Many of you know that my website was hacked last week. My webhost suggested that I change all of my passwords as a precaution against further hacks. This pushed me to take a step that I’ve been considering for some time. I’ve been thinking about a way I could create a custom password for each site I use that is also easy to remember.
I’ve had this idea for a while and yet I didn’t think it was urgent, so I never invested the time to flesh out my plan. Now I have my plan and I’m updating my passwords as I use sites. I thought you might want to know the strategy behind my custom yet easy to remember password strategy.
Strong Password Components
There are several things you should include to make a strong password.
- Use a combination of upper and lower case letters.
- Including letters and numbers.
- Don’t use your name, family member names, or pet names.
- Don’t use your birthday, family member birthdays, anniversaries, or other dates people can link to you.
- Don’t use words that are found in the dictionary or or the word “password.”
Some computer security resources encourage you to include symbols, but some sites don’t allow symbols in a password. Also, there is no standard password length generally accepted.
My Password Components
I set out to create 12 character passwords that were unique to each login and yet easy to remember. I do this by stringing together components and developing a few standard descriptions.
In general, my password strategy works like this:
P P P P U U U T D D D D
- PPPP = a quote or phrase. For example: “Be the Change You want to see in the world.”
- UUU = a use code that tells whether I use the site/account for personal (PER=737) or for my company (COM=266). I created these three character codes and converted them to numbers using the telephone keypad.
- T = a site/account type (E=email, S=site (general), F=financial, C=client, B=blog, etc). I came up with a short list of these site/account types.
- DDDD = account description is the name of the site (unique for each site).
Using this strategy, I would create the following passwords:
- For my Paypal account: BtCY266fPAYP
- For my personal Yahoo email account: BtCY737eYAHO
- For my business Yahoo email account: BtCY266eYAHO
- For my personal Gmail email account: BtCY737eGMAI
- For my business Gmail email account: BtCY266eGMAI
- For my webhost account for my art blog: BtCY737bLAUG
I call these my Gandhi series passwords (the author of the quote). At some point in the future, I may change my passwords and I will use a different quote, perhaps one by Rumi, and I’ll call those my Rumi series passwords.
Obviously, these are not the exact passwords I use for my accounts. I’ve given you these examples to see how I pieced together the components to create unique passwords.
If you have a situation where you are required to change your passwords regularly, you can add a password component to include the month.
- Add a single letter to identify the month (taking into account months that start with the same letter).
- Add two numbers to identify the month (01-12)
Insert this password component at any point in your password strategy.
Before you jump in, think about these additional ideas.
- Don’t use my strategy exactly. Create your own components, mix up the order of the components, and come up with your own use codes and account types. Use my strategy to inspire you. The little bit of time you invest to develop your own strategy can save you days of work and much heartache in the future because of a hacked account.
- Use a different password series for home and work. Even though you have a custom password for each site, it is a good idea to create a different password series for your personal accounts and the ones you use at work. I also have a different series for each client that I use to access their networks and software.
- Don’t write down your password strategy (component breakout). Commit your password components and the order you use them to memory. Don’t share your strategy with anyone, and don’t write it down where someone could find it and use it against you.
Your turn: Do you have a smart password system that you want to share with us (in general terms)? Here’s your chance to help others.