What I would do is invent strings of nonsense letters and numbers.

You're not dumb!

You're just used to thinking of new words instead of gibberish.

Example:

UR2NOZEE

Banksucksbig1

Banking4rme2

Money4me2

I8mysquirrel

I8mykitty2

Ithrewup2

Isaw2drs4it

I don't miss them.

...of "effallpasswords" with a number added.

"naturally" came with a capital letter or number. I just capitalized whatever word I chose and added a digit. Sometimes I also add punctuation such as an exclamation point, for example.

"incorrect" so that when you type it in wrong or forget what it is the response you get from the site is Your Password is "incorrect" and then you know your password...

Well, maybe that isn't such a good idea, but sounded interesting.

with significance and use the last two digits

Say I'm using my phone number

last two digits are 3 and 5

so I type in 3, then look at the letters down below...going diagonally to the right, there's e, d, c

then I type in 5 and the letters diagonally to the right underneath are t, g, b.

so my password would be (but it's not really)...

3edc5tgb

or you could go to the left diagonally, which would make it:

3wa5rdx

or left and right:

3wa5tgb



Or use three numbers, or four, as in your year of birth

just type in the number, then choose the letters below it, right or left diagonally.

using that method, I've never been told by sites that my password is "too weak", and the possibilities are almost endless

Is that I have three tries to get my password right, after which I need to call IT to unlock my system.

But a brute-force attack originating from some third party can apparently make billions of attempts with no trouble at all.


WTF? Why does a Nigerian Prince get more guesses to access my system than I do?

Many hackers know that a person will use the same password on most of their accounts so they grab the passwords from a hack of LinkedIn or another site, and then try that PW on your banking or paypal account. Also they could try brute force on a system that doesn't lock them out and then use that PW on systems that do.

Through no deliberate intent, I'm pretty good about varying my passwords, if only because they expire at different rates. Even if I started out with ORREX_ROCKS on all of my systems, by the end of the month I'd have had to to change half of them anyway.

Interesting point about "social engineering," though...

Add numbers and capitalize some. A lot easier to remember using a phrase.

For the "e". No one has ever thought of that I'll bet.

I just use random words, capitalize a letter, and add a number. E.g. --

docTor423
insoMnia27
albriGht89

And write em down. Don't use the same password twice.

Amazon even sells a book specifically for keeping a record of your passwords. Costs 7 bux.

Don't make it more complicated than it has to be.