So, we are gone add one or two layers of complexity to that. Lets take a look at this example of what a strong password is.

Strong passwords generally are about eight to twelve characters, so we are just going to say an average of ten characters. They usually have a capital letters and two numbers. This is what its look like here: the red would be the capital letter the two numbers will be over here, the blue.

We are gonna plug in an example into that… Chase.com. Using this password policy this is what we would do. We would take the first four letters of the domain, and if there isn’t four we would just repeat. If it was bed.com we would use B,e,d, and then b again. B ,E, D and then B.

But, that’s not what we are doing here cause Chase has more than four letters. Chase, C,h,a,s,e and then 03. Can you think how I got the number three (3) for this? Three (3) is the number that the letter C corresponds to in the alphabet.

It’s attached at the end here. And what we are gone do is we are gone stick a key in the middle. This 2,4,6 and 8 is going to get populated with a key, that corresponds to this number – to three (3). So three (3) is actually a file then we pull out of the file, we pull out a key and plug it in there.

Let’s take a look at the key that we have – this will be explained further – so bare with me. This is the key. The key is DOOR. Plugged it right in the Chase…look at this password. If anyone finds this password, unless they’ve watched this video and know you are using this… its very unlikely that their going to be able to make any sense of this at all.

So, we’ve got this big blurb of characters and you can see how it changes for each website. Because if you have another thing… you know… another bank or web-site that begins with C, you would still use the same file, but you’ll have different letters for the name of the domain.

Now lets talk about… and I’ll get to in about a second… how to make this even more secure. There is an additional thing that you can do after this.

But let’s talk for a second about making this happen. Actually creating the file so that each domain that you have gone have unique file.

In order to do that, we have a check list. We need to create the files. These files should be actual things that live in your house.

When I said live you don’t have to be alive . Things like doors, chairs, windows… they should be scenes that you are familiar with in your house or your office . Then, after we install those files, we are going to attach a number or a letter to those files.

We saw 3 was door, let’s see where’s that came from.

You have got a scene in here.

You can visit his website at, I believe it’s JermeyLevine.com. He is a designer in California. He did this.

Anyway, we see here a scene – lets pretend this is your house – let’s assign some files to it. Let’s say number one (1) is the Chair here.

Let’s say number two (2) is the Window.
Number three (3) is the Door.
Number four is the Globe.
Number five is the Desk.

You can see when we went to that that CHASE example, we had three was door. File number three. C its three (3). It’s Door. D is four (4). E is five (5).

The next step in this sequence is to create letters and attach those letters to the files.

This could be really in order that you want. I just suggest to make it easy; you leave the letters as they are in the alphabet. So A is the first letter in the alphabet. B is the second, C is the third, D is the fourth, etc.

Now, once you do this, the easiest way is to move in some sort of motion around your house.

You’ll start looking at the chair. Touch the chair. Run over and sit on it. Say ONE is Chair. TWO is Window. THREE is Door. FOUR is Globe. Spin it around. FIVE is desk.

You will install this room after room. This is based on a memorization theory by Ron White, who is memorization coach. You can find him by Googling “Ron White.” He uses object to create files and than associates memories with that. It works quite nicely in this case.

Once you do that for every letter of the alphabet, you will be able to just plug-in, based on this formula. You will be able to just plug-in, first four letters of the domain “one , two , three , four.” Then you will just add your key.

You might be asking, “How do I make this safe? What if someone finds my C key. What if someone hacks me and finds my F key.

Well that’s good, that’s good question to ask because that’s actually happened to me before where someone got one my keys.

So, what you do is… you do a shift. Imagine all the letters of the alphabet on a circle. Instead of memorizing new files, you just memorize a shift.

Meaning if you do, for example, a +3 shift… you are gonna take the alphabet here and you are gone shift it over three (3) in the positive direction. L becomes O. L –> M –> N –> O.

O is the new L because we did a +3 shift. You would insert the file +3.

Instead of… in this example… Door. We would do file number 6. 3+3 = 6.

Now, it could stay this way… or you can change the number at the end. It all depends on your preference. But make sure you make a rule and you stick to the rule. Be consistent.

That’s pretty much how it works. The shifts, I want to point out, could also be negative one (-1). Where you move in the other (reverse) direction.

If you go past to Z… let’s say you are at Y and you do a +3 shift. Y is the 25th letter of the alphabet. There is no 28th letter of the alphabet . So you would go Z –> A –> B.

Y would become the file B.

3 thoughts on “Passwords reinvented: easy to remember, hard to crack

  1. Great tool for keeping your online privacy! Unless you’re using a computer with a keystroke tracking tool. Do you have a solution?

  2. Here’s what you do if you suspect a keystroke tracker:

    1. Write the first line: Chas03.

    Then you go back and CLICK with the mouse in between the letters to fill in the encrypted key.

    You can click in a random order if your hand-eye coordination is good enough.

  3. The Password Reinvented

    Internet security is broken, the bad guys are improving more quickly than the good guys, and nobody seems to know quite how to fix it. It’s no secret that malware targeting Web 2.0 applications is getting more complicated, as malicious code is written with more variants — all geared around password and identity theft. What makes defense difficult is that the compromise is likely to be at the user’s endpoint. The challenge is figuring out how to close the gap. What happens if this is a problem going forward and people continue to have bad experiences?

Leave a Reply