Become a T4L Fan Follow T4L on Twitter Subscribe to T4L Receive Email Updates

January 5, 2009

Password Control in 3 Easy Steps

One of the greatest frustrations I have with the digital world is trying to manage all my passwords for the many online sites I use.

Security experts tell you to create a separate password for each site to reduce the risk of hacking/identity theft, etc. Unfortunately, these experts have a much better opinion of my memory than is actually warranted.

But even if you didn't care about security and decided to just use the same password everywhere, there are a lot of web developers out there that think they're doing you a favor by forcing you to add special characters or mix cases to make your password stronger. Of course, then you forget whether a particular site is the one where you've added a number to the end or started it with a capital letter and there you are, clicking on the "Forgot Your Password?" link yet again. (For some reason, it seems like the sites I visit least regularly have the most stringent requirements, virtually guaranteeing a password reset on each visit...)

However, you can reduce your password problems by following three simple steps.

  • Start by picking a "base" password of 5-7 letters that will be easy for you to remember. For example: "luddite".
  • Make the first character uppercase and add a number to it. While the most obvious choice is to add it to the end of the password, you can also use some numbers to replace characters—for example, a "1" can take the place of an "l" and a "5" can be used for an "s". So if my base is "luddite", it now becomes "Ludd1te".
  • By including these often-required elements from the get-go, you'll quickly get used to the new combination. (Hint: You may want to practice typing your new password a few times before committing to it, just to make sure there are no particularly awkward keystrokes involved.)
  • The next step is one that will make the security folks happy. For each site that requires a password, add a 2- or 3-letter prefix that is tied to the name of the site. For example, my passwords could be "wfLudd1te" for Wells Fargo, "dmvLudd1te" for the Department of Motor Vehicles, and "faLudd1te" for Facebook.

Now you have a system that gives you a unique password for each site that meets most security recommendations, while making it much easier to remember.

Of course, like any system, it's not perfect. For example, some sites will insist you use a special character as well (e.g. # or _), while others only allow letters and numbers. So clearly, a single password can't meet both those criteria. Likewise, there are some places that force you to change your password every x months, so that can still cause problems. (However, I've mostly seen the latter practiced by employers for corporate systems rather than for public websites. So if you end up having to constantly bug your firm's tech support, they really have no one to blame but themselves...)

Did this post help you? Share it with others!
  • email
  • Facebook
  • Twitter
  • StumbleUpon
  • Google Bookmarks
  • Digg
  • del.icio.us
  • LinkedIn
  • Reddit
  • Technorati
  • MySpace
  • Posterous
  • NewsVine

Posted in How To, Privacy/Security

Comments

{ 1 comment… read it below or add one }

Charmian Christie January 13, 2009 at 7:59 pm

Great suggestions, Elizabeth! I have posed this question to “experts” many times and this is the BEST answer yet. Thanks so much for addressing this frustrating question.

Leave a Comment

Previous post:

Next post:

Related Posts with Thumbnails