21 March 2018 category: business technology
In our last blog on cyber-security we explained why you should use a password manager to create super-strong unique passwords. We also explained in that blog why you should, wherever possible, use two-factor authentication to add an extra layer of security to website and app access.
But if you really don't want to use a password manager, then let's look at a way you can create unique passwords for each site using the site or company name to create a code to add to your strong password:
Step 1 - Create Strong Password
Create a strong, easy to remember but hard to break password based on a memorable sentence. Please see our blog post How To Create a Strong Password for details on how to do this.
For this example we will use the password from that blog post:
Step 2 - Create numerical code based on site or company name
Now take the first 2 letters of the website/app/company name you are creating the password for and, using the position of these letters on a qwerty keyboard, take the numbers that are above them.
Let's look at an example with Linked In. The first 2 letters are Li. On a standard qwerty keyboard the L is under the zero key, and the i is between the 8 and 9 keys, as shown in the diagram below:
So taking the numbers in order we get the code:
Step 3 - Change every other number to the corresponding symbol
Now change every other number to the corresponding symbol attached to that number.
Our number in this example is only 3 numbers so we only need to change the 9 to the open bracket sign ( like so:
Step 4 - Now add the code to your strong password
Now we need to add this code to your previously created strong password to create a unique password for the site. You could add the code to the beginning or end. But the best way is to split the code. A good formula to follow is to add the first 2 characters to the start and the remaining character(s) to the end, like so:
Voila, now you can have unique passwords using one super strong easy to remember password, and the site name.
There are many ways you could come up with to make this even more secure, the most obvious being using more letters from the name to generate a larger number, which I will leave you to go through on your own.
But let's look at a couple of alternatives you might use for altering the way you add the code, or generating the code:
Alternative 1 - Replace instead of prepend/append
Instead of adding the code to the beginning and/or end of our strong password, we could instead replace characters with the code. This is advantegous if the site has a maximum password length too short for your password:
Alternative 2 - Obfuscate the code
If you are super security conscious, you could consider changing the code using a memorable number to make it even less tied to the site name.
For this example we will use the meaning of life: 42 (See The Hitchhikers Guide to the Galaxy by Douglas Adams).
We multiply our original code by this known constant number:
890 * 42 = 37380
Then we apply the 'replace alternate digits with symbol' for that number key rule:
Then we can either prepend and append to our master password:
Although passwords generated in this fashion are certainly secure, and unique to a point, we really do think that you Should Use a Password Manager.
The passwords using this method are not truly unique, so if a hacker manages to obtain one of your passwords they have a better chance of cracking your other accounts than if every password is totally unique. Still, if you are dead set against password managers this is certainly better than using exactly the same password across multiple accounts.