Remembering passwords

When you actively participate in a lot of different online communities, what are you supposed to do about passwords?

Sure, many people just use the “remember me” option and then forget about it. Inevitably, though, you eventually delete your cookies (or your browser loses track of them on its own — it’s happened to me), and then can’t remember your password.

Sure, you can use the password reminder function. But a) it’s a hassle, and b) that’s assuming you can remember what email address you used to register for that site.

So many people opt for just using the same password everywhere. Bad idea. One hacker gets your password from one insufficiently secure site, and next thing you know, they’ve got access into your accounts everywhere.

Here’s my solution… I use a relatively simple algorithm for creating a password that’s based on the name of the site. It’s easy enough for me to figure out in my head, but obscure enough that your typical hacker won’t guess it. Maybe a professional cryptographer would, or someone who’s really, really persistent, but the point is just to encourage them to simply move on to someone else once they realize you don’t use the same password everywhere.

I’m not, of course, going to tell you my particular algorithm, but I’ll give you an example one on which you can base your own.

1. Pick any word, or even a nonsensical series, of 4-6 letters. We’ll use “snrgl”.
2. Look at the third letter of the domain name. Let’s say you’re doing this for Yahoo Groups, so we’ll use “h”.
3. Figure the numerical value of that letter in the alphabet. “h”=8
4. Tack that onto the end of your word. “snrgl8”
5. Now, pick a 4 or 5 digit number — NOT part of your social security number., and preferably something that people won’t obviously see the connection to. I’ll use the address of my childhood home: “2303”
6. Insert your result from step 4 into the number of step 5 as follows: if the domain is .com, add it after the first number; .net, the second; .org or anything else, the third. This gives us “2snrgl8303”.

Your typical hacker is going to go try that on another site or two, see that it doesn’t work, take one look to see if there’s an obvious pattern, and then give up. Remember, they don’t have a series of passwords to try to derive the pattern from. And based on just one instance, it’s nearly impossible to derive the pattern. It will keep you safe, but it will certainly make your life easier if and when you need those passwords.