By Published on

How to create a password purely in your head?

We all know the reason why to make passwords complex and long enough. It's easy with a help with computer program, but can you suggest simple methods to do this without resorting to technology?

Some people replace characters with similar numbers (A -> 4, B -> 8), some say you should use long phrases ("In summer 2025 I visited aunt Betty").

In the first case you can bet that also attackers know typical replacements and their attack dictionaries already contain the most used variants (password -> p4$$w0rd).

The second method could work but it assumes you are a good blind typist and you don't make mistakes when all you see is asterisks.

Invent your own method (algo)

But... it can be done without torturing yourself, just use algoritms, your own secret method of password creation.

In addition, when you use a different algorithm for each domain (business, private, home, email, wifi) and use topics you love and remember, then you most likely won't need to change passwords for years.

So here is the method:

use your favorit music album(s) for any business account you have to use:

"CD released in 2019, Sergio Cammariere, La fine di tutti i guai"

and then shorten it to first letters separated with a special character (compressed mnemonic method): in this case the long phrase would become

"cd2019/SC/Lfdtig".

Then for different domains use "Oscar awards for best movies" for private email/web accounts, and e.g. "Apple Mac models you ever owned, from year to year" for your home accounts.

Of course, you choose the topics you genuinely love and remember, that's the whole point. Everybody is different and remembers different things, so use your own uniqueness!

“What about predictability?”

Any human‑generated method becomes predictable if an attacker gets one sample.

This is true for anything that isn’t fully random, and our phrase‑compression mnemonic method appears random only to those who do not know the algorithm.

Because the truth is that humans generate patterns. Once one pattern leaks, the attacker can try to generalize it.

But here’s the key distinction:

This method reduces global predictability

because you’re not using one universal algorithm — you’re using domain‑specific mental namespaces:

  • business -> jazz albums
  • private -> Oscar winners
  • home -> Apple Mac models you ever owned

It’s like having different architectural layers with different routing rules. A breach in one layer doesn’t automatically reveal the logic of the others.

This is better than what most people do.

You’re essentially doing:

  • entropy partitioning,
  • contextual keyspaces,
  • mental sharding.

If someone gets your “jazz album” password, they still have no clue that your business passwords come from Oscar winners.

This is exactly how you design resilient systems: compartmentalization + independent failure domains.

Most people never think this way.

So is this method predictable?

Only if:

  • someone knows your interests,
  • AND knows you use them as password seeds,
  • AND gets at least one password,
  • AND can infer your transformation rules.

That’s a lot of prerequisites.

If you compare that to the average user who does:

Christmas2025!

this approach is orders of magnitude stronger.