Security and password choosing should be one of user’s main concerns. Unfortunately, password choosing is a painful procedure which occurs very often. Moreover, based on a latest study, 38% of users prefer to clean a toilet than think of a new password! Thus, a lot of users end up using the same password, in more than one web site.
1/ It is essential to keep separate and secure passwords for every web site you use.
2/ It is impossible to memorize as many passwords as the websites we keep accounts to.
3/ There are some tools (i.e. password managers, browser plugins) that help you solve this problem, but having a new tool adds complexity to your daily tasks and habits.
3. Memorize one password – that’s enough
Clearly the problem starts when we have to manage (or memorize) more than one password. This becomes more painful if the passwords are hard-to-guess. However, there is a simple way to overcome this problem. We only need to memorize one password and one simple proceudre. Having those two ingredients, it can be guaranteed in high percentage* that we will use different passwords for every web site we use without the need for an external tool.
*This percentage depends strongly on the simple procedure mentioned above. We can define types of procedures that result in reaching a percentage near 100%.
4. How to do it
Sit down and think of a secure password. Don’t wait for a registration form to popup, it will become painful. If this is hard, just use a password generator.
In general your password should have the following characteristics:
- At least one capital and one lower case letter
- At least one symbol (i.e. #, $, ^)
- At least one digit
- Length higher than 5 characters
4.1 Let’s get our hands dirty
Reaching this point means that you have your secure password. Let’s call this the matrix password. You need to memorize your matrix password.
It’s time to create a method. The method will apply some rules on the password and will produce a modified version of the matrix password. This will be the final version of the password and we are going to use it when subscribing. The method is something that needs to be defined by us and needs to be kept secret. Its secrecy is equally important as the password’s.
Find below some examples of how the method is defined and applied to our password.
4.1.1 Example1 (graphic example)
For the examples, we assume that our matrix password is: ff$$12Tr0
Method: Add the first and third letter of the web site’s name after the first letter of the matrix password.
Let’s use a more complicated method.
Method: Add the first and second letter of the web site’s name after the first letter of the matrix password; add the last letter of the web site’s name to the end of the matrix password:
Let’s generate the passwords:
Web site: amazon
Final password for amazon account: famf$$12Tr0n
Web site: google
Final password for google account: fgof$$12Tr0e
Web site: facebook
Final password for facebook account: ffaf$$12Tr0k
As shown in the table above, the all generated passwords are slightly different. If one password is compromised, it is quite hard to uncover the method and apply it reversely in order to generate the matrix password.
“In general it is good idea to use two different methods. The first will be the main method which is going to be used in all web sites while the second one will be used in case you are forced to change your password (i.e. by the web site itself – the case of an expired password).”
In summary, 38% of people hate the idea of thinking a new password. Just ask yourself and you will probably get the same answer. Using the procedure described in this article, it not necessary anymore to think of new passwords. You will need just one, so make sure this is a secure one.