How to be master of passwords in 2017 (Good, Better & Best)
We’ve all been there. Where? The “Forgot my password?” page at the bottom of what feels like every single web and app you have. So, just like you do on every login form, let’s forget all the apps and professional solutions for a minute and get right to the basics.
Is there a way to do it efficiently and securely without apps? Yes
Why do you need a different password for different sites anyway? If one site is hacked then every other account you use that password for on any other website is now at extreme risk.
Is there a way also for businesses and teams? Yes
What about different staff with different responsibilities? Yes, with a simple security clearance style system.
Let’s talk about my friend Joe. Joe normally uses the password “zack2015” which represents his sons name and the year his son was born. Great. On some websites he has to use “Zack2015” (with the capital Z) for things that are more secure like banks, etc. Great. He had a daughter recently named sophia and new websites that require even more advanced passwords are now “PrincessSophia2017”. Obviously you can see how the confusion begins as more and more online services are created and you need to sign up to loads of them for personal or work and you can’t remember which child was born when you signed up to some new online casino.
A good solution for Joe is to pick one memorable word (or even better a phrase) and adapt it to each service he needs to authenticate on for instance:
Can you see the pattern? A from Amazon is the first letter of the alphabet, F (6th letter of alphabet) for Facebook, Twitter begins with the letter T so that would be 20 as it’s the 20th letter of alphabet.
Got that so far? Simple, right?
A better solution for Joe would be to not make the passwords as predictable in case he accidentally exposed his password to would be hackers. An easy way would be to use a similar system but if the website letter begins with J and above then split the numbers up to start with the first digit and end with the 2nd digit.
This could be further varied with other patterns, perhaps by repeating the 1st digit number if it’s below the letter J (10):
Other ideas could include putting the letter of the website at the end of the password (or at the beginning) but remember most passwords require you need a number in it so would need to be adapted a little to something like:
|Youtube||(or variation) Y25ilovemykids|
Despite still being able to see patterns (which is an obvious security risk) if you follow any system so far you are still doing way better now than what most people do.
The best solution for Joe without any third party apps or tools assistance would be to increase the strength in his root word: (in this case) ilovemykids. Adding an exclamation mark or making it a phrase (phrases are easier to remember than alphanumeric combinations) like the name of the street you grew up on and the make of your first car and what time of the day you were born like:
|Youtube||(or variation) 25!OxfordFord0801|
How much more difficult is it now to see or figure out any patterns compared to before? And how easy is it already, never mind a couple of weeks later when you are really used to it and all you will need to remember is what number is associated to each website.
Keep an eye out for the next article in this series where we will talk about how to integrate it to work place teams as well as a review of all the apps and services that claim to make this even easier and more secure.