Security experts advise four things about passwords:
First, use a different password for each account. If you have accounts on thirty web sites, all with the same password, and someone hacks one of the sites, the hacker now has your password, which lets him in to your other 29 accounts. If one of those is your bank account, bye-bye. Therefore, keep separate passwords for each account.
Second, your passwords must be a random mix of upper and lower case letters and numbers. Why random? So that you won’t select the name of your spouse, or pet, or favorite croquet team.
But what about words that have no connection to you that’s apparent. Like “apparent”? This is also a no-no,even if you sex it up into something like “apPar3nt,”. Why? Because hackers often use dictionaries in searching for passwords that look like words. There are even some sites that won’t accept this as a password because it is based on a word.
Third, never write your passwords down. You could lose the paper or someone else could “find” it. And if you enter them in a file on your computer and you’re hacked, bye-bye.
Fourth, change your passwords frequently, so that if one is cracked, it will soon be changed.
Now, I don’t know about you, but for those of us who aren’t memory prodigies, this advice is impossible to follow, so many people take the easy way out and just use “password” (or maybe “passw0rd”).
Here’s a simple system to generate secure passwords and keep track of them. It requires a set of transformation rules, and, for each password, a root.
The root is a mnemonic based on the first eight words of a paragraph from any text that you might have on-line. Here, I’ll use a novel. The first paragraph starts, “The Grand Canyon in late March was a bleak place.” The first eight words form the mnemonic “tgcilmwa.”
Here is a sample set of transformation rules:
- The first character of a password is a lower case letter.
- The vowels, a, e, i, o, u, and y become the numbers one to six.
- The consonants in the first half of the alphabet, b to m, are lower case.
- The consonants in the second half of the alphabet, n to z, are upper case.
Using these rules, the mnemonic “tgcilmwa” becomes the password “tgc3lmW1” where the first “l” is a letter, the second is a one.
Do you need another password? Then go the second paragraph, which starts “The total peace was broken around 10:45 when.” The mnemonic is “ttpwbatw” and the password becomes “tTPWb1TW.”
How do you remember which password goes with which account? Write down the account and your user id, then the page and paragraph number of the root. The notation for the two passwords we created would be 1-1 and 1-2. Of course, never identify the document you’re using.
With this system, you can create an endless supply of passwords and keep track of which ones you used for which accounts.