In my previous post, I shared some tips on creating a strong and secure password in an easy way. Let me recap the steps just in case you forgot.
1. Choose a phrase (about 12-14 characters long without space) that is only known to you, for example, “Ilovepancake!”.
2. Capitalize the first letter of each word, in this case, “l”->”L”, “p”->”P”.
3. Replace some letters with numbers or special characters, for example, “o”->”0″(number zero), “a”->”@”, “s”->”5″, etc.
4. If you want, you can add some other letters and numbers to make it more complex.
The result is a strong password which is easy to remember by you, but hard for hacker to figure out.
Now you have a strong password, should you use it for every account of yours? The answer is “NO”. You should always avoid using the same password for all your accounts, instead you ideally should use a different password for each account. The reason is if one password was stolen or hacked by a hacker, he/she cannot use it to access your other accounts.
How do you create a different password for each account, yet still remember them?
There are two ways to accomplish this. One approach is to use a password management tool, and the other is to use the similar technique mentioned above. Let me show you how they work, respectively.
A password management tool is designed to store and manage all your passwords in a database file which is protected by one master password, so you don’t have to remember all of them. All password management tools can generate very strong, complex, and secure password, but the password is very hard for human to memorize. Every time you need the password to log into your account, you can launch the tool, then copy the password from the tool and paste it to the login form. They also support a feature called Auto-Type which enables the tool to fill out the username and password for you automatically after you hit a predefined hot key, so you don’t need to do copy & paste.
The tool I use is called KeePass Password Safe and it is open source, which means it is free. It has a PC version which you need to install on your computer, and a portable version which you can run it from your USB flash drive without installation. I have been using the portable version and find it very handy. All I need to do is to download all the files to my flash drive, and it can run directly from the flash drive and will not store any settings outside the application history. In addition, KeePass uses Advanced Encryption Standard (AES) to encrypt the database file, it’s OK if you don’t know the jargon, all it means is your password is safe and secure in the database. If a hacker got a hold of your flash drive, he/she would not be able to see any of your passwords without your master password.
The key factor of using this approach is to have a very strong master password. I would suggest you to follow the previous technique to create a minimum 16-character strong password as your master password if you want to use a password management tool to manage your passwords.
In this approach, I will show you how to use the similar aforementioned techniques to create multiple passwords to meet your needs. This approach will NOT create a different password for EACH account of yours, but it is close. You can use the principle to do it yourself with some modification.
1. Categorize your on-line accounts. For example, the shopping category(amazon.com, ebay.com), the email category(gmail.com, live.com, yahoo.com), the social media category(facebook.com, twitter.com), the news category(msn.com, foxnews.com), etc.
2. Create a phrase for each category. You can be creative here and use abbreviation if the phrase is too long. For example, for the on-line shopping category, we can pick “Payless4shopping!” (most on-line shopping sites allow you to choose password with 16-20 characters. Remember, the longer the better.)
3. Capitalize words in the phrase: “PayLess4Shopping!”
4. Replace some letters with numbers or special characters: “P@yLe$$4$h0pping!”
5. Add more letters or numbers if needed.
Now this resulting password is strong and complex (the password meter score 100%), and may be used for your on-line shopping accounts. You can follow the same principle to create passwords for other categories.
The advantage of this approach is that you don’t need to reply on any third-party tool to manage your passwords. Since the phrases you choose are known to you, you can easily construct your passwords from them. However, the disadvantage is if you have multiple accounts in each category (most likely you do), then each account in the same category will share the same password. How to overcome the disadvantage of this approach? The key is to use different base phrase for each web site you visit, or use some rule for each web site, then construct different password from the base phrase or rule (unique to the site). I will leave this part for you to figure it out.