Create and Remember Secure Multiple Passwords

I was asked by a co-worker how I keep track of so many passwords for so many accounts, all of which have to change annually. I told her I use a custom formula in my head that allows me to determine what a password is on a given account. I don’t have to remember 100 passwords, only the formula.

Password Basics

Passwords are the oldest and most widely used form of authentication, but also the weakest. To get the biggest bang for your buck, you must choose a password that incorporates as many character variations and the longest length possible. That means numbers, letters (both uppercase and lower), punctuation marks, any symbols allowed by the system, and at least 8 characters in length. If you are logging into multiple systems or websites, varying your password is also recommended. If a password is compromised, you don’t want the attacker to gain access to every account you own on a single password. Each account a user holds should have its own unique password.

You will want to develop a personal method of managing multiple passwords. That way you will only need to remember the method, not each individual password. To develop your personal technique, open your mind and create something easy to remember but hard to guess.

Create a Multiple Password Formula

This is an example. Design your own using any number of things. Take characteristics of your life that are static and some that are dynamic. Let’s create a 10 character password that is different for each system or website, and will be changed every year. We’ll need to create a formula that is simple to remember.

John Smith
Spouse: Kristen Smith
DOB: 04/12/1972

A fictitious password for a Fidelity account.

1st and 2nd character
The first and last letter of the computer or website’s name.
“fy” for Fidelity
This should change for each account. If the computer is named Yoda the characters would be “ya”; if it was Bank of America “ba”. Therefore, we have unique passwords for each account.

3rd character
A separation symbol
“.” A period
Includes a non alpha numeric character to increase the number of password possibilities if attempted to crack.

4th and 5th characters
Capitalized initials, but the last letters
“NH” for John Smith
Adding capitalized letters doubles the password possibilities value of using alpha characters.

6th character
Another separator
“_” underscore

7th character
Last number of my year of birth plus the last two digits of the current year
“0” for ’72 plus ‘08
Used as an easy mathematical equation that varies from year to year.

8th character
Capitalized first letter of Significant other’s name
A simple & easy to remember letter

9th and 10th characters
The last 2 digits of the current year
Another revolving couple characters that are used when changing passwords yearly.

Now when John Smith logs into Fidelity he types in “fy.NH_0K08” which is much better than him using a birthday “04121972.” Instead of just 10 to the 8th power in possibilities, this technique has given him much more security against password crackers due to the incorporation of so many character types.

Once you have a method of your own constructed, it will only be a short time until you have the formula memorized and it becomes just as simple as typing in a birthday. For John Smith all he has to remember is first and last letter of website, period, capitalized reverse initials, underscore, last number of DOB + year, capitalized K (note the ones that are capitalized are initials which is an easy association), and the current year.

You could get however extreme you want with your own technique. Maybe taking the first letter of the site “F”, finding its place in the alphabet “6” and using that to determine which letter in your name to use. John Smith – 6th letter – “m”. You see? This could get as difficult as you wish. Just make sure your not using the same password for each account and that it changes at least yearly.

Password Reset Concerns

If you had a password formula such as this, you would rarely need to have your password reset. The questions often asked for password reset authorization are, in reality, a second password. A fellow security blogger wrote an article titled, “A Different Approach to Password Reset” that effectively outlines such concerns. Below is an excerpt.

Mother’s Maiden Name – public record
Street you grew up on – can be findable.
Place of Birth – discoverable
Name of Pet – guessable (top list of pet names on Internet, or just check their facebook)

Do yourself a favor and create your multiple password formula now.