Easy Password Algorithms

UPDATE: I’ve had a change of heart on this subject, mainly because this method allows an attacker to compromise your entire set of passwords by capturing only one password and reconstructing the algorithm.  The preferred method for password management is to think in terms of PASS-PHRASE, more than PASSWORD.

A sixteen character passphrase  made with lowercase and uppercase letters (example: BirdMyBlueAwning) is very hard to crack. In fact it has a total of 4.1e+62 combinations.  An eight character complex password (example: shDW4xQ$) has 1.05e+65 combinations, but is much harder to remember.  Add a few extra characters on to the simple example and the math becomes even more favorable.

Constructing those pass-phrases can be as simple as determining something you KNOW, POSSESS, and a PLACE.

BiologyDiamondFlorida -or- HistoryHarleyFrance

Or take a favorite catch-phrase plus the name of your pet

IamWhatIamJoeCool -or- ResistanceIsFutileHenry

These are all easy to remember, type quickly, and hard to break.


Do you use the same credentials across multiple sites? Yeah, me too. Every account should have a unique password, but the human brain isn’t good at remembering strings of characters. How can we manage our passwords without risking all our accounts?

One approach is to use a password management service like LastPass or LogMeOnce. I don’t use this type of service, but letting them manage your passwords can be a convenient way to maintain extremely complex passwords that you don’t have to remember.

My personal approach is to create a password algorithm that I use across all websites. I never have to REMEMBER my passwords. Using a little data I can RECONSTRUCT my passwords for any site using my own custom algorithm.

The key is to remember the algorithm rather than the resulting password. My technique is to combine things that change (the website URL) with things that stay the same (my unique characteristics).

Here’s a few (fictitious) examples that I hope will make things clear for you.


Something that Changes: Website URL

Your Street name: Lake Ave

Your Birthday: December 7, 1984

Special Character: #

The algorithm could look something like this…

(Special Character)+(Street Name)+(URL’s 1st and 2nd letters)+(Your Full Birthday)+(URL’s 3rd and 4th Letters)

The resulting password for amazon.com would look like this… #Lakeam12784az

For eBay.com… #Lakeeb12784ay

For facebook.com… #Lakefa12784ce


Those are 14 character passwords.  Brute forcing those with today’s technology would be very difficult.

Lets try another example.


Something that Changes: Website URL

Your Pet’s name: Fido

Your College ID#:  87902

Special Character: !

The algorithm might be

(pet’s name)+(first four letters of URL)+(Special Character)+(College ID#)

google.com – Fidogoog!87902

LinkedIn.com – Fidolink!87902

yahoo.com – Fidoyaho!87902


Once you learn your personal algorithm you can construct and reconstruct your passwords for any site.

There is one glaring weakness, though.  If someone learns your algorithm they’ll know how to reconstruct all your passwords, too. This could be an advantage if you need your trusted assistant or spouse to access your accounts.

If this has helped you or you have feedback on the technique please leave a comment. Thanks for reading!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s