• Home
  • About T4L
    • Contact
    • Legal Stuff
  • Subscribe

Tech for Luddites

News, Views, and How-Tos for a Digital World

Make Your Passwords Stronger AND Easier to Remember

Last Updated: February 1, 2016

Note: This post may contain affiliate links, which means if you end up buying something from the site it goes to, I may get a commission for the referral. If you are using an ad blocker, some product information and links may not display unless you whitelist techforluddites.com.

This post was first published in 2009. It has since been updated with additional tips.

Invalid PasswordIn January 2016, SplashData released its annual list of the worst passwords most commonly used in 2015. And believe me, they’re pretty bad. Here are the top five:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345

However it’s one thing to know what the bad passwords are and another thing altogether to create good ones. One of the greatest frustrations I have with the digital world is trying to manage all my passwords for the many online sites I use. Security experts tell you to create a separate password for each site to reduce the risk of hacking/identity theft, etc. Unfortunately, these experts have a much better opinion of my memory than is actually warranted.

And even if you didn’t care at all about security and decided to just use the same password everywhere, there are a lot of web developers out there that think they’re doing you a favor by forcing you to add special characters or mix cases to make your password stronger. Of course, then you forget whether a particular site is the one where you’ve added a number to the end or started it with a capital letter and there you are, clicking on the “Forgot Your Password?” link yet again. (For some reason, it seems like the sites I visit least regularly have the most stringent requirements, virtually guaranteeing a password reset on each visit…)

That’s why I’ve come up with a system that works for me by letting me create different passwords for each site while making it easy for me to remember what they are. If you struggle with this yourself, you may want to give this system a try.

Note: A lot of people use password managers, like SplashData’s own SplashID software, that let you create totally different passwords for each site while making you only have to remember one master password. I’ve never used one of these myself because I worry if that master password is hacked, well then, so are the rest of your passwords. However, I’ll be honest that I haven’t explored them enough to fully understand how they work so you may want to check some out yourself.

My system requires just 3 easy steps:

  1. Start by picking a “base” password of at least 8 letters that will be easy for you to remember but not something too obvious like the name of your kids or the city you live. For example, I might go with “luddites”. (I don’t! 🙂 )
  2. Make at least one of the characters uppercase and add at least one number and one special character (e.g. @ # & etc.) to it. While the most obvious choice is to add the number and special character to the end of the password, a better idea is to replace similar letters with them. For example, a “!” can take the place of an “l” or “i” and a “5” can be used for an “s”. So if my base is “luddites”, it now becomes “Ludd!te5”.
  3. The next step is the one that will make the security folks happy—and more important, reduce your risk of being hacked. For each site that requires a password, add a 2- or 3-character prefix that is tied to the name of the site. For example, my passwords could be “boaLudd!te5” for Bank of America, “fbLudd!te5” for Facebook, and “vzwLudd!te5” for Verizon Wireless.

Tip: You may want to practice typing your new password a few times before committing to it, just to make sure there are no particularly awkward keystrokes involved.

Now you have a system that gives you a unique password for each site that meets most security recommendations, while making it much easier to remember.

Of course, like any system, it’s not perfect. For example, some sites will insist you use a special character while others don’t allow them. So clearly a single password can’t meet both those criteria. Some sites have specific length requirements, which your password may not meet. And there are some places that force you to change your password every x months, so that can still cause problems. (However, I’ve mostly seen the latter practiced by employers for corporate systems rather than for public websites. So if you end up having to constantly bug your firm’s tech support, they really have no one to blame but themselves…) But this system should work for the majority of public sites you visit.

Additional Tips

When I first wrote this post back in 2009, I felt like the process above was sufficient and it’s certainly better than using the exact same password across all sites. However, the number of stories of stolen user data seems to be growing. So here are a few more tips you can use that will help you keep your passwords safe without putting you back in the situation of having to remember so many passwords you eventually give up.

  • Make your base password stronger. In the article I linked to above, it notes that the most common password used in 2015 was “123456.” Even if you use the system above, having such a simple base password would make it a lot easier to crack. So don’t use common number patterns, words (e.g. “password”), keystrokes (e.g. “asdf”), birthdates, pet names, etc. It’s also better if you can avoid using a single word that can be found in the dictionary as automated hacking systems can find those quickly enough. Instead, use a combination of two or more words or an acronym for a phrase that’s meaningful to you alone.
  • Use more than one base password. The data about you on some sites is probably more important to you than others. For example, you would probably be more upset to find out your bank password was stolen than your Twitter password. So you could have a few different base passwords for different kinds of sites: One for sites containing financial information, one for social media sites, one for membership sites, etc.
  • Don’t click links or download files from unknown sources. Data breaches aren’t always a result of websites being hacked. Data is also frequently stolen from individual users’ computers through malware programs that were installed on them. This generally happens when you click a link or download a file from an email or website. If you’re not sure if a link is safe, don’t click it. If it was in an email supposedly sent by your friend, send them a separate note first to ask if they really did send you that link.
  • Never give your password to someone claiming to be from a company. Reputable companies never ask for it. If you get a notice that your password has been compromised, don’t click the link they provide. Type in the company website URL yourself to see if there’s a notice there or, better yet, call the company’s customer service number.

Finally, using a two-factor authentication (2FA) system, where you have to do more than just log in with username/password, is one of the strongest ways to protect your data (although still not 100% secure). This CNET article is a few years old but it still has a good explanation of how 2FA works.

Two-factor authentication: What you need to know (FAQ) (CNET, 05/23/13)

If this all seems like too much of a hassle to you, you should read this account of what happened to more-than-tech-savvy Wired journalist Mat Honan back in 2012—it might just change your mind. It begins: “In the space of one hour, my entire digital life was destroyed.”

http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ (Wired, 08/06/12)

Filed Under: How To, In the News, Privacy/Security, Updates, Web Tagged With: password

If you found this post helpful, maybe your friends will too (hint, hint)!

To receive future blog posts in your Inbox, please fill out the form below.

Individual Posts Weekly(ish) Digest Monthly Newsletter

Comments for this page are closed. You can provide comments or ask questions via email at feedback@techforluddites.com. Unfortunately I cannot guarantee that I will be able to reply to every question I receive, but I will try.

Featured Posts

Streaming Media Players: A Comparison Chart

A comparison of features between the Amazon Fire TV, Roku, Apple TV, and Google Chromecast, including price, supported content providers, and more.

T4L TOP TEN

Stop the Email Threading Madness

Learn how to change your email inbox to list messages in the order they come in.

Amazon Fire TV Stick vs Roku Streaming Stick+: Which One Is Right for You?

A comparison of the main differences between these two popular and affordable streaming media players.

Windows 10: Change the Default Programs for Opening Files

Learn how to choose which programs you want to use with different kinds of files, instead of the ones Microsoft wants you to use.

Send Your Cable TV Signal Wirelessly to Another Room

Product review and how-to for systems that let you get cable/satellite programming on additional TV sets even if there are no outlets nearby.

Post Photos and Videos to Instagram from Your Computer

If, like me, you spend more time on your PC than on your phone or tablet, you can still share content on Instagram.

Create Different Headers in Word

Step-by-step instructions for using section breaks so you can have different headers on different pages of your Microsoft Word document.

Replacing List Bullets with Images Using CSS

Replacing standard HTML list bullets with images can be a great way to tie them into your site’s overall theme and make pages more visually appealing.

Streaming Media: Frequently Asked Questions

Still have questions about how a streaming media player like the Roku, Amazon Fire TV, Apple TV or Google Chromecast works? Find answers here!

Send Messages to People You Don’t Know on LinkedIn

While there are several ways to do this, purchasing an individual InMail is often the best option—and the most difficult to find.

The Twitter Hashtag: What Is It and How Do You Use It?

Learn what this ubiquitous symbol means and how to make the most of it in your tweets.

Privacy Policy

Data collected through forms on this website is used only for the purposes stated up front, e.g. sending newsletters to subscribers who opt in, selling products or services, etc. Tech for Luddites does not share or sell data collected. Learn more from our privacy policy.

Ads and Affiliate Links

Tech for Luddites is a participant in a number of advertising and affiliate programs. This means that if you take certain actions (click through, make a purchase) from links on this website, T4L may receive a commission for the referral. Learn more.

Contact Tech for Luddites

T4L is not currently accepting guest or sponsored posts. To ask a question, share a tech tip, suggest a post topic, or provide general feedback on this site, please email info@techforluddites.com.

Copyright © 2021 Tech for Luddites. All rights reserved. Content may not be copied without written permission.

This Site Uses Cookies

Learn more about T4L's privacy policy.