I get several emails a week from people with accounts that have been hacked simply because the password associated with that account was too simple, or just plain stupid (like “password” or “1234”). I see posts on Facebook made by user’s friends or family because they guessed a password (or the owner forgot to log out). I hear horror stories of bank or Paypal accounts being drained or charged for online purchases. Or worse yet, an identity being outright stolen because of weak security. And all of this is due to the fact that most people have no idea how to create a strong password.
Usually, even those that have a decent password use the same one for every single account that they have online and for years and years. smh…
So… how exactly does one create an easy to remember but secure password that CAN be used everywhere?
1. Pick a word or a phrase that you will remember. Make it a good one, because you’ll be using it a lot. For example, we’ll use
2. Make one of the letters capital. It is second nature to choose the first letter. Try not to do that. Let’s choose the second “p”, making the new password
3. Replace at least one of the letters with a number that looks somewhat similar. For our example, the number “1” looks similar to a lower case “L” and a “3” looks like a backwards “E”, so…
|L or i||→||1|
|e or E||→||3|
|L or T||→||7|
4. Finally, add a symbol. For most sites, any of the symbols that you access with shift above the number row will work: !, @, #, $, %, ^, &, *, (, or ). The last two can sometimes cause errors with a poorly coded site though, so it is usually best to avoid them. Your symbol could be added at the beginning, middle or end of your word or phrase, but since we have an “a” or two in ours and it looks similar to the “@” symbol, let’s use that.
5. Now, for each time we create a password we will use “@pP13c@rt” as our base. In fact, it is the only part of the password at any site that you will have to specifically remember. The rest of the password will come from the site itself. Let’s say for instance that you have an account at US Bank, one at Best Buy, and a third on Facebook. For each of these pages, the site itself will be used in your password. You will simply add the name at the beginning, or end, or (as I prefer) to split it up. Using the split method, your new password for US Bank is us@pP13c@rtbank, for Best Buy it is best@pP13c@rtbuy, and for Facebook it is face@pP13c@rtbook. (For even more security, you could use the replacement method on one or more of the site letters…)
In this way, you can use the same secure password for everything without actually using the same password for everything, giving you a little extra time to change those that really matter were you to need to do so.
That being said, I have to state for the record that you should change your passwords often, but you won’t (neither do I), so you should at least be using as much security as you can from the start…
This was published in its original form on my Crude Behavior blog back in August of 2012, but I thought it bore a repeat.