As companies increasingly shift some of their work onto consumers, we find ourselves having to create accounts on various company websites. And now, we have to register on more and more websites. It’s not easy to remember all these passwords because each site has its own security requirements: some require you to use your email address as a login, others prohibit it; sometimes you need to add special characters like $&!#, while on other sites, this isnât allowed. Some sites prohibit the repetition of characters in a password (e.g., no “111”) or force you to change your password every six months.
I once watched a stand-up show. A comedian said a brilliant line: “I log into every site using the ‘forgot password’ button.” Naturally, as the audience laughed at the joke, they were reminded of themselves. Iâm sure youâve been in that situation too.
Of course, you could use that method (youâll still have to remember your email password). It’s a rather labor-intensive way to log into your account. However, it might be useful when logging into sites like Facebook and Instagram. In this article, I’ll explain why.
There are a few approaches:
- Use the same password everywhere.
- Become a memory expert and learn to memorize all your passwords.
- Create a complex password system for different sites.
- Use a password manager.
Using the same password everywhere
Clearly, this option is not suitable. Let me explain.
Websites often get hacked, and none are immune to this. Sites like Adobe, Instagram, and Twitter have all been hacked.
And if major sites can be hacked, then smaller ones certainly can too.
Now, imagine you use the same password everywhere: Facebook, VK, Instagram…
Can you picture it? Youâll end up explaining to your friends why you confessed some secret to all of them and have to contact tech support about your stolen password. In the best case, youâll just be inconvenienced, but in the worst case, there could be financial damageâat the very least, stolen funds.
By the way, there are websites where you can check if your passwords have been compromised:
Have I Been Pwned: Check if your email has been compromised in a data breach
Leaked Password | Has your password been leaked?
Become a memory expert and learn to memorize all your passwords
Have you ever heard of people with phenomenal memories? Some never forget anything in their lives (there are such people, though they are rare), while others can memorize the order of cards in a deck within a few minutes.
In the latter case, although it seems supernatural, itâs not a superpower, but a well-trained skillâlearning to remember everything, including objects and their order.
You can learn this too, although itâs not easy. You could create a mental safe to store all your passwords, card numbers, insurance policies, etc.
If this interests you, I recommend a book that delves deeper into this topic: Moonwalking with Einstein: The Art and Science of Remembering Everything
For those seeking a simpler and less time-consuming method, letâs move on.
Create a complex password system for different sites
The next method from the âtrain your brainâ category involves creating a systemâa kind of code that only you understand, allowing you to create different passwords for each site without having to remember them exactly.
There’s an interesting article here:
Fix your terrible, insecure passwords in five minutes.
Daniel Levitin describes this method in detail in his book. Here’s a quote from the book:
âTo ensure both maximum security and relative ease in creating and remembering passwords, it’s best to come up with a formula or rule for generating them that youâll remember forever. Then, keep a secure list of websites that require passwords that deviate from your general rule. As a formula, you can use a phrase you wonât forget and take the first letters of each word. For example, the phrase could be: âMy favorite TV show is Breaking Bad.â
Letâs turn this phrase into a password using the first letters of each word:
MftsBB.
Now you can replace one of the letters with a special character and add a number to make the password even harder to guess:
Mft$6BB.
You now have a truly strong password, but as we said earlier, itâs important not to use the same set of characters for all accounts. You can vary the code by adding the name of the site at the beginning or end. For example, if you need a password for your Citibank account, you can use the letters ‘r,’ ’s,’ and ‘C’:
rsCMft$6BB.
And for your Mileage Plus account on United Airlines, the password will be:
UAMPft$6BB.
If a site doesnât allow special characters, simply remove them. In this case, the code for the Aetna clinic page will be:
AMft6BB.
With this approach, you only need to record instances where you had to modify your password creation rule. Without writing down the formula itself, you add an extra level of protection in case someone gains access to your list. Your list might look something like this:
Aetna clinic â standard (stnd) formula without special characters or numbers. Citibank checking account â stnd formula. Citibank Visa account â stnd formula without numbers. Liberty Mutual insurance â stnd formula without special characters. Water meter readings â stnd formula. Electric meter readings â first 6 characters of stnd formula. Sears credit card â stnd formula + month.â
In my opinion, this method might seem too complicated. So, letâs move on to a more convenient method that I personally use.
Use a password manager
This method, while controversial by nature, is very convenient. Itâs controversial because password managers themselves have been hacked in the past, and if someone steals your password managerâs master password, all your passwords will be compromised. However, theyâve improved over time, and itâs become much safer today.
There are many password managers available, and the internet is full of reviews comparing them. Some outperform others in certain areas.
Password manager companies donât know your passwords. Their databases only store encrypted versions. How the process of decrypting your password works is explained in this article.
So, the main advantages of password managers:
- You only need to remember one password.
- The password manager generates the most complex and secure passwords for you.
- Some password managers automatically change your passwords on certain sites periodically.
- They allow you to store codes for two-step authentication.
- Sync across your devices.
- The ability to create family safes and share specific passwords with family members.
The downsides:
- Most are paid services. There are free options, but youâll have to take care of password security yourself.
Security or anonymity
When it comes to information on the internet, thereâs always a trade-off between two positions â security or anonymity. If you choose third-party companies to store your data, anonymity suffers, in any case. But most likely, the security of your data is higher than if you stored it yourself. If anonymity is important to you, then storing passwords on cloud servers may not be suitable.
In my opinion, this is a vast topic that deserves its own separate discussion.
In short - there is a very popular option to self host passwords: