Stay Informed
Suggested Site

▸ Simple to add and manage gift lists for yourself, your kids, or your business

▸ Secret gift coordination

▸ Duplicate gift protection


www.FAMIGR.com
Click to see a demo
Click to see a demo
How can I help you?
Contact Jeremy

Password Tips and Tricks

It's impossible to expect people to be able to use a password like j8^bEr3$k7 without writing it down or worse. But does that mean that if you don't make your passwords long, complex, and mostly meaningless, you're at risk? Not necessarily. There is a middle ground.

The Phrase Trick

Caution: Popular or famous phrases aren't a good option.
Caution: Popular or famous phrases aren't a good option.

While short phrases and exceedingly famous ones are likely in hacker dictionaries, the vast majority in the world won't be. "Four score and 7 years ago" would likely be no good becuase it's so well known, but "The needs of the many7of9" would.

Phrases are great because they're very long, but at the same time very easy to remember. No matter what you pick, be sure to make it abnormal in some way. To simplify this, I recommend you come up with personal password rules that you'll do for all your phrase passwords. For example:

  • Always capitalize each word (Capitalize Each Separate Word)
  • All numbers spelled out or written using numbers (forty four, 44)
  • Use * instead of spaces (this*is*a*sentence)
  • Replace the word "the" with "bat" (It was bat worst of times)

It doesn't really matter what you choose, just be consistent. It won't do you any good to remember the phrase, but not the changes that you made to it.

The Suffix Trick

The suffix trick is a method of quickly taking weak passwords and adding length and complexity to them in a simple way. For example, say you have three passwords at three different sites: cat, money and camero.

These are all strikingly weak passwords, but you may have used them for a long time and not want to get rid of them. Fair enough. But take my advice and you can secure them all without changing them too much.

To use the suffix trick, first pick your suffix. Here are some suggestions:

  • @site.com – Where "site" is any word you want and ".com" is any domain (like ".gov", ".org", ".co.uk" etc.). Here you are making your password into something that looks like an e-mail address. The beauty of this one is that it adds special characters and good length while being super easy to remember.

    For example, you could use "@hubris.jp" or "@gonzo.uk". Note that using country codes works well because they're more random than ".com".

  • 2^3=8 – Math is great because it's all numbers and symbols, but it's easy to remember and understand.

    2+5=7
    9-1=8
    6*10=60

    See?

  • 3141592 – Pure numbers. This is good for sites that don't let you use special characters in your password. You can go completely random, but in this case, it's pi. Another really great trick here is to use a number that means something to you, but no one else. For example, a friend used his 6-digit employee number from a company he used to work for.
  • three3 – Numbers and letters. Again, useful for sites that don't let you use special characters.
  • &7sh3 – This is truly random. Pick something as complicated as you can think of (so long as it's only 4 to 6 characters). This is better than some of the other picks because even if a web site admin looks at your password, they probably won't figure out the trick (where some of the other suffixes are pretty obvious).

    Again, good length and now your passwords have numbers AND special characters.

Now that you have a suffix, you're going to go to every website and webservice that you can and add the suffix to your passwords. No matter how long or hard the suffix is, since you're using the same one everywhere, it becomes easy to remember.

For example: cat2^3=8, money2^3=8, and camero2^3=8

Even if someone were to figure out the trick you're using (which is unlikely unless they can already see several of your passwords), they still have to guess the rest of your password (which will be at least as strong as your password was without the suffix).

The suffix trick is the quickest and easiest way to increase your online security right now.

In other words, there's a chance that someone might be able to figure out your trick and your passwords lose the extra security, but in all other cases, your entire online web presence has become more secure with very little effort. This is the least you should do right now until you have time to pick better passwords for your more important accounts.

For a quick and easy proof of this theory, go check your current password at the online Password Meter and then try it again with your chosen suffix.

The Levels Trick

You don't really have to have a completely unique password for absolutely every online account. The question to ask is, "what level of password is needed?"

Low Level

For example, I have a special account name and password combination I use for any site I don't like, don't trust, don't care about or think I'll never come back to (but that has something I want and requires registration).

For those sites, I use my "throwaway" information which might look like this:

  • Username: Hotdog
  • Password: relish808

Even if a site requires e-mail address as a login, I still use the throwaway password if I just don't care about them and if that account gets hacked.

Now, if I ever come to a site that requires login and I think I might have been there before, I can try my throwaway information first and see what happens.

Mid-level

For sites that would be inconvenient, but not drastically bad to lose control of, I use what is probably the easiest possible way to make secure passwords that anyone can remember. Here's how it works:

  1. Pick rule that you'll use on a website's name. It doesn't matter what it is so long as you are consistent and use it the same from now until you die. For example, let's say I choose 5 characters, proper case (meaning the first letter is uppercase and the rest lower).
  2. Next, choose a suffix from above. Math is pretty easy, but anything is fine so long as you pick a good one.

So now you have two pieces. Put them together like this:

If the site is… Then the password is…
yahoo.com Yahoo4*4=16
bofa.com Bofa4*4=16
telegraph.co.uk Teleg4*4=16
youtube.com Youtu4*4=16
bettycrocker.com Betty4*4=16

Note that because bofa.com (Bank of America) is less than 5 characters, I stop when I run out. Your rule could be to fill the fifth slot with the '&' sign or whatever you want.

Now you have good length, upper, lower, numbers and special characters, but the second you see the website, you instantly know the password since the suffix is the same EVERYWHERE and the rest of the password is based on your rule.

High-level

All accounts that protect your money, your reputation, or privacy should use your strongest, most important, most secure password of all. For example, take your most important online account of all… your e-mail. "E-mail? Are you kidding!?", you say? Actually, I'm not.

These forms make every account at risk if someone can get in your e-mail
These forms make every account at risk if someone can get in your e-mail

What you see here is a password reset form. Using it, I can enter your e-mail address and a quick verification number that's shown on the screen and they'll either send the password back to me or reset it to some random value (which they'll send to me). Either way, if I'm in your e-mail, I can unlock your account.

Because of password reset forms, access to your e-mail account is access to your world. Keep your e-mail account secure!

For these websites, I most recommend using the phrase trick or anything that's both long and complicated. If you have to write it down, go ahead, just don't keep the password in an easy-to-access place like your wallet or laptop bag.

If you use these tricks, you'll be more safe and secure than the vast majority of people though you still need to protect your passwords.
Guide Navigation
prev: Bad Passwords|INDEX|next: Password Protection

Making Good Passwords

To understand what makes a good password, let's talk about what makes a bad one first.
Making good passwords can be complex, but here are some tips and tricks that will make it easier.

Password Protection

Once you've taken the trouble to make a good password, the next step is to keep it safe!
Now that you've done all this work, you have to learn the most important rule of all: DON'T GIVE THEM AWAY!

1 Comment to “Password Tips and Tricks”

» Comments RSS Feed
Jtag diagnostic: For best performance, put a 'no_image.gif' generic image for missing images in your root graphics folder

[…] TheGeekProfessor.com has a few ideas on password components that I have modified slightly to create this method.  Use a math equation you can remember, but spell some of the numbers phonetically to add letters and complexity. […]

IDENTITY THEFT
How to Steal Identities - Why It's So Easy
Credit Freeze
Data Defense
Credit Monitoring
Id Theft Insurance
The Identity Theft Victim's Mini-Guide to Recovery
PRIVACY
The Geek Privacy Principle
Nothing to Hide
Data Abuse
RFID - Radio Frequency IDentification
Privacy Alias/Persona
Data Defense
INTERNET SAFETY
Online Addiction
The Consequences of Posting Online
Photo Safety
Tricks and Scams
Account Hijacking
Trusting Companies
PASSWORDS
Bad Passwords
Password Tips and Tricks
Password Protection
Password Mugging
Computer Security
E-mail Safety
Kids and Computers
Shopping Online
Retailers
All About Warranties

Bad Passwords

To understand what makes good passwords, first check out some of the worst passwords out there and what makes them so bad.

[Click for full description]

Password Tips and Tricks

It's impossible to expect someone to make good passwords by just giving them some rules. There are tricks that make your passwords secure and easy for you all at the same time.

[Click for full description]

Password Protection

It's really a skill to come up with secure passwords that you can remember. Once you've learned how, remember that it doesn't matter how good you are if you don't protect your password properly.

[Click for full description]

Password Mugging

A disturbing new practice among websites and services is where they ask you for your user name and password to other sites. I call this "Password Mugging"

[Click for full description]