Most of the big data breaches we hear about in the news have worked because of the re-use of passwords. Even with really good passwords, if they are re-used from site to site, your risk of hijacking goes way up.
A side note: if we all followed perfect password practices, such that nobody else ever had a chance to know our password, it would seem that the risk of re-use would be minimized. Unfortunately, not all sites use the best practices, and some sites store passwords internally in plain text, or using some sort of reversible encryption. When those sites get attacked, your password can be retrieved, and now you’re not the only one who knows it. Danger!
Making passwords unique for each site sounds difficult, but again, it doesn’t have to be. Using the previous techniques, we can generate a really good password that meets all the rest of our requirements. For the moment, let’s just pick one of our examples to work with, 2##Peter2:1. Instead of thinking of this as your final password, just think of it as your core password. Use it to build your other passwords. Once again, a bit of planning makes this part easy too. Several thoughts:
- Start by picking one or two characters from the name of the site you want to generate a password for. First and second character are a good choice. Or first and third, or first and last, or second and last. It doesn’t really matter so much what you choose, as long as you’re consistent with it.
- Now mix those two characters into your core password. Several easy options, such as adding as first and last, or following the special characters, or even reverse them and tag them on the end
- For Amazon.com, we might generate 2##Peter2:1AM, or N2##Peter2:1A, or 2##ANPeter2:1
- The same three techniques for ClickHost.com would generate 2##Peter2:1CL, or T2##Peter2:1C, or 2##CTPeter2:1
- One more. for CITRT.OnTheCity.org, the same ideas would generate 2##Peter2:1CI, or Y2##Peter2:1C, or 2##CYPeter2:1
Nothing says upper case is better than lower case. Just pick some formula and use it consistently.
Last Updated: 9/30/2014