Keeping track of passwords can seem like a hassle. Most of us have multiple sites we visit which require password logins. So many, in fact, that it’s tempting to use the same username/password combo for all of them. Don’t. Otherwise, it takes only the compromise of a single site’s credentials to have a toppling domino affect on the security of all your online assets.
Fortunately, there is a fairly straightforward way to have different passwords for each site you use but still make the passwords easy enough to remember.
Creating Unique Passwords
Before you begin creating strong passwords, you need to consider the use of those passwords. The intent is to create strong passwords unique to each account, but easy enough to memorize. To do this, first begin by splitting the sites you frequently login to into categories. For example, your category list might read as follows:
- social networking sites
- auction sites
- ecommerce sites
- email accounts
- banking sites
- forums
A word of note here about forums. Never use the same password for a site’s forum as you would for logging into the site itself. Generally speaking, the security on forums is not as strong as it is (or should be) for the regular site and thus the forum becomes the weakest link in your security. This is why, in the example above, forums are split into a separate category.
Now that you have your categories, under each appropriate category, list the sites to which you must log in.
For example, if you have a Hotmail, gmail, and Yahoo account, list these under the category ’email accounts’. After you’ve completed the list, you’re ready to begin creating the strong, unique, and easy-to-remember passwords for each.
Creating Strong Passwords
A strong password should be 14 characters. Each character less than that makes it a little easier to compromise. If a site absolutely won’t allow a password that long, then adapt these instructions accordingly.
Using the 14 character password rule, use the first 8 characters as the common portion to all passwords, the next 3 to customize by category, and the last 3 to customize by site.
So the end result ends up like this:
common(8)|category(3)|site(3)
Following this simple rule, when you change your passwords in the future – which, remember, you should do often – you’ll only need to change the first common 8 characters of each.
One of the commonly recommended means of remembering a password is to first create a passphrase, modify it to the character limit, then begin swapping characters for symbols. So to do that:
- Come up with an 8 letter passphrase that is easy to remember.
- Take the first letter of each word to form the password.
- Substitute some of the letters in the word with keyboard symbols and caps (symbols are better than caps).
- Tack on a three letter abbreviation for the category, also replacing one of the letters with a symbol.
- Tack on a site specific three letter abbreviation, again replacing a single letter with a symbol.
As an example:
- In step 1 we might use the pass phrase: my favorite uncle was an air force pilot
- Using the first letters of each word, we end up with: mfuwaafp
- Then we swap some of those characters with symbols and caps: Mf{w&A5p
- Then we tack on the category, (i.e. ema for email, and swap out one character of ema: e#a
- Finally, we add the site abbreviation (i.e. gma for gmail) and swap out one character: gm%
We now have a password for our gmail account of Mf{w&A5pe#agm%
Repeat for each email site, so perhaps you end up with:
Mf{w&A5pe#agm%
Mf{w&A5pe#aY%h
Mf{w&A5pe#aH0t
Now repeat these steps for the additional categories and sites within those categories. While this may look hard to remember, here’s a tip to simplify – decide in advance what symbol you will equate with each letter. Be sure to check out these other tips for remembering passwords. You may be surprised to learn that some of the oldest advice may just be the wrong advice.