The key to living a more secure digital life.  How not to use the same password twice.

My wife thought I was crazy; or a genius, or both, when I started using 15 to 18 character passwords for my different online accounts – and having each one unique.  She was lovingly convinced something had cracked deep inside my geekified brain.  For one, how could I possibly remember that long list of letters, numbers and symbols, much less having each one different from the other. Photograph of a pile of old keys.

Since most of my background and experience is in technology, and with the core of my business revolving around tech in one way or another, I thought I’d share my secret for how you can drastically reduce your vulnerability to having your password hacked, and if anyone happens to get into one account, they’re less likely to get into any others.

This will require some memorization at first, but after you write it down and use it for a few days or weeks, you’ll be able to shred that little note and be one step closer to living a hack-free life.  Now, this won’t protect you if the company itself gets hacked (such as Yahoo’s database of some billion-odd users), or that your bright young nephew wouldn’t be able to figure out your other passwords with a bit of trial and error.  But it’ll be a good starting place to help you sleep a little better at night.

 

The two main parts of your new secure password:

The Common Key

A Unique Identifier

So, grab a piece of paper and lets get to work!  Let’s look at each one of these separately.

First, the Key.

Let’s set a goal of coming up with 10 different characters. They need to include one or more of the following:

  • Letters, both UPPER and lower case,
  • Symbols, such as ! ( ) { } _ and a few others.  For a list of typically legal characters check out IBM’s list here.  Some websites will allow additional characters, but they shouldn’t be a part of your “key.”  You want it to be consistent so it’s easier to remember.  Also, some banks may limit the passwords to only 8 characters in total. So, you’re going to have to be flexible and maybe have situations where you leave off certain characters at the end.
  • Numbers.

Although it’s been said 1,000 times before (but you may not have listened!), do not use names, special dates, favorite colors, or any other complete word that can be guessed by a human or computer algorithm.  Hackers use computer programs that can be compared to a spell checker in Microsoft Word.  In a thousandth of a second your password can be interrogated against a library of common words, phrases and number sets.  This is the one time you don’t want to use proper grammar.

STEP 1:

So, grab your pencil and let’s play 20 questions!  Think of:

  • an animal,
  • a vegetable,
  • and a mineral.

Write these down on your paper.  For an example I’m going to use a frog, carrots and iron.

STEP 2:

Let’s pull 10 characters out of these three words (as I mentioned, my key is 14 characters).  I’m going to choose:

  • fro
  • rots
  • iro

I ended up with “frorotsiro” which is weird enough for me.

STEP 3:

Now we need to add some numbers and upper case characters.  A common practice is to substitute zeros for the O’s and 1’s for the I’s.  I’ll also make the t and the s upper case.  Now I have fr0r0TSir0.  That’s getting pretty “strong” as they call it in the online security world.  No spell checker-type algorithm is going to guess that in any language.

STEP 4:

We still haven’t used a symbol.  Another common practice is to use an ! in place of an i.  Without getting any more complicated, my password key has become fr0r0TS!r0.  That’s a strong key.  Let’s move on to the unique identifier.

 

The Unique Identifier Makes Every Login Different!

This is the easy part, and it assumes that the website will allow more than 10 characters because we need to add a couple that will be super easy to remember.  Feel free to make this more difficult than my example, but you’ll get the idea, and hopefully come up with your own take on it.  This being so easy it also creates the “nephew” vulnerability I mentioned earlier.  If someone knows your key, they might be able to figure out this second part.

Let’s take Facebook as an example.  And this part involves your unique brain, and how you think.  When you first look at Facebook at the top of their login page, what 2 letters jump out at you first, if you were to only pick two?  Fa, maybe?  Or Fb?  For simplicity sake, let’s take the first letter of each syllable in the word, f and b.  If we were to add those two letters to the end of our key, I would have fr0r0TS!r0fb.  If I just took a few minutes to remember the unusual key we developed (or a few days with it written down), all I would really have to remember when I was logging into Facebook would be fb.  Just 2 letters.  So, you could almost say that this was the simplest password in the world.  Your password for Facebook was fb.

Now let’s do another, and this is where you have to rely on how your brain works.  If we looked at Twitter, using your own rule of looking at words, what 2 letters might you take from Twitter?  The first two letters you would ALWAYS think of under normal conditions?  This is important for guessing your own password, which you’ll have to do a lot of the time.  For me I think of tw.  You could use them both as lower case, or Tw, or TW, whatever you choose to do EVERY time.  Stay consistent as you develop these strong and unique passwords.  Take note of the things you will do every time, and what letters “you” would choose if it was your first time coming up with a password for Twitter, as in this example.  Assuming it is tw in lower case, the password for Twitter would be fr0r0TS!r0tw.

One more example, and I’ll think you’ll have it.  Netflix.  Let’s make your Netflix login simple and unique.  When you first look at the word Netflix, what 2 letters jump right out at you?  Ne?  nf?  Nx?  Maybe you’ve chosen to always take the first and last letters, or upper case the first two letters.  Whatever you are choosing right now, keep with it.

Summary

If you’ve followed these steps, congratulations!  You now have a super strong password, that’s easy to use (after a short while), and easy to remember once you memorize the key you created.  You can now brag to your friends that you have a 12 – 15 character password that is different for every online service and login you use!  I can only imagine what you come up with for Hulu, Pinterest, Google, Apple, Yahoo!, Outlook, Cox, HBO, LinkedIn, Amazon, YouTube, Instagram, Reddit, eBay, Microsoft, PayPal… and the list goes on.  You’ll need to trust yourself.  What would you use if you were creating the password for the first time?  You may have to reset your password a few times before you get the hang of it, but you have now become your very own best strong password generator, and you should be proud!

Enjoy your surfing!