Problem: Passwords are getting ‘stolen’ even faster than they are (used to be) guessed. By ‘stolen’ I mean taken, en mass, from some site (cf. the Sony fiasco some years ago). This actual happens all the time – usually unreported because what doctor’s office has intrusion detection on their in-house network?!? So here’s a way to make an easy-to-remember, strong password that is unique to every website you’ll visit.
It’s called a paradigm: a method of creating a password that can be repeated in such a way that (most**) every site you visit will cause a unique password. A paradigm that does takes an ‘input’ and produces the same ‘output’, but each ‘output’ is unique to each ‘input’. A paradigm that can be super-easy to remember/use. Here’s how it works:
repeated-gibberish + a few letters from the website = a site-unique password
That’s it. In short, find some way to create gibberish (ideas below), take a few letters from the website address (maybe the first, second, and fourth letters – from this very site it would be ‘dis’) and put them at the beginning, middle, or end of your gibberish. The gibberish is the same for every site with the website letters making a ‘unique’ password per-site.
Ideas and explanations
The trick is to get some ‘quality’ gibberish. Anymore (as one will notice in the ‘password requirements’ of many websites), that will include both upper- and lower-case letters, numbers, and a ‘symbol’ or two. Why these requirements? Because adding more ‘options’ (ex. anything more than just lower-case letters) increases the number of possible passwords a hacker would need to ‘guess’ (a bit of an oversimplification, but close enough). If, say, your password had to be 3 ‘characters’ long and could be only be the letters ‘a’ and ‘b’, then you’d have the following possibilities: aaa, aab, aba, abb, baa, bab, bba, bbb. The ‘math’ is “number-of-options to the power number-of-slots”. Or more tersely using our example: 2 to the 3rd power, 2^3, or “8”. If we add one more ‘slot’ (from 3 to 4), we get 16 possible ‘passwords’. But if we increase the number of characters from 2 to 3 (still having 3 slots): 3^3 = 27. Nice!
See, adding one more slot (increasing the length) of the password, while good, does not product the same benefit of increasing the number of possible ‘characters’. Or, using the example above:
- Baseline: 2^3 = 8 possible passwords
- Increase length: 2^4 = 16 possible passwords
- Increase potential characters: 3^3 = 27 possible passwords
Using a U.S. keyboard, significant benefits are had by adding a type of character: lower-case, upper-case, number, symbol. Each type implies a number of potential ‘characters’: lower-case = 26 possible characters, add upper-case and we get 54, add numbers and we get 64, add symbols… depends on your keyboard, I suppose.
How to make memorable, multi-type gibberish
Here are some ideas on how to make gibberish. It’s probably best to combine many/all of them.
- Use ‘leet’ to turn an easy-to-remember word (ex. your name) into a non-word: replace characters with similar-looking numbers or symbols (ex. ” i ” and ” ! ” or an upper-case ” O ” and the number ” 0 “). If your name is “Sonnie” it can become “S0nn!e” (where the 2nd letter is a zero and the 5th letter is an exclamation point).
- Add symbols and/or numbers in-between syllables of words or between words in a phrase. Using “Sonnie” again, it can become “Son&nie” where the and-symbol is inserted between symbols. Or the phrase “My given name is Sonnie” can become “My#gi#ven#name#is#Son#nie” (using a pound-symbol between words and syllables).
- Or switch symbols as you go along – on a typical, U.S. ‘qwerty’ keyboard, for example, start with the symbol ‘over’ the number 1 for the first break, then over the number 2 for the next break… “My!gi@ven#name$is%Son^nie”
- Use a foreign-language transliterated (ex. Spanish), “Mi#lla#mo#es#Son#nie”. This works even better with languages that have sounds English doesn’t have: any guttural sound from German or Hebrew works well since there is no exact English equivalent.
- Use the first-letter of an easy to remember phrase: “Where in the world is Sonnie” becomes “Witwis”.
This is rather simple: pull some letters from the website and use them at the beginning, middle, or end of your ‘gibberish’. Here are some tricks:
- use the exact website letters – not the name of the company, not the ‘words’ of the website
- “www.chase.com” is Chase Bank. Don’t use ‘cb’ for Chase Bank. ‘ch’ (first two letters), ‘ce’ (first & last letters), ‘he’ (2nd and last letters) are fine.
- Using anything that isn’t exactly in the website address means you’re going to have to remember what you were thinking when you came up with the letters… not good!
- don’t leave the letters in their original order
- This is important incase someone does hack a site that has your password. If it’s very obvious that your password is gibberish plus the first two letters of the website, that’s not good should the hacker want to ‘try’ your password on other sites. For example, if your a member of ‘zooloversanonymous.com’ and your password is “happy*zo”, it’ll be pretty easy to figure out that you have a ‘paradigm’ and it’s “happy” plus “*” plus the first two letters of the site. So your Chase Bank password is probably “happy*ch”. Eek.
- If you, however, picked the 2nd & last letters, your password would at least be “happy*os” – not really obvious how “os” = zooloversanonymous.com
Putting it all together
- An easy to use phrase: “My last passphrase”
- Gibberish #1: s => $, a=> @, t => 7
- Gibberish #2: all letters lowercase except the last letters of words
- The website-specific letters are going to be the 1st, the 2nd, and the last letters in the order: 2nd, last, first
- The website will go between ‘last’ and ‘passphrase’ (before making gibberish, it will be “My very last site-name-here passphrase”)
- amazon.com :: mYl@$7mnap@$$phr@$E (amazon becomes 2nd (m), last (n), first (a) letters – bold/underlined in the password)
- chase.com :: mYl@$7hecp@$$phr@$E
These examples are bit ‘long’ (19 characters) – many sites still limit us to 12 characters (ugh). Hopefully this will give you some ideas, though, for creating your own Password Paradigm.