Use a Formula to Create Unique and Secure Passwords
Are you using the same password for multiple sites? Please read this article to determine if creating a simple formula may help you create unique and secure passwords for each of your accounts.
You know that we should create unique passwords for each account, but with so many to maintain, how can you do it and not drive yourself crazy? One solution is to use a password formula. Instead of trying to remember hundreds of passwords, you remember one formula to translate the website address (URL) into a unique password.
Reusing passwords on multiple sites, especially important sites, puts you at significant risk! It can lead to loss of account access, lost funds and identity theft! Yes, it is *that* dangerous!
Let me give you a simplistic example to illustrate the process. Let’s say I want to create passwords for the websites listed in the first column below. Using the formula shown in the middle, you would end up with the passwords in the third column. By memorizing just this formula, I can easily generate the password required for any website.
|www.gmail.com||> Take my favorite color: Blue
> Add the number “4”
> Add the first 3 characters of the website domain
Note: this is a simple example to illustrate formulas and is not recommended for actual use.
Part of the password will never change. In the example above, all of your passwords would start with “Blue4”. The last three characters would make most passwords unique. I say “most” because more than one website may start with the same first three letters, and also because you may have more than one account with the same domain (or sub-website). This means that this simple formula does not always produce truly unique passwords, but a more complex formula will produce better passwords.
Some questions you may have about this approach:
If someone gains access to one of my passwords, couldn’t they figure out my formula and generate all of my other passwords?
If you create a simple formula, probably. But two factors are in your favor: 1) You want to come up with a complex enough formula which doesn’t make it that easy to identify the formula from any given password (see more realistic examples below); 2) Most hacking these days is done by computer programs which aren’t programmed to dissect passwords. If they have one of your passwords from one site, they will just try it “as is” on many other sites.
Don’t different websites set different requirements for their passwords?
Yes. This can present a problem when creating a formula. I have found that using the following restrictions allows me to abide by the requirements of *most* websites:
- Make the password between 12 and 16 characters long
- Don’t use punctuation (too may websites limit the punctuation you can use)
- Don’t use spaces
- Use all three of: upper case, lower case and numbers.
- Don’t include your user ID, first or last name.
Some practical examples:
> Take the first vowel of the domain name and enter it is upper case (if there is no vowel, use “Z” instead)
> Enter the number of characters in the domain name (count the characters). Enter it using three digits (5 is expressed as “005”)
> Enter the first letters of a memorable phrase. For instance: “What a piece of work is a man” = Wapowiam
> Enter your Mother’s birthday (i.e. 06/12/1960 = 06121960
> Take the last four characters of the domain and spell them backwards (duplicate the first one if there are less than three characters in the domain name)
> Enter a code to determine what category this website falls into: (W) Work, (F) Financial/Bank, (P) Personal, etc.
> Enter the name of your favorite Star Wars Character (i.e. Luke)
> Enter the name of your favorite pet (i.e. Rexxy)
> Enter the capitalized first 6 consonant characters of the domain (if less than 6 consonants, then duplicate the last one)
> Enter the last 4 digits of your telephone number (i.e. 7466
|www.gmail.com||RexxyGMLLLL7466 (note the duplicated last consonant)|
> Enter your street address (i.e. 23)
> Enter the second through 5th characters of the URL interspersed with a number (if there are fewer than 5 characters in the URL, then replace the “missing” characters with “X”)
– The number represents the number of letters in the URL. If there are more than 9 letters, then drop the first digit (i.e. for 12 letters, use “2”)
> Enter the city in which you were born
Some more thoughts:
- Please do *not* use any of the formulas listed in this article. Use them as foundations to create your own.
- Make the formula complex enough to produce secure passwords.
- Make sure that the formula can accommodate all types of URLs. For instance, note that the formula in example three has an exception rule in case the domain does not contain 6 consonants.
- To resolve the problem that some websites don’t allow punctuation and some require it (a classic Catch-22 situation), you could make a variation of your formula with a single punctuation character. That way when you are logging into a site, if your “regularly” generated password doesn’t work, try the variation with the punctuation character. (i.e. in the simple example above, if Blue4twi doesn’t work, then perhaps Twitter requires a punctuation character so try your variation of putting a”#” at the beginning to make #Blue4twi).
- If, sometime in the future, you want to change your formula (i.e. you wrote it down and someone else read it), you can just modify the formula instead of starting from scratch. For instance, you could just add a character to the end.
If you have questions about this, please let us know and we will be happy to assist you.