“Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months.” ~ Clifford Stoll

 

Do you know the password for all of your sites? Everyone says you shouldn’t. It should be completely unique for each site and no one should be able to crack it.

 

When sites get hacked

The main problem with using the same password everywhere is that if someone figures it out or hacks into one website, chances are they can now get into all of them. Case in point – during a recent security breach, a number of Disney+ accounts were compromised. How? The hackers were able to crack some of the passwords because the users were using the same password for similar sites.

Having the same password across the board is a no-no, but most people ignore that advice and do it anyway because it keeps things simple.

Based on the website password rules, you may have a slight variation on some of them, because when you picked your first password that was super awesome, along came a website that required you to add not only a lowercase letter, an uppercase letter, and a number but also a special character.

WTF?!

Just when you thought you had it figured out.

The key to differentiating your passwords (and also being able to remember them) is to create a sequence that can be created based on which site you are visiting. The only thing you have to remember is the sequence code you decided on.

Even after you have your sequence down pat, I suggest doing one of two things (or maybe both just to be safe).

One: Use a password manager like LastPass to automatically store your passwords. You won’t have to remember the passwords or the sequence in this case, but I always like to have a backup plan in case something happens to your password manager – it goes out of business or (God forbid) gets hacked.

Two: Store all of your passwords on an external usb drive or a password notebook. Still a bit risky for the paranoid, but it’s better than nothing.

One great thing about password managers is that you can have them generate random passwords for you and it automatically stores them. Also, you can tell it whether or not it needs to include special characters… because some sites like them and some don’t.

 

Creating your password sequence

So, how do you create your perfect password? Like I said, you can auto-generate it (recommended) or if you’d like to have some way to memorize it, create your own memory tool. For example (and this could be any combination of tricks as long as you can remember it), your sequence might include:

• Last letter of the website
• Last 2 digits of the current year backwards (91)
• Special character (*, $, @, etc.)
• First letter of your child’s name in lowercase
• Last letter of your name
• Number of pets you have
• First 2 digits of the current year backwards (02)
• First letter of the website
• Etc.

Come up with your favorite combination – some constants will stay the same (like birth year) and others will change (like maybe using a letter from the website you are visiting). Don’t forget to use a combination of upper and lowercase letters. You’ll want to change your passwords (at a minimum yearly), but preferably every 3 – 6 months. You could even have 2 different middle sequences, like one for financial institutions and one for everything else. If you change it more frequently, maybe use some combination of the current quarter (Q4) and the year to help you remember and to help remind you to update them every new quarter.

For example, if I wanted to create a password for Trello using the sequence items from above, it would look like this:

o91%rA102T

At a quick glance it looks completely random, but if you know the sequence, it’s easy for you to decipher. That sequence is a bit long to memorize so I wouldn’t do every single one, but I’d suggest 4 or 5 that are easy for you to remember, and make sure it’s at least 8 characters long.

Sometimes this won’t always work because some sites will prevent you from using certain characters, so be ready to be flexible when needed.

Lastly, to keep everything ultra secure, use two-factor authentication when offered. They also give backup codes in case you lose your phone or the app for the authentication, so remember to store those codes where you can easily find them as well.

That’s it! So choose a method, but the important thing is to get organized and update all of your passwords – at the very least, your most important and secure websites. Will you spend some time over the next couple of weeks updating your passwords? What method do you use? Let me know in the comments.