5 steps to creating a more secure password
13th December 2010
Be honest now, how many of you are using the same combination of username and password for more than one website? Do you use the same combination for ‘general’ sites like newspapers as you do for ‘important’ sites like banks?
If you do then you are not alone, many people are guilty of repeatedly using the same username and password combination and this is putting their reputation, identity and even their hard earned cash at risk. If one site gets hacked – or has a dishonest administrator – all of those accounts are compromised. Most people do it because they are too lazy or too trusting but generating a secure password that can be used at multiple locations isn’t that difficult once you know the trick.
This guide describes one way to generate relatively strong passwords that are easy to remember but hard to guess.
Step 1: Select a reasonably lengthy phrase or line from a poem. For example ‘the rain in Spain falls mainly on the plain’
Step 2: Use just the first (or last) letter from each word = ‘trisfmotp’
Step 3: Change a couple of the characters so that they are either upper case, numbers or punctuation. For example ‘!’ or ‘1’ could replace ‘i’, ‘9’ replace ‘p’ and ‘f’ be capitalised. So our ‘base’ password now is ‘tr1sFmot9’ – this part never changes.
Step 4: All of this is very well, and we now have a (fairly) secure password, but only one, so how do we make a unique password for each website we visit. The answer is to choose two characters from the name of the site you need to generate a password for. So ‘www.bbc.co.uk’ could be ‘bb’, ‘www.amazon.com’ becomes ‘am’ and ‘vistage.com’ becomes ‘vi’. To state the obvious, you don’t have to use the first two letters, the first and last are just as good, or the last two, or the first and third – almost any combination would do provided you are consistent.
Step 5: Insert the two character combination into the base password in a consistent way, for example position 2 and 3. Our passwords would then be ‘tbbr1sFmot9’ for the BBC, ‘tamr1sFmot9’ for Amazon and ‘tvir1sFmot9’ for Vistage.
Incidentally, this system can be developed further by using separate passphrases for finance, shopping and social media – of course if you make it so tricky that you have to write the password down you are defeating the point of the exercise.
No system is perfect, but each of these passwords appear ‘random’ and it is unlikely that in the event of your userid and password being stolen that anyone would go to the trouble of trying to guess your passwords for other sites when there are much easier accounts to hack – for example those people who are dumb enough to be using the same userid/password combination for multiple website.