The Problem with Passwords

In short, the problem with passwords is that there are too many of them!  And the risk of not having a good one leaves our valuable information exposed and vulnerable.  We’re always cautioned to create passwords that are:

  • unique
  • ~12 – 16 characters
  • a combination of upper/lowercase letters, special characters, and numbers
  • difficult to crack, but yet memorable for us

I have close to 100 passwords and I take it seriously.  Imagine locking a vault of money with a luggage lock, which is akin to using a password like “123456” to secure an online bank account.   Years ago I developed a system to create unique and difficult passwords that I could still remember.  Here’s how I did it.

Every year I create a new pattern accompanied by ~4 rules.  With this system I only have to remember the annual pattern (and rules) to recall passwords.  This has helped me to remember most of my passwords, even ones a few years old.

Rule #1: I select a 4-digit number with meaning, like a birth year or the current year.  Then I replace some numbers with special characters or letters.  For example, if I pick “2017”, I might replace the “0” with “o”, and the “1” with an “!”.

Rule #2: I decide how to select a different word for each password.  Usually I pick something descriptive of the account (e.g. for my smartphone provider, the word might be “phone” or “internet”).

Rule #3: pattern construction.  I like to break up the word and intersperse numbers or special characters between the letters.  Using the two examples above, “2o!7” and “phone”, one possible pattern could be ph2o!7ONE.  In essence every password will start with the first 2 letters of the selected word in lowercase (see Rule 2), then the modified 2017, and any remaining letters are capitalized.

I run into challenges when a website/application won’t let me create passwords according to my pattern, such as a restriction on using special characters, or a length requirement.  One website required me to start my password with letters, even though that year’s pattern started with a number.  This is when I use Rule #4, to deal with exceptions.

Recently I started reading a lot more articles about using biometrics for passwords (e.g. fingerprints, selfies, even heart beats, etc.), and other best practices like using 2-factor authentication.

In the end, I decided I’m going to invest in a password manager that works across all my devices.  Stay tuned for updates.

3 comments for “The Problem with Passwords

  1. Anonymous
    25 April 2017 at 09:14

    like the rules and will try to apply them. Thanks.

  2. James
    25 April 2017 at 12:12


    I am an IT guy so passwords and your 4 rules for making a good password are pretty awesome. But for a person like my wife who can’t remember a password if our child’s life depended on it, your rules are too complicated. 2-factor authorization is awesome, But once again for a good number of people its too complicated. I can say this as I use it. And there have been times where I have had an issue. I would suggest a much simpler approach. The program 1Password which works for Mac, Windows and Linux/Unix is a very simple and easy to use program. And can be managed with just one master password that the end user must remember. If the end user who is not great with passwords is willing to make an effort I would strongly suggest to enable 2-factor authorization and use 1Password. Then you can be sure your passwords are safe and your logon’s are secure. If your interested in 2-factor authorization do a google search on it and read up. As for 1Password you can find it here or you can get it from the Apple store for MAc or the Play store for Android.
    Good luck all

    • The Deletist
      25 April 2017 at 12:23

      Great tips! yes, 2-factor authorization is a good option for people who don’t have strong passwords as a quick fix. And yes, I think a password manager is the way to go. I’ll check out as I start my research. I think Lastpass is also highly recommended. Thanks for the comments!

Leave a Reply

Your email address will not be published.