The two most common complaints about passwords are:
- They are ALL "too hard to remember"
- There are "too many to remember!"
Most of the time that prevents the average person from coming up with a good secure password and they wind up using "password123" or something just as bad.
I thought mine was secure, but someone in china figured it out years ago and spammed my friends with a "link". That's what got me thinking.
There are two ways of cracking passwords: Computers & Social Engineering.
There will never be a flawless way of storing and keeping passwords. In fact, as long as a person can remember their own password, they are at risk of being duped by social engineering.
So, I can't help you there. Just don't tell anyone your password or parts of your password or what your password is based on.
Over the last three or four years, I have been using what I call a "human based algorithm" to come up with and remember any password on any service at the time I am trying to log into that service. As a matter of fact, using a password tester and inputting a similar password strand with the letters, numbers, and special characters, it would take a desktop PC constantly running code about 2 BILLION to 157 BILLION YEARS to crack my password and I change it every year, so good luck.
1. Pick a short phrase or long word that is easy to remember, super easy
Lets say you love Star Wars and it would be easy for you to remember any Star Wars related. For this example lets use Chewbacca. Its a good long word that is a proper name so you feel that you should capitalize the first letter.
2. Alter it by trading vowels with numbers or consonance with characters or both
Chewbacca = C#3wb4cc4 The Es are 3s and the As are 4s and the H is a # sign.
For more ideas on this checkout internet slang languages like "L33T" converters or translates. However, they are computer generated based on user input, so it is possible for a hacker to upload a dictionary of this "language" and quickly cross check using a computer, so while referencing these languages or neat, try to come up with your own memorable conversion to add numbers and characters to your word or phrase. Maybe instead of a space in the phrase you use % or ~. Make it your own!
3. Add punctuation and characters
Lets say you used the first name of a pair or duo, the special character might be "&" or if you were excited about it you can use an "!", etc. Make it your own and make it unforgettable. For our example, since Chewbacca is usually with Han Solo (Chewbacca & Han Solo), we will use: C#3wb4cc4&. This is our base password for everything.
These days, most passwords have to be over 8 characters with a capital and lowercase letter, a number, and a special character. We have all of the above. HOWEVER, using one password for every website login is a problem. IF they somehow figure it out, they are in everything.
4. Make it Unique for every website
Wait WHAT?! Ha! Not that major. Ok, so we change it, but we change it in a way that you can figure out on the spot and you use the same formula for every website. The formula is something that only YOU know. Here is a simplified version: use the first two letters of the domain name for the website you are at and add them to the front or back of your username:
- For www.Amazon.com you would use "amC#3wb4cc4&" or "C#3wb4cc4&am"
- For www.Facebook.com you would use "faC#3wb4cc4&" or "C#3wb4cc4&fa"
Pretty simple huh? Here are some other more complicated "formulas" to figure out on the spot:
- First 3 letters in the domain that don't appear in your name
- Amazon.com for a girl named Jan would me "mzoC#3wb4cc4&"
- Last 2 letters in the company or brand that are not part of your car's model name, or your mom's name or your birth month etc.
The main point is that you need to be able to look at the website you are on and figure out the additional letters on the beginning or end of your base password.
The only issue with this system is that some websites or services may not allow special characters. Simply alter the password to work for that one site. If special characters were eliminated for Amazon.com, the new password might be "amCh3wb4cc4" instead of "amC#3wb4cc4&". If ask the website to remember you if you are logged into your computer, then you will rarely have to enter it. When you do enter the wrong password, and you know your algorithm and your base password by heart, it will be a "red flag" for you and you will usually remember that the website did not allow special characters or a certain length.
Your Master Password
For your phone, computer, etc etc, create a different password that is similar in nature to your base password, and also easy to remember. Continuing the example above, we might use H4nS0l0* (The * is part of the password and used to note that Han shot first -- and if you are a Star Wars fan, you know that is true). As biometric passwords are taking over, you can still go into your iPhone or Droid settings and use a complex password for logging in, instead of the 4 numbers.
Don't worry, you will get faster, QUICKLY!
The first month you are testing your new password, you are going to be tempted to change it. It will feel too long and too slow. DON'T DO IT! Keep at it. Your fingers will start to get much faster very quickly because you are typing the same base password over and over and over. Soon, your password will be entered into the little box before you even realize it.
One password to rule them all
So now, by remembering one password and your "rule", you will know ALL of your passwords by using your own brain to figure out the algorithm or connection to each site or computer.