|Building blocks of perfect passwords...|
If you're here, it means that you're curious about learning how to eliminate the headaches involved with creating and maintaining many, many unique passwords over time.
In the post mentioned above, I said that if you make up small password elements and then arrange them in various ways to create individual passwords, you'll end up with strong passwords that may in fact be easier to remember.
How's that possible? It's actually as simple as 1-2-3:
- Select information that you know like the back of your hand
- Break up that information into discrete pieces of data
- Use those pieces of data to assemble a password
You actually can ... but only if you do it this way.
Let me illustrate the process with a dead actor: Laurence Olivier.
With just that information, I can create several 2 to 3 character primary password elements that are essentially meaningless in themselves.
Element 1: LKO (which can appear as lKo, Lko, lKO, etc.)
Element 2: 507 (i.e., May, 1907)
Element 3: DUK (which can appear as dUk, Duk, dUK, etc.)
Element 4: 89 (i.e., 1989)
Element 5: PP (which can appear as pP, Pp, or pp)
Element 6: FD (which can appear as fD, Fd, or fd)
I went with Laurence Olivier because he is an actual favourite of mine; with the exception of his birthplace, I didn't have to look up any of the above. (Although, for the record, his information does not/will not figure in any of my passwords, current, past or future.)
The thing is, you can pick anyone for this method, famous or not. Everyone has a name, is born somewhere, dies somewhere, and there are dates attached to both events. (If you choose a living person, use some other significant life event.) Whoever you pick just has to mean something to you so that you automatically know the individual pieces of data. And yes, while your Facebook friends might know all about who you like and dislike because you've been careless about what you've posted, it will still take a lot of guessing on their part to know who you've based your password on. Not to mention that it's virtually impossible for them to figure out how you've broken up the data, even if they knew who the person is.
Here is how the password creation magic happens.
Suppose that I want the combination of Element 5 / Element 1 / Element 4 as the building blocks of my passwords for shopping sites. (By the way, I would recommend that you come up with 6 elements so that you can use any 3 at a given time; you might even want to ensure that half are composed of numbers.)
This means that
is one variation of a base password. (Again, the elements with letters in them can be changed up by mixing upper and lower case.)
It's important to note that the result is not a word, uses mixed case, and contains both numbers and letters. In short, it has all the important characteristics of a good password. (One might fault it for lacking length and/or special characters, but we'll deal with that in a moment.)
Okay, so let's change this into a specific password for a specific site, like Amazon.
First, decide on how you'll do this for all shopping sites. For example, I'm just going to take the first and last letter of the site's name (amazon) and stick them in lower case between the three elements like so:
Done! You have a unique password.
Consider the many different ways that you can incorporate Amazon into this base password and you should start to have some appreciation for how this method of password creation works over time.
You may recall that I talked about having different types (classes) of passwords in my post. I don't have social media accounts, but most of you do. Let's keep things simple and use the same base password for social media as for shopping. (I'm sure you realize that you can make this more complex by using other/more elements or by putting those same elements in a different order.)
Suppose we use syllables as the way to individual track social media names. Facebook is then fb (or Fb or fB or FB), Twitter is tt (or TT, or tT or Tt), and Instagram is isg (or Isg or ISg or iSG or... you get the picture). Decide also on the use of upper/lower case; I will pick lower case for the first character and upper for the remainder.
In terms of format, I'm just going to put one instance of each name at the beginning and end of the base password. Therefore, here is an example of a password for your Facebook account:
And here is a password for your Instagram account:
That's all there is to it.
Some basic recommendations or tips to keep in mind...
To accommodate the odd case where you are required to keep your passwords to 8 alphanumerics, keep your base elements to 2 or 3 characters each. That way, you can still use a few of them without exceeding that limit.
Some systems won't accept anything other than alphanumerics. For that reason, keep special characters out of your primary elements, but do try to add them to individual passwords when you can. For example, you could decide to add a special character to your Amazon password so that it becomes:
I can hear some of you already: these passwords are still gibberish, how can I remember them?
Admittedly, it takes a bit of practice to remember what order you've chosen for your password elements. But keep in mind, the elements themselves are based on information you know. (For example, I still see Pride and Prejudice, Laurence Kerr Olivier and 1989 in all of the above passwords.) If anything, keeping track of the appropriate use of upper/lower case is the real challenge.
Don't forget that you can use these same basic elements for several generations (i.e., years) of passwords and still have them all be different. Over time, you'll learn to recall what the actual password is.
The important thing is that this method can break your habit of using the same password for everything. Combined with my spreadsheet solution to help you plan and track your passwords, this will ultimately amp up the security of your online accounts.
Helpful, yes or no?