Passwords

A sensible way to keep track of them




It seems so many web sites require you to create an account. This leads to hundreds of passwords. One needs a second computer just to keep track of the passwords for the first.

There's an easier way.The types of accounts that really need a secure password are few. Bank accounts, brokerage accounts, credit cards, retirement accounts really need a secure password. For convenience, call these Type-1.

Then there are accounts that may have a credit card number but are secure. These are sites like Amazon or PayPal. See our Computer Help topic on Shopping On-line here for more information. These need a relatively secure password, but not as secure as a Type-1. Call these Type-2.

Then there are all the rest, where NO financial information is at stake. Theft of the password will do no harm. Passwords are more of an annoyance. Call these Type-3.

General Password Security

Wikipedia defines a password as a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource.

Unlike websites, passwords may be upper case, lower case, numbers or special characters. The characters in a password are not converted to lower case. A secure password takes advantage of this and uses them all.

A secure password is not trivial, and does not spell a word in the dictionary. A common method of attack is to try all words in the dictionary. Computer can easily do that.

A secure password does not say something commonly known about you. Don't use a pet's name, spouse's name, child's name, telephone number or address. Anything that is common knowledge should be avoided.

A secure password should be changed at least every six months.


Ideally a password should be easy to remember but hard to guess.

 

Type-1 Password

Use these for your most secure accounts. Things like bank or brokerage accounts where serious money is at stake. You will probably only have a few of these.

The password for these accounts should contain upper case, lower case, numbers and special characters.

Something like mAc#mi11k1nU@I11 is secure and easy to remember.

It consists of:

  My initials mAc with the center letter capitalized.

  A # special character.

  My school mi11k1nU, Millikin University where the L's and i's are 1's

  An @ special character

  The state where Millikin is located - ILL where the L's are replaced by 1's

This meets all the requirements of a secure password and something I can remember.

It should be changed twice a year but using simple rules for substitution of letters makes it easy to remember.

Here's a few examples:

Try it with a few phrases that you can easily remember.


An alternative method for Type-1 passwords is to download a freeware password generator program like one found at TUcows here.

Or use a web site to generate secure passwords like goodpassword.com

 

Type-2 Password

Type-2 passwords are much less secure. They are for places like Amazon or PayPal where you may have a credit card on file but they offer outstanding security. Pay Pal offers a small password generator for around $5 that generates a unique six digit password when it is pressed.

you can use the same rules for Type-2 passwords but with a single word, and they can be changed every few years.

See Shopping Online for more information.

Here's some examples of easy to remember Type-2 passwords:

 

Type-3 Passwords

These are the annoyance passwords where no financial information is at stake. Many on-line merchants want you to create an account. Do it so you don't have to enter your address all the time but don't let them save your credit card number. See the C4s Shopping Online Help Topic for reasons not to let every merchant save your credit card number.

Ignore all the secure password rules for Type-3 passwords. There is nothing important at stake.

You can use a pet's name, spouse's name child's name. It doesn't matter if someone guesses the password.

I have used my dogs name at 100's of merchants where my credit card is not on file. Also newspapers like the Atlanta Journal or the NY Times want you to create an account to send you junk mail. Here I use a webmail account (see Email) and my dogs name as a password. The web mail filters out Spam, and no important information is at stake.

Check the security of your passwords or those above at How Secure is My Password.

 

There you have it. An easy way to remember all your passwords.