With the increase of phishing attacks and malicious software, you are putting yourself at great risk from identity fraud and theft by using a single password. According to The Telegraph, one in ten Britons fall victim to identity theft, and twenty percent of the victims had goods bought in their names illegally, while one in eight had money stolen, with "the average sum being over 1,000".
I have been a victim of identity theft myself because of irresponsible password use, and this article is the result of some hard learned lessons.
I will show you how to create unique passwords for all your accounts that you will be able to remember without the use of extra software or using a text file to store all your passwords that can easily be compromised or lost.
The solution is to start with a strong, memorable password, then adding a few unique characters specific to the site you log into. This will generate a random, complex password every time, without the hassle of remembering a long string of nonsensical characters for every site.
What to avoid when creating a password
Before you can create a secure password, you must know what constitutes a weak one. There are hundreds of articles on the web about weak passwords, so I'll only give you the top three most tempting mistakes to avoid:
- Don't use personal information, like your username or real name, your birth date, ID/passport number, or names of family members or pets. If you are on Facebook or have a blog, even obscure information about yourself may already be public knowledge.
- Avoid using dictionary words, including non-English words, abbreviations, words spelled backwards and misspelled words. Using double-words (blueblue, smile-smile) or obvious obfuscation (c@ndl3st!ck, 2die4) are no good either.
- Don't use "common" passwords. Apart from those covered by #1 (like your birthday) or #2 (like "admin" or "password"), other common passwords are sequential number or alphabet strings (123456 or xyz), or a row of keyboard keys (qwerty, asdf). 3 steps to hundreds of unique, memorable passwords
Step 1: Create a strong foundation password.
- Think of any four numbers and put them in any order. (Tip: You can take a number you already know, like an old telephone number, and mix it up in a way that can't be guessed, or combine two or three unrelated numbers, like your street address and the age you got braces.)
- Think of any two (or more) letters, make them CAPITALS, then put them together with the numbers in any way you want. Example: If my telephone number is 342 7564, and my surname is Williams, the last 4 digits (scrambled of course) and the last 2 letters could make M47S65, or the first four digits and the first and last letters could make 4S723W.
Many websites have specific requirements regarding a password's complexity. The most elaborate ones usually expect a minimum of eight characters, upper- and lowercase letters, numbers as well as non-alphanumeric characters. There aren't many sites that are this strict though, so you can skip this step if you feel your password is strong enough; you'll still end up with an eight digit password that will meet most sites' requirements. But if you wish to make your password as generic and strong as possible, you must add at least one symbol, preferably two.
- Add non-alphanumerical characters to the password you created in Step 1. Stick to characters that you can add directly from your keyboard, like! @ # $ % ^ & + =? and brackets, as non-ASCII characters may not be supported by all sites. Don't use a symbol as the first character of your password, as that may result in an error. Example: Adding ^ and! to my foundation password gives me M^47S6!5
Step 3: Unique yet memorable passwords every time.
To make your password unique and memorable, use the site logo that is always visible in the top left corner of every site (that displays the site name) as a visual trigger. The reason you use the logo is that your unique password is dependent on the site's name, and the logo gives you a consistent reference for spelling and the position of letters. Don't think that you will remember in a month's time whether you used the British or American spelling to count to a specific letter, or if you ignored any l337 sp33k by using normal letters instead. If you use the logo as a reference, you will never be in doubt.
- Decide on two positions in the name (i.e. logo) from where you'll choose a letter. You can use the first two letters, the first and last letters, the 3rd and 6th letters, the first letter of every syllable (e.g. Facebook = face + book) or even individual words (Amazon.com = amazon + com). Just remember to have a backup rule for those exceptions where a name falls short. Decide if you will include fullstops and punctuation in letter counts, and how you will handle it if your chosen character is a number.
- Take those two letters, make them lowercase, then choose two spots in your foundation password to put them. Consistency is important, so always use the letters in the same order and always use the same two spots in your foundation password. This will give you a unique, strong password for each site. For example: Amazon.com = aM^m47S6!5, Facebook = fM^k47S6!5, etc.
You are still protected even if you write it down.
If you still feel this is too difficult to remember, write down only your foundation password. In Step 3, choose three (preferably four) letters from the site name and make sure never to share your formula. If you don't use obvious letters, and you place them in spots that are hard to guess, chances are excellent that your passwords will remain safe even if someone discovers your foundation password.
No comments:
Post a Comment