Your Password SUCKS (a Public Service Announcement)

passwordI get several emails a week from people with accounts that have been hacked simply because the password associated with that account was too simple, or just plain stupid (like “password” or “1234”).  I see posts on Facebook made by user’s friends or family because they guessed a password (or the owner forgot to log out).  I hear horror stories of bank or Paypal accounts being drained or charged for online purchases.  Or worse yet, an identity being outright stolen because of weak security.  And all of this is due to the fact that most people have no idea how to create a strong password.


Since the original posting of this article most websites have realized the fact that people use lazy passwords and now require more secure methods, but this will still help you form a proper core that can be used on any and all of those sites. (And, no, I’m not saying that my post had anything to do with it…)

Usually, even those that have a decent password use the same one for every single account that they have online and for years and years. smh…

So… how exactly does one create an easy to remember but secure password that CAN be used everywhere?

Here’s how:

1.  Pick a word or a phrase that you will remember.  Make it a good one, because you’ll be using it a lot.  For example, we’ll use

applecart  

2.  Make one of the letters capital.  It is second nature to choose the first letter.  Try not to do that. Let’s choose the second “p”, making the new password

apPlecart 

3.  Replace at least one of the letters with a number that looks somewhat similar. For our example, the number “1” looks similar to a lower case “L” and a “3” looks like a backwards “E”, so…

apP13cart

instead of try 
L or i
q
e or E 3
s 5
G 6
L or T 7
g 9
o 0

4.  Finally, add a symbol.  For most sites, any of the symbols that you access with shift above the number row will work: !, @, #, $, %, ^, &, *, (, or ).  The last two can sometimes cause errors with a poorly coded site though, so it is usually best to avoid them.  Your symbol could be added at the beginning, middle or end of your word or phrase, but since we have an “a” or two in ours and it looks similar to the “@” symbol, let’s use that.

@pP13c@rt 

5.  Now, for each time we create a password we will use “@pP13c@rt” as our base.  In fact, it is the only part of the password at any site that you will have to specifically remember.  The rest of the password will come from the site itself.  Let’s say for instance that you have an account at US Bank, one at Best Buy, and a third on Facebook.  For each of these pages, the site itself will be used in your password.  You will simply add the name at the beginning, or end, or (as I prefer) to split it up.  Using the split method, your new password for US Bank is us@pP13c@rtbank, for Best Buy it is best@pP13c@rtbuy, and for Facebook it is face@pP13c@rtbook. (For even more security, you could use the replacement method on one or more of the site letters…)

In this way, you can use the same secure password for everything without actually using the same password for everything, giving you a little extra time to change those that really matter were you to need to do so.

That being said, I have to state for the record that you should change your passwords often, but you won’t (neither do I), so you should at least be using as much security as you can from the start…

This was published in its original form on my Crude Behavior blog back in August of 2012, but I thought it bore a repeat.

π

One thought on “Your Password SUCKS (a Public Service Announcement)

Leave a Reply