LinkedIn got hacked and we heard it. Techradar got hacked and we heard it once more. We all know it. But we don’t do it. We all know that we should have unique passwords for different websites but how do we remember hundreds of them. Here is something that I would suggest. Something simple, easy and it works!
The scheme
Let me first describe the scheme. Let’s consider that you have to remember the unique passwords of 3 different websites:
• Facebook
• Hotmail
• LinkedIn
The first step is to create a scheme or template for your password. Here are some possible example:
Example 1: You can build your unique password by combining in the following manner: First Letter of the website+ Last letter of the website+ your easy password+ some special characters
Let’s assume that your easy password is “mypasswd”. Now that’s a lame password just for example. You can use a non-guessable password.
Let’s assume that “some special characters” are – @#$5
So you can build your unique passwords as follows:
• Facebook: fkmypasswd@# (first character of the website: ‘f’ ; last character: ‘k’)
• Hotmail:hlmypasswd@#$5
• Linkedin:lnmypasswd@#$5
Example 2: You can create more complicated schemes which are function of the name of the website. First two characters in reversed order+ your easy password+ special characters+ last two characters of the site
• Facebook: afmypasswd@#$5ko
• Hotmail: ohmypasswd@#$5li
• LinkedIn: ilmypasswd@#$5ni
In this way you can create hundreds of unique passwords and all that you need to remember is just “your easy passwd” and a scheme.
PS: Please note that the above scheme should be used as a model and not an exact solution. You can create your own password as a function of the website name. However ensure that “your easy password” is non-guessable/non-dictionary words and the “special character” string is at least of length 3 or more.
Advertisement:
This is a neat method of having unique passwords, and remembering them.
http://www.dynamicnet.net/2012/03/weak-passwords-open-doors/ is an article I wrote which can help come up with the easy password to remember, but hard to crack part…. then just add your prefix per network.
Cool tips… you could also just use lastpass.com to generate secure passwords, remember them for you and log you into your sites automatically
friends,
please don’t use any site or generator to generate password. if u r generating it means u r in RISK!!!!!
use ur own idea special characters
The problem with this scheme is the following:
Many people use obscene language when creating passwords and I’ve seen everything from F**kmypasswd to F**kwebsite.com and as such not only do I have rules to test for common “curse” words but also their shorthand forms, fk, bch, sux, etc. I know I personally also have rules that add every possible 2 letter combination to a password to test and I’m sure other password crackers do the same.
Another downside is that you aren’t emphasizing the absolute need for mixed-case, alphanumeric passwords with more than one special character. The strength of your first recommended password “fkmypasswd@#” would increase exponentially had it been written as such: “FkmYP4@s5wd@#” which still leads it to your method of unique password generation while adding enough complexity to make it get past the mediocre password cracker.
The recommendation to use LastPass (or any password manager which easily integrates with your web browser) is great so long as you ensure that you create a password that utilizing mixed-case alphanumeric AND special characters and is of adequate length (I suggest no less than 16 character passwords and if something is automatically generating them and saving them for you there is no excuse not to have a minimum of 16 character password).
What does one do when a password is due to be changed? Sites don’t all have the same password changing times. A fellow winds up with different formulas for different sites. Is there a formula that takes care of that? Some sites complain if a password is too similar to an earlier password. Also, VMS can maintain a password history for each user which prevents reusing old passwords for a certain time.