Somewhat safer passwords for all your 95 social networks and web x.0 services

January 24, 2008 by alex

The reality: We are all lazy bastards so most uf us have one single password they use for all their accounts (am I not right?). Some of us have 2-3 passwords for different levels of trust, so the bank account and credit card sites get one, personal email gets one and all the other sites get another. A bit better already.

My suggestion: One password per site (hey I’ve heard this before). But here’s the trick (and the catch at the same time, because the passwords are similar and can hence be hacked more easily). I will use the following convention to generate a separate password that is (for me) easy to remember for each site:

Take some random sentence:

This is my personal very secure password for [...].

Say you need a password for twitter, this sentence becomes:

This is my personal very secure password for twitter.

The password will be the first letter of each word in the sentence, so for this example it’s Timpvspftw. I’m actually using the first two letters of the site’s name so the convention works for twitter and t*** (uhm. insert name of another website starting with t). To make things a bit more secure, you should change your scheme, e.g. use the last letters, or alternating between last and first.

Using more or less random letters from a sentence to generate a secure password is nothing new. It actually has been recommended for years (decades?). My only addition to this is to use the name of the service in that sentence, so you can have separate passwords and still remember them easily. And they should be fairly secure, as long as your scheme of choosing the letters and your sentence are random enough (I’m still using something different for my bank account though).

Of course the whole would be much easier with somethingh like OpenID everywhere, but until then go and make up some funny sentences for your passwords.

This entry was posted on January 24, 2008 by alex.