Good ideas - English content

[saos@ngmo]

Remember Just One Password That's Unique For Every Site

Like anyone using the internet today, I have a lot of accounts that need passwords. Bank accounts, social networks, new startups I'm checking out, email accounts, blogs, forums, you name it. Though I keep unique passwords for important services (like servers and email accounts), it still is a pain to have to remember passwords for every service I'm using on the internet. So after a while I find myself reusing passwords.

But that's not very safe, because if one service is compromised and my password is found out, everything else goes too.

Well last week as I was begrudgingly making up another password I realized a simple way to make this madness a little easier. It's a simple way to only have to remember one password, but have it be different for every site.
How to Make the Password:
Step One

First, rather than remembering a word for your password, remember a phrase instead. For example:

"I Have Way Too Many Passwords To Remember"

Then take the first letter of each word as your password, so...

"I Have Way Too Many Passwords To Remember"

would be: ihwtmptr

This makes your actual password look very random. Alone, this would be a pretty secure password.
Step Two

Say you need a password for your bank (ex. Wells Fargo). Just take the first letters of the name
(Wells Fargo = wf) and add it to your password:

wfihwtmptr

Or another example, if you need a password for Facebook:

fihwtmptr

This way your password is different for every site, is secure, and all you have to do is remember one phrase!
Extras

You can make this a little less obvious by putting the initials from Step Two in the middle of the password instead of the front. You could even make this easier on yourself by using the name of the site/service in the passphrase. For example:

"What Is My Facebook Account Password?"

would be: wimfap
What Next?

    * Leave a Comment
    * Subscribe to the Idea Shower
    * See More

Related Posts:

    * Comment to Email - Wordpress Plugin
    * Least/Greatest Common Mulitple (LCM,GCM) in PHP and Javascript
    * Wordpress Plugin: Extra Comment Fields


More: Lifehack, Passwords, Security
Comments (15)

All / General / Reviews / Support / Suggestions

   1.

          Have any of you used other methods to manage the insane number of passwords we all need?

      March 19th, 2008 Nate Weiner
   2.

          well... it only made people who want to find the password a little bit harder...
          it's best to MD5 what ever your passphrase is with the site's name... and use that as password

      March 20th, 2008 Mgccl
   3.

          This is what I did for my accounts. But I can't give you any hint on my password creating convention. :D

      March 20th, 2008 Syahid A.
   4.

          @Mgccl

          Can you MD5 a password in your head? This method isn't meant to be hardcore security, it's meant to be a good level of protection that's quick to remember.

          I agree though that extra steps should be taken with truly important passwords.

      March 20th, 2008 Nate Weiner
   5.

          There was a password cracking contest a few months back that demonstrated how length is actually more important than complexity.

          I posted about it here: http://tinyurl.com/yqebur

          If you're going to use a method like the one you described, pick a longer sentence.

          As for other password solutions - try a password manager ;)

      March 26th, 2008 Tara Kelly
   6.

          [...] the Idea Shower » » Remember Just One Password That?s Unique For Every Site - It?s a simple way to only have to remember one password, but have it be different for every site. Posted on March 26, 2008 in links by admin [...]

      March 26th, 2008 AKA Riptide Furse » My del.icio.us bookmarks for January 31st through March 26th
   7.

          Another variation is to make your password a dictionary word, but to move your fingers one or two keys to the left (or right) while typing. Easy enough to remember.

          That said, you should simply demand OpenID: http://demand.openid.net/ :)

          PS: I've been thinking about a site like this (ideas, solutions) for years, congrats for making it your reality!

      May 21st, 2008 Robin Millette
   8.

          Also check out PasswordMaker: http://passwordmaker.sourceforge.net/

      June 18th, 2008 Totalnubee
   9.

          The password can be made more secure by using a combination of different cases and replacement letters (for example 5 instead of s, 7 for T and so on).

      June 24th, 2008 Ashish Bogawat
  10.

          If only it were so simple - unfortunately as sites become increasingly more security conscious, they add more restrictions to the size and composition of the passwords. Since they are all doing this independently, they often choose restrictions that are in conflict with those of other sights.

      June 30th, 2008 Carl Campbell
  11.

          What I do is take an animal, food, color, etc. that I enjoy (only one) and misspell the word. Like changing an s to a z. Then you add numbers. For example for different accounts on computers you could have your laptop be e.g. googul11 and then make your password for your asus eee pc googul12 or 21 and then your desktop googul23 or 32. Then just have a longer one for your email (one of a kind) (e.g. you could make it googul321. And then a you could have a unique one for all of your social sites. Like for twitter, myspace, meebo. E.g. googul234. And then one for your file storage sites. E.g. googul456. Anyways... it's the same word, just misspelled so it is hard to guess, with a different set of numbers at the end. [:

      July 31st, 2008 Will
  12.

          Good idea. This was suggested by a teacher of mine a while back, and although I don't do it, it's a great idea.

          What I hate is when sites have bogus requirements for your passwords (like case, or numbers, or special characters). It's impossible to make a single phrase that works for any account. I like having a secure password, but some sites don't allow special characters, and some require them.

          @Will
          Then the only thing that changes is the number sequence at the end, and you're forced to remember numbers rather than an actual password.

      August 4th, 2008 Ishmael
  13.

          Well, I am using quite a similar method for years now and it really does work. I manage a heap of computers and remembering all the passwords without a formla of some kind would not be possible. Having all passwords exactly the same, well, it would be plain disaster, as you sometimes need to give the password to a client or a co-worker.

          I just need to point out, that the forumla should not be too easy to figure out with just looking at a few known passwords. So adding more variables that are not so easy to spot helps.

      August 6th, 2008 J.L.
  14.

          Thanks, a nice article, I am using this in webpages, but it doesn't work in servers or pages that have harder security demands and passwords need to be changed periodically. If someone have idea for them, I'd like to hear it!

      August 15th, 2008 T.U.V
  15.

          More thoughts:

          There are some critical security threats: People should be able to understand/know which sites they should register this way.. If user registers her/himself to one or more malicious site(s) which/thar is/are set up to collect usernames and passwords, the owner of the malicious site (or a bot) may try to crack passwords againts other sites by finding and removing added characters of step 2 and adding new characters:

          If malicious site is for example http://www.malicious.xxx, and user has registered with a password 'mihwtmptr', it is pretty obvious that the added character is 'm'. If the user has registered also to http://www.safe.xxx, ofcourse at the first time the password collector tries 'sihwtmptr' as password :P

          There is always also a change that usernames and passwords of sites or services get lost (usually in md5) and are published, as we have seen too many times... And, as we have also seen, people use same too short passwords and usernames in different pages, and because of this real passwords have been calculated "from md5″.

          If usernames and passwords get lost and are published, this method gives more security, because md5 sums of passwords are not similar. But if plain text passwords are stolen (by malicious sites or somehow) and characters of step 2 have been taken directly for example from page's url or service's name, this method does not help much. It of course makes cracker life harder, because the same password does not fit everywhere. But it is possible that passwords of two or more different pages are stolen and/or published in plain text, and then guessing the method of step 2 may be pretty easy.

          So, some ideas: People should use also different usernames (which is not an option, because people want to use same usernames everywhere:) Using different usernames also not completely remove the problem. If parts of passwords remain same but usernames differ, and these have been got lost and maybe published, crackers may just find passwords with same stubs (in this case 'ihwtmptr'), collect different usernames and test them all against other pages.

          Also do not take letters directly from the name of the pages, f is not good for facebook, use instead letters next to the f, for example d or g or something else that does not directly tell the cracker the method of step 2.

          For "not so crusial sites" this is a very good method to remember passwords, but people should not use this method in every page!

          Do not use this 'ihwtmptr' anywhere, invent your own and use also numbers and capitals.

      August 15th, 2008 T.U.V

nguồn: http://www.ideashower.com/our_solutions/remember-just-one-password-thats-unique-for-every-site/