A Secure Password Family Strategy
Posted by Dave at 11/27/2018 11:57:31 AM
1 viewers have rated this item.
So many passwords! I used to keep a file on my computer desktop that contained all my passwords. While this helped me remember multiple passwords, this is clearly not a wise practice for numerous reasons. One day I had my desktop displayed during an online meeting and one of my colleagues noticed my file and, as nicely as possible, mentioned that this might not be a good idea. It was also against company policy forbidding passwords from being stored in unencrypted text. I renamed my passwords file something less obvious, but I'm sure it would still have taken a hacker just a few seconds to find my file.
I continued this practice for years, thankfully, as far as I know, never getting hacked. But over time I developed a password system that I could apply without having to write anything down. My method has similarities to what's known as the "Password Families" system, except my method generates a password that is unique to the site where you use it. Over time I have been able to retire my old passwords file (but after I encrypted it and saved it for safe-keeping).
Here is how you can create strong, secure, unique passwords. Obviously my specific passwords are different than these.
Begin with a strong password you can re-use as the "root" of your unique passwords. This needs to be something you can remember.
Next you will make this password specific to the site you're visitng by applying a simple rule. You just need to remember this rule, you don't have to remember the thousands of specific passwords you can generate by applying this rule.
Here is my rule: Append the last four characters of the site's domain name, such as "azon" for amazon.com, resulting in a full password of cO1!aP5eazon. If the domain name has less than four letters, such as "cnn.com" I just use all the letters.
Be careful because some sites will start out on one domain, but refer you to a different domain for a login. Thus, for example, "ford.com" may refer you to a login page that's actually "fordlogin.com." You should be able to find the site's Url in the top of the browser window. If you don't see it, actually that's a yellow flag and you might want to take a closer look at whether the site you're visiting is legit.
Recently I have received more than one of a new kind of hacking exploit/scam. The email includes in the subject an old password that I used on one site. They claim to have hacked this site and used my password from that site to hack into other sites and into my own desktop computer. At first, I was concerned and tried to research it. But in short order, knowing my passwords are secure and unique, I feel fairly certain I am not at risk. I am still getting these emails (it seems to be a fashionable scam attempt) and now my partner has gotten a few of them. Now that my partner is using my password system as well, I feel we're pretty safe and now we pretty much ignore them all.
I continued this practice for years, thankfully, as far as I know, never getting hacked. But over time I developed a password system that I could apply without having to write anything down. My method has similarities to what's known as the "Password Families" system, except my method generates a password that is unique to the site where you use it. Over time I have been able to retire my old passwords file (but after I encrypted it and saved it for safe-keeping).
Here is how you can create strong, secure, unique passwords. Obviously my specific passwords are different than these.
Begin with a strong password you can re-use as the "root" of your unique passwords. This needs to be something you can remember.
- Pick a word you can remember, such as "collapse"
- Insert a couple of numbers and symbols "co1!ap5e"
- Capitalize a few of the letters (not just the first one): "cO1!aP5e"
Next you will make this password specific to the site you're visitng by applying a simple rule. You just need to remember this rule, you don't have to remember the thousands of specific passwords you can generate by applying this rule.
Here is my rule: Append the last four characters of the site's domain name, such as "azon" for amazon.com, resulting in a full password of cO1!aP5eazon. If the domain name has less than four letters, such as "cnn.com" I just use all the letters.
Be careful because some sites will start out on one domain, but refer you to a different domain for a login. Thus, for example, "ford.com" may refer you to a login page that's actually "fordlogin.com." You should be able to find the site's Url in the top of the browser window. If you don't see it, actually that's a yellow flag and you might want to take a closer look at whether the site you're visiting is legit.
Recently I have received more than one of a new kind of hacking exploit/scam. The email includes in the subject an old password that I used on one site. They claim to have hacked this site and used my password from that site to hack into other sites and into my own desktop computer. At first, I was concerned and tried to research it. But in short order, knowing my passwords are secure and unique, I feel fairly certain I am not at risk. I am still getting these emails (it seems to be a fashionable scam attempt) and now my partner has gotten a few of them. Now that my partner is using my password system as well, I feel we're pretty safe and now we pretty much ignore them all.
4,064 views.
1 viewers have rated this item.