Passwords are an integral part of our digital life and remembering passwords for hundreds of services we use is a daunting task for most of us! How often have you clicked on “Forgot password” link on websites, only to realize that you don’t even remember the email ID you gave while creating the account which is needed to retrieve the password! Adding to the difficulty, most websites and services now require complex passwords with upper case letters, lower case letters, special characters and numbers in it and no more allow you to set passwords like “123456” or “abcdegf”! Does it end there? No! Services like finance and other data-sensitive websites make you change your passwords every 90 days or so!
Take the example of our Workstation login. The new password rule requires the password minimum character length to be 12 ( Increased from 8), needs special characters, numbers, upper and lower case letters and has to be changed every 90 days and does not allow you to use the same password you used before for at least 3 more attempts.
I have been following a unique password policy over the past few years (which I had read somewhere on the internet but with modifications) which help me have very strong, unique and complex passwords for all of the websites I use and still remember all of them. I am sharing the details here.
On reading this article you should be able to:
Know how to never forget your password for any website!
Know how to create really long passwords and still remember them!
Know how to create a unique password for each website and remember them all
Know how to create a Reusable password for sites which asks you to change password frequently
Know how to easily create “Very Strong” category passwords which will have Upper Case, Lower Case, Numbers and Special characters in it and still remember them
The prerequisite for all these is that you would need to remember one word (not password) [Part A] and remember what is called as “unique identification pattern” (UIP) which is nothing but an order of letters [Part B].
You will have to choose one reasonably long normal English word (preferably a place name or a subject name or something similar which is easy to remember) which has the alphabets “a or s” and “e or i or o” in it. The more the occurrence of a/s/e/i/o in your word the better it is!
The specialty of a/s/e/i/o is that these alphabets has special character /number counterparts for them as given below:
a = @
s = $
i = 1
o = 0
e = 3
Example: Let us assume you chose the word “washington” OR “biophysics” as your word to remember
Now, replace the occurrence of a/s/e/i/o with their counterparts.
So washington becomes w@$h1ngt0n AND biophysics become b10phy$1c$
Next, change the first letter to capital letter so that the upper case rule will be met
So, w@$h1ngt0n becomes W@$h1ngt0n and b10phy$1c$ becomes B10phy$1c$
Okay, we are half done. By now you are armed with a strong password which has a capital letter, small letters, numbers and special characters in it. However, this is still a single password and we shouldn’t be using the same password for all the sites. Also, the above-mentioned passwords are not long enough for some sites (for instance we cannot use either of these passwords as your office system PW as both of these terms are <12 letters long) and cannot be used more than once for sites which require password changes every 90 days.
Now let us see how we can create unique passwords using this master password and still get to remember them.
The next key part is to decide on a “unique identification pattern” (UIP) which will help you distinguish different passwords. The most common way to create a UIP is to use a combination of letters in the websites URL. You can choose the format for UIP as per your liking, but make sure you follow the same format for all the websites/passwords.
To get a clear idea of what I am talking here, see the example below.
For demo purpose, let us assume you decided to have the first 3 letters of any website URL as your UIP ( It can be first 4 letters of the website OR it can be last 3 letters OR it can be alternate first 3 letters or any such combinations based on your liking) You wont have to remember the exact letters for any of the websites, as the website address will be visible on your browser and hence you can easily retrieve your UIP by looking at the web address!. All you need to do is remember what the UIP format you had decided.
Assume, you decided to go with the first 3 letters of the website as your UIP.
So, the UIP for Facebook will be fac and for WordPress will be wor and so on.
Now, to create unique passwords, all you need to do is add this UIP to your master password. So, the password for Facebook will become W@$h1ngt0n.fac (I am using a dot ” . ” separator between the main password and the string, which will improve the security more) and password for WordPress becomes W@$h1ngt0n.wor
By following this format, assume you are visiting the website www.twitter.com after 2 years, you would still remember the password as master password + first 3 letters of the website address with a dot before and hence you will be able to remember the password for Twitter as W@$h1ngt0n.twi
If you have multiple Gmail accounts, make the passwords unique simply by adding numbers based on your priority accounts, like W@$h1ngt0n.gma1 W@$h1ngt0n.gma2 so on.
Finally, for websites which require you to change the password every 90 days or so, follow a slightly different format in deciding the UIP. Instead of the website address string, choose a pattern of words like color names or fruit names or anything similar and then keep changing that word alone every 90 days.
For instance, assume the password you set for your system is W@$h1ngt0n.orange After 90 days, make it W@$h1ngt0n.mango and the next time make it W@$h1ngt0n.apple so on! You can even write the changing keyword on a “post-it” and stick to your desk every time you change them as unless someone gets hold of your master password, that keyword will not make any sense to them.
Though I have mentioned unique passwords, there will be cases where the password overlaps with each other depending on the format of UIP you have chosen. For instance, if you have accounts in Wikipedia and Wikihow and you decided to choose first 3 letters of the website as your UIP then both of these websites will have the password W@$h1ngt0n.wik
Some websites might ask you to have 2 capital letters, 2 small letters, 2 special characters and 2 numbers and all. To avoid any such scenarios, always choose a word which is reasonably long with at least 2 a/s in it and 2 i/o/e in it. For sites requiring 2 upper cases, I usually make the first two normal occurring letters in CAPS (e,g W@$H1ngt0n)
You can change your master password every year or two for added security, just keep a spreadsheet with the URL of all the websites you have an account, so that it will be easy for you to change the passwords for each of them.
You can always use credentials of websites like Google and Facebook to log-in to other websites which accepts authentication via these sites, but after what happened between Facebook & Cambridge Analytica, ask yourselves whether you need to hand over your login responsibilities to Facebook or Google! I still use my Google account for authenticating a lot of websites, but that is only after making my Google account as secure as possible, including having a strong password and 2-factor authentication.
Use WolframAlpha widget to calculates the strength of your passwords and see if your passwords are secure enough or not. It is a very cool widget which gives you a multitude of info regarding the strength of your password.
Agree or Disagree with the post?
Please do share your feedback and comments via the comments section below!
And, No. None of the above passwords are my passwords!