I can’t tell you how many times I’ve had a new client give me a password that made me cringe. No, it wasn’t something as bad as “tommysgirl” (which was a friend’s old password that made me cringe for reasons other than security). But easily guessable words like names of children or past pets, well-known interests (“metsfan1996”), or birthdates are so spectacularly insecure (take the double meaning as you wish) that it’s practically begging hackers to steal your data.
This month’s task should take you less than an hour to create your personal password logarithms. The time to update the actual passwords depends on how many sites you subscribe to.
Creating Secure Passwords
Creating secure passwords is pretty darn easy. The key elements are having a letter, a numeral, one capital letter, and, if the site allows it, another character such as *, $, !, or ?. With these elements, it’s really easy to create a secure, easily memorable password that is hard to crack.
Let’s take myself, for example. Everyone who knows me knows that I have a particular fixation with Depeche Mode. So choosing “depechemode1992” isn’t exactly hacker-proof. However, if I take a little-known fact about them, such as I first saw them live in 1988, I can use the following sentence as the basis of my password: “My first Depeche Mode concert was back in 1988!” I then take the first letters of each word: MfDMcwbi1988! Now, who the heck is going to guess that? (For all you hackers, none of my passwords have anything remotely to do with Depeche Mode.)
Of course, should a hacker get ahold of your password and you use it for multiple sites, bad things can happen. There are two other variations I add to my passwords: site importance, site name. By site importance, I mean, how upset would I be if someone got my password? If someone hacked my Goodreads account and began to add Stephenie Meyer titles to my “to read” list, yes, I’d be miffed. But it wouldn’t shatter my world. So that’s a level 1 site. Level 2 is something that would make me embarrassed. If someone hacked my LinkedIn account and started telling all my business contacts that I actually read the entire Twilight series (I did, and I’m not proud of it), I’d be mortified. So, I want a stronger password for those sites. Then there are the sites that, if compromised, would cause me as much, if not more, grief than if I’d lost my wallet. Those are my bank accounts and shopping sites. For those, I want the most secure passwords.
So, each of my levels has a different base password, MfDMcwbi1988!, for example. So, three different base passwords. Then each of those has a different pattern based on the website itself. For level 1, for example, I might use the first letter of the website (A for Amazon) and place it in the first location. My base password for level 1 sites then becomes aMfDMcwbi1988!. For level 2, I might take the first three letters of the website, thereby making it less likely that I’ll duplicate a password. Thus, my base password for Amazon, if I consider it a level 2 site, would become amaMfDMcwbi1988!. For level 3, maybe I mix things up a bit and choose the first two letters and the last. So, using Amazon again as an example, my password would be amnMfDMcwbi1988!. Maybe I capitalize the trigger letter(s), maybe I don’t. The pattern is all up to you. These patterns are just examples.
But you can see how this makes it much harder for a hacker to get into your private info. And if they do get into one site, they won’t have access to all of them, even with the base password. You, however, know the formula and can easily calculate the password even if you don’t know it off the top of your head, because all you’re remembering for each password is:
- Base password phrase
- Password-level pattern
Are these passwords bulletproof? No, but no password truly is, at least not at its basic level. You still have to make sure you don’t log into important sites from public locations and other places where your information can be easily stolen. But at least it’s better than having a hacker simply guess that your password is “fluffy2013.” That’s downright embarrassing.
Storing Your Passwords
Now, let’s say you can’t remember what level password you’ve chosen for Chipotle. It’s a site that might have your credit card info stored, so it might be level 2. However, perhaps it’s level 1, because who the heck is going to hack Chipotle? (Hey, you never know.) So, you create passwords for your passwords. Using my Depeche Mode example, I create a reminder for myself that only I would understand. In this case, I first saw Depeche Mode at Jones Beach Amphitheater (back when it was called that), so I might make my reminder “Jones Beach band.” Now, I’ve seen dozens of bands at the venue formerly known as Jones Beach, but a hacker will have a hard time knowing which one I’m referring to.
So, in my Yahoo bookmarks (which I used to use for storing my passwords), I would bookmark Amazon and put “level 2” in the notes section. If for some reason I had to modify the password (the site doesn’t accept more than 8 characters or isn’t case sensitive), I can modify the note: 2 – up. This means it’s a level 2 password with capitalization.
I know this sounds like a lot to remember, but it gets easier as you use it more often. You’re only remembering three basic rules: basic password phrases, password-level pattern, and password clues. When you go to Starbucks and order your non-fat venti mocha latte, hold the whip, with almond milk, you have to remember a heck of a lot more information. And that’s for coffee. You owe it to yourself to memorize your three password must-haves.