The first rule when it comes to password security is to never use the same password twice.
Every account you have should use its own unique password. The reasoning behind this is because if you use one password for everything and someone obtains your password to one account, they have access to all of your accounts. This is what Spanish-speakers call “no bueno.”
The frustrating thing is that you might do everything right and take extra steps to be careful to keep your password(s) safe – you don’t open emails from unknown senders, you avoid suspicious links, etc. But maybe a service which you use is hacked. Dropbox, Yahoo, LinkedIn, Last.FM, (just to name a few) were all hacked in the last 12 months and are regular targets for hackers.
Which brings us to the ideal solution – use a different password for every account.
Yeah right. I can barely remember one password, let alone dozens.
Look, I think we’ve known each other long enough now that we can be honest with each other. I work with this stuff every day and the brutal, unforgiving truth is that it’s extremely unrealistic for anyone to try and remember even a couple passwords that are familiar enough to be remembered, yet different enough to be secure.
That’s why what I’m about to share with you will change everything for you when it comes to password security.
Don’t memorize a password, memorize a formula
The idea is so simple, yet powerful. Instead of trying to memorize a bunch of different passwords, create a formula for how you come up with passwords and then make it website-specific or service-specific to customize it for each account.
Now you’re memorizing a single formula instead of a bunch of passwords.
No matter what website you’re on, as long as you know the formula, you can follow it to get your password.
Let me give you a basic example to illustrate my point and then let’s dive a little deeper so you can develop your own formula.
Example Formula
Let’s say I’m logging into my banking website and I happen to bank at Green Tree Bank. (This is not a real bank – I do not loan money). An example of a password I might have for this could be: F718#col%16!
If you’re thinking “How in the actual hell did he come up with that?” then I’ve created a decent password. I’ve actually used a pretty simple formula for this one – it might sound like a lot at first but read it twice and it will make sense.
Keep in mind this is just an example – your formula can be anything you want, this is just one I’ve made up for this example.
The first letter pertains to the type of account I’m accessing. Since this is a bank, I used F for “financial.” You could use “S” for social or “G” for gaming, “E” for education, etc. Note that I used a capital letter here.
Next, I took the first two letters of the name of the company, “Green Tree” in this example, which happened to be “G” and “R.” G is the 7th letter of the alphabet and “R” is the 18th letter (If counted wrong let me know. I’m a Communication major, not a Math major) and put them next to each other to get 718.
After that, I added a symbol: the pound or “hashtag” for all you millennials out there.
These kids and their selfies.
Following the symbol, I used a specific string of letters. This string can be a string you memorize and use in all of your passwords provided it’s not an actual word. In my example, it happens to be the first 3 letters of the city I was born in (all lower case).
Feel free to do whatever you want here. An example of a string you could use that would be easy to remember could be Feel free to do whatever you want here.
An example of a string you could use that would be easy to remember could be 6yhn – if you look at the keyboard, you’ll see that these keys line up in a row from top to bottom. This is totally up to you.
Some might argue a common string is a little too obvious but it adds additional characters and it’s right in the middle of the password so I’m OK with it. This gave us the “col” portion.
Next, I added in another symbol, the percent symbol (%).
Finally, I added up the numbers from step 2 and added an exclamation point to the end.
Our numbers from step 2 were 718 so 7 + 1 = 8 + 8 = 16. Plus an exclamation point gives us 16!
This formula gave us a password that is 12 characters and is classified as “very strong” according to passwordmeter.com. Read through the formula again now that you’ve read through it once and you’ll see it’s actually not too hard to remember.
Now, let’s use this same formula on another website and see how much different the resulting password is.
If we followed the same formula above and used it to create a Facebook account, we would get S61#col%7!
S for a social account. 61 because “F” and “A” (from “Facebook”) are the 6th letter and 1st letters of the alphabet, respectively. Add in our “#” symbol, followed by our standard string, “col” in our example.
Our second symbol is “%” and then we add the numbers from step 2 (6 + 1) which gives us 7. Tack on our third symbol, the “!” gives us S61#col%7!
I ran S61#col%7! through passwordmeter.com and got a score of 100% – very strong, despite this password being a bit shorter than I’d like but again, this is just a basic example.
Also, I should point out that it would be a good idea to make your standard string (if you choose to use one) variations of capital letters and lowercase letters instead of all caps or all lowercase. For example, “CoL” or “cOL”, just to increase security.
Again, this is a pretty simplistic formula but it still provides extremely strong passwords. Feel free to really expand on this and build your own formula you can remember and go crazy. Before you do, though, let’s go over a few guidelines to keep in mind.
Formula Guidelines
The formula can really be as simple or complex as you’re comfortable with. The only guidelines are that:
The formula must always work and be specific
Your formula must always work. This means your formula can’t contain something like “take the first letter of each of the first 3 words and do whatever with them” because not every account is going to have 3 words, for example, Facebook, Google, Yahoo, EBay, etc. That’s why I stuck to using the first 2 letters only.
It needs to be specific, meaning that the steps can’t be open to interpretation. You need to know exactly what you need to do to use the formula. If you’re using the first two letters of the URL instead of the first two letters of the business name then specify that and stick with it. Using one or the other could give you completely different results.
The formula must not be obvious if someone sees one or two passwords
Our example above was rather simple but still produced relatively different passwords. With enough time I’m sure someone could figure out what the heck we’re doing but the reality is that likely no one is going to take the time to solve your password formula.
If they get ahold of your password they’re going to try it on every account they can find for you and if it fails, they will move on.
The formula must be easy enough to remember
If you can’t remember the formula then it’s not doing you much good.
Take some time to memorize it. If you can memorize a solid formula you will have access to any account you open without ever wasting time trying to remember your password or having to reset it.
The formula must output a password that meets generally accepted minimum requirements
There are a few accepted minimum requirements all passwords should meet. A good password:
- has at least 12 – 14 Characters (more is better)
- includes Numbers, Symbols, Capital Letters, and Lower-Case Letters. Use a mix of different types of characters to make the password harder to crack.
- doesn’t include dictionary words or combinations of dictionary words. Always always always avoid using actual words, even combinations of actual words.
Conclusion
Now that I’ve helped you free up all of this extra brainpower you were hopelessly spending trying to remember your passwords, use it to create a super awesome formula.
Also, I just wanted to reiterate again, I don’t do loans and those are not my actual passwords. If you have any ideas, suggestions, concerns, alternatives, hit me with them in the comments section!