Passwords are that necessary evil that we all deal with on a daily basis. Maybe you use pet names, profanity, or random strings of digits. Whatever it is, it’s probably not as secure as you would hope. If you happen to use the same password for most websites and one of those sites gets hacked, you have suddenly lost security on all of those sites. Additionally, if you've ever signed up for a little forum or membership site, the people who run it now have access to your email and password. Who’s to say they'll never get curious and try that combination on Gmail, bank websites, and so on.
To alleviate this problem, we have to build a personal algorithm that is unique for each website and is impossible to guess. First, let’s talk about a few pieces of information you can use in your password. Remember, you want to be able to recall all of your passwords with ease. These little bits can be random names, places, things, adjectives, and so on. You want to pick words that aren't directly related to you, but that you can always remember.
Let's first think of some random words we could choose from. Here's a great website that supplies random words just for this purpose.
behind greatly best substance aware pole hollow bridge railroad twice
As the base of the password, let's grab two of these words to string together: awarebridge. I'm already liking this password. Completely random and nonsensical, but super easy to remember. Just imagine a bridge being cognisant of the cars driving over it day in and day out.
Now we want to add a number that will change every year. You or your kid's age is a little obvious, so let's take your age and double it. I'm 26, so my password so far would then be: awarebridge52.
With two random words and seemingly random letters, we're getting a stronger password now. But what if this password leaks on the internet? Every account of yours would now be vulnerable. So lets add a unique identifier for each website. If we're making a password for Facebook, we could add FA to the end: awarebridge52FA
This is great! But let's say this password does get leaked and the hacker understands that FA is for Facebook. It would be easy for him or her to try different websites from here. So let's add one final letter to make the identifier more obscure. These could be any letter, but should probably be constant for all your passwords: awarebridge52FAQ
There you have it. No one will ever guess this without brute-forcing themselves through a million combinations of characters. Better yet, it’s easy to remember, changes every year on your birthday, and is different for every website.
Let’s make up some alternate passwords you could make for Facebook specifically:
If you're really paranoid, you could throw a symbol somewhere in there for good measure, but make sure to pick one that's commonly accepted online for passwords. Many websites have severe restrictions on which, if any, symbols you can use.
Also be warned that some websites have a maximum length restriction. Oftentimes they might cap you at 16 characters. Some websites might even go as low as 10 or 8! If that's the case, make an alternate password that's truncated just for those websites.
Now Update Everything!
Now that you have this bulletproof password, you must change it on all websites where you have accounts. This part is important. If you don't fully adopt your password, it will always be hard to remember your old, obscure passwords. To find most of the accounts I have created up until now, I searched in Gmail for keywords like “password,” “account,” and “profile.” As I went through and changed all these passwords, I made a Google Spreadsheet to store the websites and usernames used (but not the passwords themselves!). I did this so I can easily see which websites I need to update every year when I change my password. It’s a lot of work, but well worth it once complete. It’s also useful for websites that require you to use a different username than your normal one (Chase bank requires a number in your username…). The beauty of the spreadsheet is that it doesn't actually contain any passwords, just websites and usernames/emails to use as reference.
Once you've complete all of these steps, you can sit back and bask in the glory of internet security. It's a wonderful feeling.
Update: this article has been edited to suggest an even more secure algorithm for password creation.