I‘ve seen a couple of posts recently with people discussing various password managers, and I’m a bit suprised. I’ve been using a simple system for years that I figured was pretty common. I have a unique password for every site I visit, and I never forget what it is. I don’t rely on a password manager, so if I jump on a friend’s machine to access the Web, I’m never stuck. Here’s how it works.
1. I start with a short string that I use as the basis for every password–a mix of numbers and letters, but not special characters, since some systems don’t allow them. Let’s say, for the sake of argument, my base string is r7sk9.
2. For every site for which I create a password, I add a unique string derived from the name of the site. If, for example, the site is WordPress, my site string might be “wor”. If you just added those together, you’d have “worr7sk9”. If the site were Bank of America, the password using the same code would be “banr7sk9”.
Simple. But not sufficient if you’re worried about someone unlocking your code, and gaining access to all your accounts. So, you may decide you need some scheme to mix up the code in a way that you still won’t ever forget the code. Fortunately, the choices are endless.
1. You can just mix the site code with your base code by interspersing the letters, so it’s not as obvious if someone ever got one of your passwords. “ban” for bank of america might be a dead giveway. But bra7nsk9 isn’t quite so obvious–I just interspersed the first three letters of the site code into the base code.
2. Instead of using the first few letters of the site for the code, you can use the last few letters backward. Or use the first and last characters. Or some other combination that is not so obvious, but that you can use consistently with every site.
3. Instead of using the actual characters of the site, you can use characters from words that are indicated by the first, or last, letter of the site. IE: A is for apple, B is for banana–so your site code for Amazon might be “app”.
4. If you’re worried about frequently changing your passwords, you can just add a date code into your password. Like “8” in a particular slot if you plan to change your passwords yearly. Or maybe a month code if you want to change it monthly. Whenever you want to change your password, just increment the number. If you’re in the middle of changing all your passwords, and forget what you’ve changed and what you haven’t, no worries, you’re only one number, or one code increment off. You’ll figure it out.
There’s an endless number of schemes you can use to make your code unique for every website you visit, and yet easy for you to never forget. All you have to remember is the formula. A couple of hints:
1. Don’t use special characters. Some sites don’t allow them, and the last thing you want is one scheme for some sites, and another scheme for others, unless of course, you can keep two schemes straight in your head.
2. Try your scheme out with a number of different sites before you commit to it. You may run into trouble if you don’t vet the scheme and then run into a site for which it doesn’t work. The first scheme I tried was tailored for sites with at least two syllables, like Facebook, MySpace, Google. After I commited to it, I started coming across sites with only one syllable, and then I got tripped up. So make a list of 5-10 of the sites you use most often, and make sure your code works consistently in different cases.
3. Come up with a code that has a minimum of 8 characters when you include your site code. While many sites only require six, an increasing number require eight, and again, you want a system that works across all sites.
If you have any additional ideas, I’d love to hear them. As I said, I have a unique password for every site I use, and I never forget it, and never need a reminder.