This post was first published in 2009. It has since been updated with additional tips.
However it’s one thing to know what the bad passwords are and another thing altogether to create good ones. One of the greatest frustrations I have with the digital world is trying to manage all my passwords for the many online sites I use. Security experts tell you to create a separate password for each site to reduce the risk of hacking/identity theft, etc. Unfortunately, these experts have a much better opinion of my memory than is actually warranted.
And even if you didn’t care at all about security and decided to just use the same password everywhere, there are a lot of web developers out there that think they’re doing you a favor by forcing you to add special characters or mix cases to make your password stronger. Of course, then you forget whether a particular site is the one where you’ve added a number to the end or started it with a capital letter and there you are, clicking on the “Forgot Your Password?” link yet again. (For some reason, it seems like the sites I visit least regularly have the most stringent requirements, virtually guaranteeing a password reset on each visit…)
That’s why I’ve come up with a system that works for me by letting me create different passwords for each site while making it easy for me to remember what they are. If you struggle with this yourself, you may want to give this system a try.
Note: A lot of people use password managers, like SplashData’s own SplashID software, that let you create totally different passwords for each site while making you only have to remember one master password. I’ve never used one of these myself because I worry if that master password is hacked, well then, so are the rest of your passwords. However, I’ll be honest that I haven’t explored them enough to fully understand how they work so you may want to check some out yourself.
My system requires just 3 easy steps:
Tip: You may want to practice typing your new password a few times before committing to it, just to make sure there are no particularly awkward keystrokes involved.
Now you have a system that gives you a unique password for each site that meets most security recommendations, while making it much easier to remember.
Of course, like any system, it’s not perfect. For example, some sites will insist you use a special character while others don’t allow them. So clearly a single password can’t meet both those criteria. Some sites have specific length requirements, which your password may not meet. And there are some places that force you to change your password every x months, so that can still cause problems. (However, I’ve mostly seen the latter practiced by employers for corporate systems rather than for public websites. So if you end up having to constantly bug your firm’s tech support, they really have no one to blame but themselves…) But this system should work for the majority of public sites you visit.
When I first wrote this post back in 2009, I felt like the process above was sufficient and it’s certainly better than using the exact same password across all sites. However, the number of stories of stolen user data seems to be growing. So here are a few more tips you can use that will help you keep your passwords safe without putting you back in the situation of having to remember so many passwords you eventually give up.
Finally, using a two-factor authentication (2FA) system, where you have to do more than just log in with username/password, is one of the strongest ways to protect your data (although still not 100% secure). This CNET article is a few years old but it still has a good explanation of how 2FA works.
Two-factor authentication: What you need to know (FAQ) (CNET, 05/23/13)
If this all seems like too much of a hassle to you, you should read this account of what happened to more-than-tech-savvy Wired journalist Mat Honan back in 2012—it might just change your mind. It begins: “In the space of one hour, my entire digital life was destroyed.”
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ (Wired, 08/06/12)
CES 2019, FaceTime bug, streaming the Super Bowl, Wi-Fi calling for Android phones.
Big-ticket electronics get all the attention, but these little extras are always appreciated.
When 240 characters just isn't enough...
When ten seconds just isn't enough...
Microsoft is doing its darndest to hide the classic Control Panel from Windows 10 users.…