Lesson 1: User Name and Password Best Practices
Lesson on best practices for preserving user name and password security; random password generator; KeePassX
Last updated
Was this helpful?
Lesson on best practices for preserving user name and password security; random password generator; KeePassX
Last updated
Was this helpful?
Question: What’s harder than remembering an 8-12-character password with two special characters, two upper case letters, two lower case letters and a number?
Answer: Remembering 207 of them!
According to Dashlane, a provider of a commercially available password manager, by 2020, the average number of online accounts per internet user will be 207! Further, a 2017 Verizon Data Breach Report showed that 81% of breaches are caused by weak or reused passwords.
It is virtually impossible to manage your user names and passwords without a robust system. So that’s exactly what we are going to help you with today.Its time to say goodbye to lost or forgotten passwords, and time to kick that reused password habit.
We want to help you create a very secure, memorable master password which you will use to access your encrypted USB drive and KeePassX. You may also want to use the steps below to create other highly secure passwords to access your computer or mission critical accounts, like your online banking.
Ideally, you will store all your passwords in your new KeePassX password manager, which will mean that, technically, this new master password will become the only password you ever need to remember. It will control access to all your other user name and password data.
So let’s create a strong master password.
Remember! The longer the password, the harder it is to crack. We recommend that your new password be at an absolute minimum 12 characters long.
The following technique, adapted from Kevan Lee of Lifehacker, is our personal favorite as it combines phonetics which are easy to recall and muscle memory which locks it in.
Step 1. Go to a random password generator site such as or
Hint: Linux users can use this command to quickly create a strong password:
Step 2. Start generating random passwords at least 12 characters in length that include numbers, capital letters and punctuation.
Step 3. Scan the passwords as they come up, looking for phonetic structure—basically try to find passwords that you can sound out in your head. For example: zz1imoP#ato5 might sound like "zee limo plato five" or Sra%cES99#pp might sound like "scratches ninety nine App". Copy the ones that you can easily make work phonetically to a text file, together with the sounds-like translation.
Step 4. Once you have about 20 of these passwords in a text file, type them out, taking note of how easy they are to type and how quickly you can type them. Easy-to-type passwords will get stuck in your muscle memory quicker.
Step 5. Select one of these phonetic, muscle-memory passwords, write it down and pop it in your purse or wallet – not forever, just until you are 100% sure you have it memorized. This is going to be your new master password. If you ever need to change your master password in the future, you can use this technique again. Tip: don’t write “MASTER PASSWORD” on it!
Best practice for committing your master password to memory is as follows – set a reminder alarm on your phone to log into KeyPassX at least every two hours on the first day, making sure to log out when you are finished.
Assuming you make it through to lesson 3, you will have moved all your passwords to KeyPassX, and you will no doubt start using your master password at least once a day. That will ensure you get your password committed to muscle memory by typing it in every time you need to log into anything. Just for safe measure, keep the piece of paper somewhere safe. Once you are sure you have the password 100% committed to memory – burn it.