5 Steps To Creating Awesome Passwords
Now, I may be a special kind of geek, but I currently have passwords for Facebook, Twitter, Quora, MyFitnessPal, Gmail, YouTube, Yahoo, a dozen banking and bill-pay websites, my work computer, a multitude of applications, and more that I can’t even recall anymore. If I were to take the time to tally it all up, I have probably somewhere between 30 and 75 passwords to remember!
So how, do I do it you ask? Tracking on paper or in a spreadsheet is just asking for a security nightmare. And sure, there are countless applications and browser plug-ins you could use, but can you trust that those applications aren’t sharing your precious information with its creators? So here are my 5 security tips that will make your passwords more secure and, more importantly, easier to keep track of!
1. Make a good “master password”
Your “master password” should start with something that you will never forget, such as your mother’s maiden name, a favorite book or movie title, or the punchline to a joke. I recommend combining multiple words. For example, let’s build a password based on my HighSchool mascot.
See how I used the capitalization? I kept the capitalization for each of the words used in the mashup, and shortened Luxemburg-Casco. This isn’t something you’re going to find in any dictionary. Don’t forget to put some numbers in there and punctuation if allowed also. I used my graduating year of 03 as a starting point for my password.
2. Use character substitutions
This tip used to be my only line of defense in passwords. The basic concept is to replace parts of your password with numbers or symbols that are easy to remember. Lately this method has come under some scrutiny, as it’s an old trick that some people read just as well as English. You can use some of the old guidelines of leet speak, or make up your own substitutions, just make sure it’s something you’ll remember. I’ll take the password started above, and replace my ‘C’s with ‘(‘, which looks a bit like a ‘C’. I’ll also change my ‘a’s to ‘4’s, an old trick from the leet speak era.
Admittedly, this substitution process can take some getting used to, and I’ve done it differently as well. Perhaps instead of substituting something that looks similar, make a simple typo. I’ve seen complete gibberish passwords made just by typing a normal word, with your fingers on the wrong keys like so:
I personally find these a tad hard to remember, so I’m going to “Undo” that step going forward.
3. Modify your “master password” slightly for each service you use it on.
I know it’s convenient to use the same password for everything, but it’s not safe. What if there were to be a security breach at one of the services you use, and the password that was compromised was the same one you use for your bank? For these purposes, I use a slight modification to the beginning or end of the password that is easy to remember. For example:
Facebook = FB_L(-Sp4rt4ns03
LinkedIn = LI_L(-Sp4rt4ns03
Bank = L(-Sp4rt4ns03BNK
Making Sense? The whole idea is to make the password something easy to remember, but extremely hard to guess. I don’t really need to memorize my password, just the rules required to recreate it.
- When and where did I go to school?
- Replace ‘C’ with ‘(‘.
- Replace ‘a’ with ‘4’.
- What site am I logging in to?
4. Consider using 2-step verification tools
Services, such as Google, Facebook, DropBox, PayPal and many others allow for what is called 2-step verification, which first asks for your password, then sends you a text message, email, or notification on an app or key fob with an additional password. The idea is that a hacker would not only need your password, but also your cellphone to get into your account. There’s even more excellent information at LifeHacker and Google if you are interested in learning more.
5. Create your own rules!
Let’s face it, if everybody follows the exact same set of password security guidelines, eventually hackers will figure out a way to beat us. Be willing to roll with the punches, change your passwords regularly. Change 03 to 04, or use ) instead of (. Get creative, and keep your passwords safe.