A while back I had been getting nervous about all the websites where I had to enter passwords. What I was nervous about was the fact that I was using the same password on almost all of them. This always bothered me but I never did anything about it.
Then one day when I was talking to a friend who is a security guru at RIT
, I realized how easy it would be for someone to hack into a sensitive account and totally break the bank. For instance, I might give my password to a small time business who then has access to that password in their database. How easy would it be for someone on staff there to snag that password and try it out on my eBay, Paypal, or Amazon accounts. For that matter, any online store that has my credit card information saved would be fair game!
Thankfully, I decided to learn my lesson the EASY way, instead of the HARD way. I instituted a new system for passwords that is working well for me and doesn’t require me to memorize more than one password. I recommend you try it out too.
Note: it will sound somewhat complicated at first. However, I guarantee that once you’ve learned how to do it, you’ll remember it AND be safe.
Tactical Tip: Internet Passwords
Here’s what you do:
The following suggestion will be applicable to probably 95% of the passwords that you use. Most secure passwords require at least 8 characters and must also include letters, numbers, upper case, lower case, and a special character.
- Define a Core Password:Define a password that you can easily memorize that is six characters long and includes at least one number and one special character like a question mark, hyphen, or period. Now, for every website you go to these six characters will be six of 8 characters in the password. Just memorize them and the next step and you’ll be all set. Example: You might pick r7.ite as your core password.
- Define a Special Rule:Next, create a rule that only you know that incorporates the site name into your password. For example, you may choose to use the first two letters of the site name or site web address – or the first and third letters, etc. and add them to the beginning, middle, or end of your predefined password. Example: Let’s say you choose to use the first two characters of a website and you will place it at the beginning of your core password. So you’re Google password (www.google.com) might look like this: gor7.ite.
- Capitalize a Character in the Special Rule:Finally, capitalize one letter in your special rule. This will add additional security to your overall password. Example: Now I will choose to capitalize the second letter in the website I am visiting. Here is what it would look like: gOr7.ite.
- More Examples: Here are a few more examples using this rule: (1) www.amazon.com = aMr7.ite. (2) www.paypal.com = pAr7.ite. (3) www.twitter.com = tWr7.ite.
Now, every once in a while you’ll run across a website that requires you to change your password every 6 – 12 months. For example, your financial institution may require this. One goal of this Tactical Tip is that you don’t have to rely on your memory anymore. So you’ll need an additional rule that you can use in these unique cases. Unfortunately, you will need to find a way to remind yourself that this particular website password will be different than the rest. I recommend you put the year of the reset into the password. Example: Let’s say it’s the year 2012 and the website is www.hsbc.com. Your password might be hSr7.ite12.
The Three Time Reset Rule:
Any website worth going to will give you the option of recovering your password if you’ve forgotten it. I strongly recommend you click the button to reset or recover your password after your SECOND failed attempt. Many websites will lock you out and require a phone call after three failed attempts.
The Behind the Times Website:
Finally, some websites just won’t stick to the standards. They ask for some odd rule that doesn’t fit the national standards. The other day I ran across a website that wouldn’t allow a special character in the password. After a few choice words, I decided to go back to my ‘old’ password that I used for all my other websites before I instituted this much more secure method. It’s not foolproof, but it sometimes works.
Image compliments of Salvatore Vuono at freedigitalphotos.net