How I remember passwords for 200+ accounts, each being strong, different & incomprehensible

December 17, 2009 Comments

With so many stories of accounts being compromised and hacked, I decided to ditch my habit of using 1 or 2 hard-to-guess passwords and figure out how to create strong passwords that are different for every site, but are still easy to remember and unreadable to a hacker. Why? Because I don’t like the idea of the same password for every single site. If one account is hacked, someone could have access to all of your accounts.

I have over 200 online accounts and counting, mainly because I test and play with a ton of online services. Here’s how I successfully remember them ALL, even though each one is different.

Let’s get started:

Since using dictionary words aren’t a good choice for passwords and I wanted to be able to input the password as fast as possible, I came up with a simple algorithm that combines a non-dictionary password with letters or words from the name of the company, or website URL.

The most common password requirements I’ve seen are one capital letter, numbers and a minimum amount of characters. I decided to nail of those requirements in one shot to avoid having to use multiple versions of passwords.

For demonstration purposes let’s choose a pretty good password using a made up word that is somewhat easy to type. How about: Cerefter225.

Then, take a part of the company name or website URL and add that to the password. We’ll call this the site code. You could choose the first syllable, the first few letters, last few letters, last word, etc. Pick whatever you want. I’ll choose the first 4 letters of the URL. So for Facebook (http://facebook.com), I would use face.

Next, figure out where you want to add your site code into your password. Some examples would be faceCerefter225, Cerefterface225, or Cerefter225face. For our example, we’re going to be adding ALL of our site codes to the front of our password, every time. Here’s what our thought process would be: navigate to a website, think of your site code (face), and add that to the password. Since we decided to add it to the front of the password. Our password for Facebook would be faceCerefter225. Myspace? myspCerefter225. Google? googCerefter225. Yahoo? yahoCerefter225. It requires a little extra thinking at first but once you nail down the process you’ll be doing it no problem.

But I said “strong” passwords, didn’t I?

This is probably a bit overkill for most, but I went a step further to ensure that my passwords are pretty human-UNreadable. Instead of adding the site code at the beginning, end or middle of the password. I decided to combine them on the fly. It may sound a bit tricky, so I may post a video of me in action so you can see what I do on my computer and mobile. First I click into the password box and type my password: Cerefter225. Then I move the cursor back to the front of the password box by hitting the “Home” key, and embed the site code into the password. I do this by hitting the Right Arrow key between every letter of the site code. My final password would be: fCaecreefter225

Confused? I thought so. My keyboard strokes would look like this:

C e r e f t e r 2 2 5 [Press-Home] f [Press-Right] a [Press-Right] c [Press-Right] e

One of my right fingers hits the Home and Right keys, while my left fingers hits all of the rest.

I know it sounds difficult, geeky, and weird. But it’s the easiest way I’ve found to create passwords that are strong, different, easy to remember and unreadable.

Now, the EASY part:

The final step in my password workflow is Lastpass, the online password management service that is cross-platform and stores your passwords encrypted on their servers. Watch some of their videos online to understand how it works. Using Lastpass, I’m able to type most of my passwords one time and have them stored on Lastpass so I can have one-click login to my websites using browser plugins, bookmarklets or mobile apps. It’s works great.