Safe and secure passwords don’t have to be forgettable or require an app
I will preface this with what I’m going to discuss here is relatively safe passwords that you can always remember – ones that a script or a bot is not going to get and then be able to go to hundreds of sites to test in a couple of seconds to see if you used the same password for your Larry’s Pizza Rewards program as you did for your Ring or Nest equipment.
These will be unique, you’ll remember them with no issues, and no app will be required to log in. That said, bank, primary email address, use something else. Add multi-factor authentication.
‘Tis the season lazy reporters claim a family that used “password123” on every single website had their Ring or Nest account “hacked”. These days using the same password across different websites is a guarantee that eventually it will get found and reused.
Bu trying to remember 56_e#792haL as a password here, and hGl7$11k863_p there is complicated. There are apps for that, like Chrome’s password manager, and probably six trillion browser/app combos out there. But do you need them? Will you have them with you when you’re at the inlaws this Christmas working on their Best-of-2003 Windows 7 machine? Probably not.
Did you really need a password that strong for a forum?
Lock it down
First off, you’re going to secure your primary email with a password that’s personal, not your name and birthdate, but can be remembered. Then you’re going to secure your primary account with second factor authentication. You always need one or two secure passwords, no getting around this.
Anything that can drain your money or talk to your kids do not use an easy to guess password.
I don’t need all this
Beyond this you’ve probably discovered you’re being required to sign up for accounts when you want an NVIDIA Driver, when you want to order a pizza, when you want to comment on a forum, when you want to see the price of an item. This is why people use the same damned password over and over again for things they don’t care about, and eventually (unfortunately,) for things they do.
Then it gets stolen because Larry’s Pizza Loyalty Rewards was coded by Larry’s nephew who didn’t encrypt the passwords when storing them and left a database open to the public, now like me you’re locked out of Reddit because you used a password that got compromised and don’t have access to the email you signed up with years ago…
Script kiddie runs it through 8000 or so websites to attempt to log in using compromised password and then gets a list of everything you’ve used the same password on. Bam! You find yourself featured on a prank VLOG as people play air raid sirens through your Nest.
Making memorable unique passwords
We’ll start with a scheme to create a password a script or bot isn’t going to get. For the example below we’re going to define something we’ll remember as “not important,” “no cash value” and say that the website is Pocketables.
5h18 – we’ll say that’s a part of the password we’re going to use for not important. You get hacked there, you’re not out big money. This is a site where you post something spammy it’s getting deleted but you’re not out money.
We’ll use c0o1 for somewhat more important but not your bank. Use your own, you only need to remember two of them. You’ll want it a minimum of four characters probably. I’d say get your upper/lowercase requirements for a password out here.
Next we’re going to have two special characters and a couple of numbers [email protected] I don’t know, maybe your mom’s birthday but instead the special characters that correspond to it EG: 06/29 would be )^@( or perhaps 0^2( pressing shift alternating. Make it something you can remember.
We’ve got two pieces of info, now throw in a third. You can use some of the text from the website name for easy access… let’s say first four characters of the website name.
Put them all together in whatever order you want and Pocketables, MyBank, Pizza Hut, Zombo, etc become:
Now, if someone has access to enough data breaches of your passwords and really looks into it they’re going to figure out your password scheme. This said, hopefully not more than two of your financial linked accounts will get password hacked.
For more security in the face of multi-password breach, maybe hit the letters to the left or right of the website name… so pizz in pizza hut would be “ouxx” just simply because you can’t go right of P and can’t go left of Z.
I mean, it’s going to be best if you put all financial institutions with their own password, I can’t i good conscience advise anyone to use a scheme such as the above for a bank.
Most strong password requirements want a upper and lowercase, a number and a special character or two. A minimum of 8 characters and the occasional maximum of 12. Aim to check all the boxes.
Indicator text (flagging financial or important) unique to site text (part of the website name, or perhaps the letters next to a part of the website name on a keyboard,)
You can do better
The above was just an example to get you thinking and show that it’s not that difficult to remember passwords. Make it your own. There’s no reason you have to limit your options, and there’s no reason you shouldn’t remember all the passwords to the websites you don’t really feel the need for passwords to.
But why not Password Manager X?
I have some issues trusting all my passwords in one bucket personally. What happens if the bucket gets compromised? What happens if I’m on the inlaw’s Windows 7 computer from hell? What if an app update kills my passwords? What if while trying to fix a bug in Chrome all my password data got reset? What if my Google account got compromised due to a combo of phishing and sim cloning? What happens when malware hits and gets access to my password app?
But mostly because I remember ever password to every site I don’t feel I need a password on, and there’s very little risk someone is going to crack enough websites to figure out my password scheme, and if they do that’s going to allow them to post some spam and that’s about it.