How I Do Passwords

The Heartbleed mess is a reminder that not only do you need strong passwords, you also need to use different passwords for each web site you log into.  These days we know that passwords should not be words found in the dictionary and should be a mixture of capital and small letters, numbers and non-alpha-numeric characters. The problem is remembering them.

Most experts recommend using a Password Manager such as LastPass, which not only stores your passwords and auto-fills login pages on web sites, it will also generate unique passwords for every site you visit. I don’t use the latter feature. I probably should, but being old school about the whole thing, I’m concerned with how I will remember passwords if I’m using a computer that’s not mine (at an Internet cafe or whatever) – not that this happens very often any more – and have to sit down and recall that my password for some email service is A45ghf76#2!

So I came up with my own scheme and so far I believe it works pretty well. (Feel free to point out any flaws I may have overlooked.)

I’ve chosen a word. In this case the word is something that meant something to me a long time ago and something that no one who knows me today knows – the name I used as a DJ on college radio more than 40 years ago. Then I replace all the vowels with numbers. Then, to make it unique for each site, I append a two letter abbreviation of the site.  (I also have several variations on this that I won’t go into.)

Some web sites rate the strength of your password when you are signing up and this one always gets rated as strong. It may not be the best method, but it works and I can remember my password for pretty much every site without having to look it up somewhere.

I’m not saying my way is the best way.  The point is – this is 2014, the Internet is a playground and you need separate, different, strong passwords for every web site you log into.  Protect yourself. Live long and prosper. Be careful, it’s a jungle out there. And so on …

10 thoughts on “How I Do Passwords”

  1. I believe changing letters in numbers wont do much. 3 = e, a = 4, o = 0 etc, is well known to hackers. Also adding fb for facebook.com is very apparent.
    Also, what do you think of this? http://xkcd.com/936/
    According to this, the way your making a password is exactly the easiest way to crack.

  2. You said in you last post: “Folks, most of you know my day job is in IT, and in part I’m managing hosted environments for well over a million users worldwide.”

    How good of Jon to comment here and highlight to those million users that you apparently know fuck all about creating secure passwords.

    1. Jon’s comment is fair. I’m not sure yours is. Creating or maintaining secure passwords has fuck all to do with my job.

  3. I am curious with this HeartBleed mess, did you (or any one) changed out all the passwords? or heavily monitoring your accounts instead?

    1. I’m in the process of changing mine. Based on what I’m reading, I think a lot of people are doing that.

  4. I’ve moved from using 1Password to LastPass because the latter lets you do a password audit which will tell you what passwords need to be changed based on whether the server has been updated with new certs and Heartbleed code fixed.

Comments are closed.