Pretend you’re a successful real estate mogul. You own properties all over the world. You want to keep these properties secure and you’ve installed deadbolts on all the doors of each building. You’re very efficient, and so rather than carry around a huge key ring, you’ve just coded all the locks to a single key.
This makes things so much easier. Especially for the kid you paid to watch your dog gets his hands on your master key. Of course, if we were millionaire real estate moguls, we’d never make a mistake like that. We’d get different keys for each property. So why do we make this mistake with our passwords?
The simplest answer is that most of us have not yet adopted a secure, manageable system for creating strong, website-specific passwords. We tend to want passwords that are easy to remember, and so we choose short words or phrases. On top of that, we reuse these passwords, especially the ones we consider to be stronger.
It is a common mistake to think simply adding numbers to the end of a password makes it more secure. Turning ‘secret’ into ‘secret11’ was helpful before hackers caught on. Just how quickly can your password be guessed?
Often, hackers target giant pools of users. Using multiple computers running nonstop that can unlock thousands of valid usernames and passwords in a short span of time. Once a hacker knows they have a valid user name and password they can retry those same usernames and passwords, on other websites, potentially gaining access to even more of a victim’s personal and financial information.
How then can we maintain strong, unique passwords for each of the sites we want to keep secure? Here are some simple steps you can take which incorporates a lot of their wisdom into one system:
- Begin with a phrase you know. This might just be the password you currently use. A good tip if you don’t have one already is to make an acronym from a phrase you can remember, like “awanp” for “All work and no play.”
- Decide on a special character, one will suffice. Not all are compatible, some safe choices are !, *, and ?.
- Make your final password out of the website name, the character, and your starting password. I like to use the last letter of the site name, my password, and then the first two letters of the site name. So, in our example, on ETrade I might use ‘d!Awanp!ET’. Then on GMail I might use ’l!Awanp!GM’. Get creative; there are lots of ways you can do it.
It would take a computer about 13 years to randomly generate the passwords we ended up with in Step 3. What’s more, it’s based on a password we already know, and made unique by a very simple set of rules that match the website it’s being used for.