I recently changed all my passwords because of that damn Heartbleed thing, and I’ve been lost ever since. I knew all my passwords before because I’d had them for over a decade (that’s a bad thing), but finding secure new ones that I could remember turned into a nightmare. Then I found this post on Lifehacker that had this excellent password generator from security expert Bruce Schneier. Here’s my version of the Schneier method:

1. Pick a quote or a sentence that’s easy for you to remember.

2. Break it down into only the first letters of the words. (Use a sentence that has at least twelve words.)

3. Replace some of the letters with numbers and symbols (i = 1, o =0, a = @, s = $, etc.) and capitalize the first letter and any proper nouns (to make it easy to remember which letters you capitalized). Since it’s a quote, make sure you put quotation marks around it.

4. Take your password to a password checker to see its strength (the linked checker tells you how long it would take different kinds of hacking to crack your password).

5. If the password is strong, open a new doc and see if you can type that password from memory.

6. Profit.

So, for example:

1. “Blue canary in the outlet by the light switch who watches over you.”

2. Bcitobtlswwoy

3. Bc1t0btl$ww0y

4. It gets an 84% strength rating and would take a medium sized bonnet 173,000 years to crack that. BUT if I put quotation marks around it, it goes up to 99%.

5. Bonus: I get to sing “Birdhouse in my Soul” every time I sign on to Amazon. (Kidding. Not my password for anything because I’m not dumb as a rock.)

Of course, it doesn’t have to be a quotation, it just has to be a sentence you remember. “Veronica peed on Mona’s head, so please don’t pet the yellow fur” works, too. Vp0Mh$pdptyf gets a 77%/2000-years-to-crack-on-a-botnet rating; with quotation marks it goes to 91% and two billion years. (One thing to remember: if you make a document labeled “Passwords” and put your password into it, you’ve just shot yourself in the internet foot.)

Coming soon-ish: the rest of the Leverage posts, more questionables, and some ruminations on writing and critiquing. Probably.