Yeah yeah I haven’t posted in a while, but to be honest no one’s mentioned it so I don’t think too many people are paying attention anyway.
But I posted this recently on Reddit.com about how I choose my passwords, and I thought it might make an interesting blog post. The majority of people commenting in the post were saying they used ‘password keeper’ programs or plug-ins for their browser, that store the passwords for all their sites and secure them with one master password. This doesn’t work if you’re on a borrowed computer though.
The way I do it is to use a master password consisting of a memorable song, phrase or poem, combined with a memorable number. Here’s the post, slightly edited for the blog:
For pretty much super-secure passwords just go to https://www.grc.com/passwords.htm
If you can’t be bothered to remember that, though, I use a very hard to guess/crack password system that’s been checked online and determined to be ‘strong’ or ‘best’ on multiple sites:
- Find a song or poem lyric you like, for example ‘I Am The Taxman, I Am The Walrus’
- Take the first letter of each word, for example Iatt, Iatw
- Pick a 2- or 3-digit number, for example 456
- For sites that allow a ‘special character’, use the top row of numbers on the keyboard and press Enter when hitting the middle number, for example 4%6
- Combine the letters and numbers, for example Iatt4%6Iatw (note the capital letters)
- You now have a ‘base password’ which you can modify
- When asked for a password on a new forum or site, enter the whole password, THEN press Home and enter the first letter of the site you’re on, for example R for Reddit, then press the right arrow key, then the second letter, etc., until you’ve entered in the first four letters of the site name.
This makes the sample password for Reddit into rIeadtdt4%6Iatw, which no one will ever guess, you’ll never need to remember, and you won’t be at a loss to recall it if you ever log in from a computer that doesn’t have your personal password plug-in. The Microsoft Password Checker rates this as a ‘best’ password.
If the site you’re on doesn’t allow long passwords, skip the second part of the song verse or leave off the numbers.
Now, what happens if someone gets your password somehow and figures out your ‘system’ and tries to change your other passwords:I haven’t put much thought into how to prevent that (until now), although if you were sufficiently paranoid you could do a system where you change the point where you start typing in the name of the site. For example for most sites I enter the main password, hit Home, press right arrow, then start typing the site name alternating with right arrow. You could just as easily type the site name at the end of the main password, but with a LEFT arrow (so ‘Reddit’ becomes ‘tidder’).
Remembering which site uses what what system wouldn’t be too hard, you could have four variations to start with, based on the first letter of the site you’re logging in to: vowels up to ‘M’, vowels after ‘M’, consonants up to ‘M’ and consonants after ‘M’. This would frustrate most people entering the password by hand, and you could get more complex if you wanted.
It’s not perfect, (IMO totally random number/symbol/character is, which changes every couple of weeks) but for me it’s better than having a password keeper program.