At this point in the information age, our personal digitals tools, data and valuable resources are often protected by a username and password combination. Maybe this will change in the future but currently, the task of remembering dozens or hundreds of passwords is a challenge.
Many people I know use one, or just a few, passwords for all of their accounts. While easier to manage, the well known problem with this approach is that if someone with malicious intent discovers one of those passwords, it will unlock a long list of your accounts.
I’ve never liked writing down my passwords or using special software to securely organize my passwords because they could be lost, they have to be kept up-to-date and managed, and possibly they could be stolen (which means the thief has access to everything).
The strategy that I use, and one that I shared last week with a teacher and his students, is the approach of using an algorithm so that a unique and strong password can be generated on an as needed basis for any web site you are using. Then, you will only ever need to remember one thing, the algorithm, which is the process of remaking any of your passwords… months or even years into the future.
To illustrate this point, let’s create a very simple algorithm to generate passwords. In this example, the result of each instruction appears in bold after the instruction (we will use an account you might have on google.com in the example below)
- Write in lowercase the first, third and last letter from the unique part of the domain name (in this case the “google” part of google.com):
Password so far: goe
- Count the number of vowels in that unique name and add a zero in the tens column if it is only one digit; write the two digits:
Password so far: goe03
- Take what you have written so far and write it again
Password so far: geo03geo03
That is now your algorithmically created password for your account at google.com. Using the above algorithm, if you had an account on amazon, your password is: aan03aan03. You might be thinking, “I have five Google accounts! They’d all be the same!” In that case, see below.
I wouldn’t recommend the above algorithm. It’s not a very strong password. If you are going to use the algorithm method, you should create an algorithm that builds a very strong password.
Let’s say you want a password that is 10+ characters long, has lowercase and uppercase letters, numbers, and symbols. Again, let’s use the google.com example and say your username/email on that account is email@example.com. Here is an algorithm that produces a strong password according to https://password.kaspersky.com/
- Write in lowercase the first, third and last letter from the unique part of the domain name
Password so far: goe
- Count the number of total number vowels in the that unique name. Find that number on the number pad on your computer keyboard. Push shift and hit that number and the one after to add two symbols (if there are more than 10 vowels, return back to one again)
Password so far: goe#$
- Count the number of vowels in the that unique name and add a zero in the tens column if it is only one digit; write the two digits
Password so far: goe#$03
- Write the first three letters again of the password so far but in reverse order and in uppercase
Password so far: goe#$03EOG
- Take the first three letters of your google username and add to the end
Password so far: goe#$EOG03exa
According to https://password.kaspersky.com/ it will take a bruteforce attack about 33 centuries to crack that password. Not bad…
If anyone figures out, discovers, or somehow steals this password, then they can only get into that account. If they try it with any other account, it won’t work of course because it is unique for that site and account.
Neither of these is close to the algorithm I use… there are lots of ways to look at letters, numbers, keyboard, symbols, and so forth. And it’s fun to make one up that your like and that works for you. Just make sure that it’s not too complicated or else you might not be able to remake the password in your head.
And if remembering a somewhat complicated algorithm seems more daunting than remembering a few passwords, just remember that that is all you will have to remember once you start to use it and after you change the password on your accounts. And, you’ll have a unique and strong password for every site/tool you use.