In short, the problem with passwords is that there are too many of them! And the risk of not having a good one leaves our valuable information exposed and vulnerable. We’re always cautioned to create passwords that are:
- ~12 – 16 characters
- a combination of upper/lowercase letters, special characters, and numbers
- difficult to crack, but yet memorable for us
I have close to 100 passwords and I take it seriously. Imagine locking a vault of money with a luggage lock, which is akin to using a password like “123456” to secure an online bank account. Years ago I developed a system to create unique and difficult passwords that I could still remember. Here’s how I did it.
Every year I create a new pattern accompanied by ~4 rules. With this system I only have to remember the annual pattern (and rules) to recall passwords. This has helped me to remember most of my passwords, even ones a few years old.
Rule #1: I select a 4-digit number with meaning, like a birth year or the current year. Then I replace some numbers with special characters or letters. For example, if I pick “2017”, I might replace the “0” with “o”, and the “1” with an “!”.
Rule #2: I decide how to select a different word for each password. Usually I pick something descriptive of the account (e.g. for my smartphone provider, the word might be “phone” or “internet”).
Rule #3: pattern construction. I like to break up the word and intersperse numbers or special characters between the letters. Using the two examples above, “2o!7” and “phone”, one possible pattern could be ph2o!7ONE. In essence every password will start with the first 2 letters of the selected word in lowercase (see Rule 2), then the modified 2017, and any remaining letters are capitalized.
I run into challenges when a website/application won’t let me create passwords according to my pattern, such as a restriction on using special characters, or a length requirement. One website required me to start my password with letters, even though that year’s pattern started with a number. This is when I use Rule #4, to deal with exceptions.
Recently I started reading a lot more articles about using biometrics for passwords (e.g. fingerprints, selfies, even heart beats, etc.), and other best practices like using 2-factor authentication.
In the end, I decided I’m going to invest in a password manager that works across all my devices. Stay tuned for updates.