Managing your passwords is a pain! Below we’ve outlined a few simple tactics which you can use for your everyday passwords to ensure you’re up to industry standards and remaining safe online.
The Usual Password Requirements and Tips
We’ve all been there. Bending over backwards to meet the password requirements on your mobile banking site, or your corporate domain account.
We’re all familiar with this struggle. So how do we solve it?
When creating a password it’s important to follow all the standard recommended password security tips
- Minimum of 8 characters (Do your best to go beyond this..)
- Change passwords every 90 days
- No personal identifiers (Street Address, Pets, SO’s, Maiden names, etc.)
- Never use password’s twice – Each website / Device you use should have a different password
- Never repeat a password from the past
- Avoid simple dictionary words (Against Dictionary Attacks)
- Include numbers and special characters! (!@#$%^&*)
That’s a lot to keep track of! Especially for every site and device that you use.
Many people who try to follow all of these tips will frequently find themselves requesting password resets.
This is where a Password Manager like LastPass would try to sell you their services, but honestly I can’t stand password managers. To the average person, password managers are completely unnecessary and will often complicate simple tasks.
The Solution; Password Scheming
Think of a Password Scheme in the same way you would a Color Scheme used for corporate identities, brands, interior design, and the like.
A Color Scheme is just a palette of colors which you’ll use throughout your design process. Rules apply of course.
A Password Scheme is just like a Color Scheme, but for passwords.
Personally, I like the 3 tiered method.
- The Default – I call this the throwaway. Used for most new accounts on the internet, especially if you’re not sure that you’ll be returning..
- Mid Level – Used for anything that you don’t want on the same playing field as the throwaway, but at the same time it’s not quite on a tier 3 level.
- Restricted – Perfect for Finance and anything else on that same level of importance.
On top of that, it’s not a bad idea to separate internet facing accounts from non-internet facing accounts, but that is more of an advanced topic.
Every website, any public facing server, your bank, and social media is all considered public facing.
Anything that might not necessarily be exposed directly to the internet like your laptop, a home server, passwords to standalone applications and anything inside your network can be considered private, internal, or non-internet facing. These should have a separate set of passwords.
How to manage site unique passwords
Okay, so 3 tiers of passwords isn’t that hard to remember – but, what about having a unique password for each website? That can’t be easy!
Wrong! This could hardly be simpler. You just need to formulate your very own algorithm.
Creating your own password algorithm
Now, creating an algorithm for your password may sound complicated, however that’s not the case!
Creating a password algorithm comes down to 3 simple steps.
- Create a base password
- Memorize the base password
- Incorporate the specific site / service / device into the base password
In the above example, the base password is “iOXWL#Wa!Och” and you’ll notice two variables. These variables are in fact all you really need for an algorithm.
This password is for Facebook, but you wouldn’t know that at first glance. Here’s the example algorithm breakdown.
Variable Casing Rules:
Variable 1: Lower case, followed by upper case
Variable 2: Upper case, followed by lower case
- Take the first two letters of the website name (Facebook = FA)
- Use the next available letter for each character (FA = GB)
- assign these two characters to variable 1 = gB
- Take the last two letters of the website name (Facebook = OK)
- Again, use the next available letters for each (OK = PL)
- Assign to variable 2 (Pl)
That sounds like a lot, but once you memorize your base password and the formula to your algorithm, the whole process becomes much quicker in your head.
Note: You can make your algorithms as complex, or as simple as you like. Just remember, the idea is to keep people out, so try not to make your algorithm too obvious.
Quick note from the author: Hey, thanks for reading this far! As a reward, the first person to comment the answer to the following question will win 1 year free cPanel Web hosting (located in North America). Question: Using the password algorithm above, what would the password for Amazon look like? Leave your answer in the comments below, or @ us on any social media linking to this post!
The key to creating a good password algorithm is to come up with your own unique way to incorporate variables. Perhaps place one of the variables in the center of your base password, or use 3 variables. One could also get creative by using the sites logo primary color in place of the website name.
At the end of the day, it’s whatever works for you. If you employ any of the ideas mentioned in this article, you’re already ahead of many people – but you can always improve!
Password rotation
Hands down, my least favorite part, and I’m sure many others would agree. However, this is probably the most crucial part to password management.
You should be rotating your passwords at least once per year. Mark it in your calendar and just get it over with. Ideally, you should do this every 90 days, but that can get cumbersome for the everyday user.
Many people NEVER rotate their passwords, and that’s when you run intro trouble. You see, the longer you use a password, the greater the risk is that it may have already been compromised in some way.
Don’t believe me? Checkout https://haveibeenpwned.com/ – They have a large database of data breaches which allows you to search through and find which breaches potentially affected you. Give it a try, I bet you’re there.
If you pop up in either the email database or the password database, you’re certainly way overdue for a new set of passwords.
Wrapping up
Passwords are a pain, but good password hygiene is important. Try the 3 tier passwords scheme, and better yet, try adding an algorithm to your passwords. Being safe online is as easy as you make it. Mostly, it’s just education.
For further discussions on passwords and online safety, leave a comment below, or join our Discord!