Last time, I discussed how to create easy-to-use strong passwords using a simple system of substituting symbols and numbers for some letters, and symbols and letters for some numbers. Using this system allows you to use words and numbers you normally shouldn’t use to create a base password that is difficult to crack.
A STEP BEYOND
Another vital aspect of password security is to only use each password once. Isn’t that rather difficult? I have passwords at 178 websites, plus those for other accounts. How could I have nearly 200 unique passwords? The short answer is: I don’t. I wasn’t practicing security like this when I started.
Still, having unique passwords for each logon is a very good idea. If you have only one or a small handful, anyone who got hold of your password from one place could gain access to all your accounts. It is especially essential that any passwords to financial or shopping sites be unique.
This challenge again becomes easy with this system. Simply add the site or company name to your base password, using the substitutions you’ve selected. If I had an account at Bank of America (I don’t), I could use my base password and add BofA to the end: 12P|$^^i+h05BofA. I could substitute symbols for everything but the F if I chose: 12P|$^^[email protected] Again, if I decide I will make substitutions in the company/site name, I should be consistent and do that all the time and using the same substitutes, so I never have to think about anything related to the password. In this example, I shortened the name because I didn’t want to type out BankOfAmerica each time, but I could. I might decide that I will use the company’s full name, i.e., Amazon, or maybe just the first 5 or so letters every time (Amazo, Banko, HSN, DIYTh). Five might not be unique enough–7 or 10 might be better. Evaluate where you have accounts and see what would be best.
You could elect to put the name before your base password instead of after. You could even split it, using a certain number of letters before and a certain number after. You could use a “-“ or “_” to separate the base from the additions.
The key to making this easy is consistency. Always using the same format for the company or site name. Always using the same substitutions. The fewer permutations, the easier it will be to remember your pattern.
Once you have established your base password and decided how you will handle the company names, you’ll find you have an easy-to-remember but very strong unique password for every logon. The seemingly impossible has become quite doable.
If you want to know how good your password is, check out the meter at www.passwordmeter.com. Not only does this tell you the strength, it clearly shows you the weak and strong areas. 12P|$^^i+h05 is rated 100%, but I still lost some points for having 1 and 2 sequentially, as well as “i” and “h.” Even though they were separated by the “+” symbol, they were still recognized as a sequential series of letters.