Some time ago Gilbert wrote a Password Quiz, warning users that they shouldn’t reuse passwords on multiple websites and services. This is fantastic advice. He even linked to some recommended Password Managers to help you keep your passwords safe while promoting good password practices. I’d like to go a bit further and offer you some tips about how to make good passwords.
Here’s the new thinking about passwords: for almost all accounts you should try to use padding to make passwords long, but easy to remember. And you should write down part of your passwords.
Are you skeptical? After all, this is very different advice than you’ve been given in the past. Technology experts are always insisting that crazy passwords like G5x$TrY&6 are the best way to keep your accounts secure. But with advances of technology and with the complexity of managing many different passwords, this conventional wisdom is officially out-of-date.
So, how do you chose great passwords and write them down so that you never forget them, but never have to worry about them being unsafe?
First, come up with a key. This is the most important step of this process. You must pick a very short, but unusual, 3 or 4 letter word. You must never tell anyone this word. Never write this word down. This is your secret key to all your passwords.
Don’t pick something obvious. It shouldn’t be one of the 5000 Most Common English Words. You might think this is hard, but actually things like goo and bah work just fine as well as our good friend to the left: pony is a great word.
Once you have your key, then fulfill any password requirements the website or program require. So, if you need numbers or symbols add as necessary to comply with complexity requirements. Then pad the password. What is padding? Just fill in the remaining characters with a single symbol such as the letter a or a period.
What does this look like? For a website named KoolStuff.com that requires a letter a number and a symbol and allows 14 character passwords you type:
pony + 6 + # + ........
What do you write down? KoolStuff 6#.8
This seems complicated, but it isn’t. You have the website name and then you know to use your secret key, then type the next characters and then the last two characters are the padding. In this case, eight periods.
The point is that no one can figure out this password and since you can write it down you never need to memorize it. You can have a bunch of these on a slip of paper in your wallet. Even if your wallet got stolen, you’d be safe.
Now, the only exception you need to remember is that you should never use these high powered passwords on any low grade website. For low-grade websites (anything that only connects via http instead of https is a good indicator of low-grade security) you should just use an ordinary password and write it down on your cheat sheet. The key here is that you don’t want to give away your secret key word to a low-grade security site like a bulletin board or a blog.
Now you have new password super-powers! Because your passwords are long and because they take advantage of something called two-factor authentication, you have easy to use but highly secure passwords.