We all know the stats – I’ll just make some up because I can’t be bothered Googling tonight – 75% of help desk calls are “I’ve lost my password”, password resets are more common than logins etc. We have to have secure passwords, but
- we can’t store them on line
- or write them down
- each one has to be different
I have dozens of logins. I look after a couple of web servers, 10 – 20 domain names, 10 WordPress installations, I have three bank accounts, a Visa account, and don’t get me started on all the mail lists, retailers, news groups, forums, social media sites and mail accounts. All my logins are different, very strong and easily remembered.
I have a perfect, secure answer to this. All my passwords are 2 or 3 word phrases, often related to the site or service I’m logging into, and I keep a reminder of each one on a small scrap of paper in my wallet. Secure, huh? Let those hackers try to steal that list!
What about a pickpocket?
No problem. All those passwords are strong because I have a secret, memorised system of separating the words using numbers, punctuation and symbols, as well as tossing in a capital or two.
For example, if +5 ? – are the separators, my password has numbers, capitals and punctuation. When I capitalise the last letter of the first word, the password becomes extremely strong. Try it at http://www.passwordmeter.com/ – this combo rates 100%.
“My secret” becomes +5mY?secret- and I write down “secret”
Do not enter becomes +5dO?not-enter and I record no entry
Banks have a separate system where I break up the name of the bank
Westpac becomes +5paC?west- and I don’t write them down
You should balance strength against usability, and think of logging in on your smartphone, and how often you will have to change keyboards to get all the characters you have chosen.
While we’re at it, why not improve the strength of those usernames too. Don’t give a hacker any help at all, and throw in some confusion while you’re at it, if you get a chance.
Oh, and the columns don’t match in the list I carry around. The top two hints arefake, and the bottom two accounts are too, so I have to look three down for the hint for that account. Only I know my system, there’s no hint of it recorded anywhere, and all I have to remember is the word separators and a simple phrase. I also have a shorthand for remembering email logins, but you can take it from here.
And, of course this is not the system I use.