Since you are reading this, I’m going to assume that you have a password or two or 200. At a minimum, we have the password for work, our email, to unlock your phone, to your social media, and to your kid’s school site. Add to that – if you are part of the ~80% of the people you have online bank accounts, credit card account, travel sites, Amazon, other online stores, ETC! How many are we up to? At least 20 different passwords. I just counted, and I have 90 different sites with login/password combination to track. 90. Nine Zero. That is crazy.
Of course, most of these sites use my email address as a login (not all, though), but I am supposed to come up with 90 different passwords for each site. And, change them regularly. Or, some make you change them regularly. How is one supposed to keep track of these different passwords without writing them down on a post-it note stuck on your monitor?
Let me just say, you do need to take your passwords seriously. If you still have “password” as your password – you are running a risk of being hacked. Sites now usually require that you have a minimum of 8 characters and at least one uppercase letter and a number, but believe me when I say that Password1 is not going to protect your email. And, you might think that if you don’t have anything in your email that is worth hacking into, but it’s a gateway. If hackers see that you’ve used such an easy password on your email, they are going to figure you aren’t doing much better on your credit card account. And, you aren’t are you?
How are we to remember them all? We have established that we DON’T use a post it note, and we DON’T create a Word doc or an Excel spreadsheet with all our account login IDs and passwords, right? Here are some options:
- Low tech: Use the SALT method to create and remember all your passwords. What is the SALT method, you ask? You start with a unique word, phrase, date, event that is at least 8 characters long. Make it something that is unique to you – your grandson’s middle name, the restaurant you had your first date, a favorite character in a book or movie. This is considered the SALT term. I’ll use “The Daily Catch” as an example.
Now, make up five rules to do to the SALT phrase, for example:
- Replace all the spaces with ‘&’
- Replace any ‘o’ with ‘a’
- Replace any ‘t’ with ‘J’
- Replace any ‘s’ with ‘$’
- Replace any ‘l’ with ‘7’
The Daily Catch is now: Jhe&Dai7y&CaJch . When I check this password on “how strong is my password” site: https://howsecureismypassword.net/ I’m told it will take 157 billion years to crack it!
You are probably thinking – how am I going to remember that? Well, you don’t have to remember it, you just have to remember your SALT term and your rules. You can write down your rules, but you can’t write down your SALT term.
You have two options – one is to create different SALT terms for different sites, but that would be a lot to remember. The other option is to use this very secure password for all your sites – BUT, you have to change them every 3-4 months to be super safe.
- Low tech: Another low tech method I use is to first create several secure passwords (use the “how secure is my password site above to check them), then make hints for remember what they are. Document the hints, not the passwords.
For example, say you decide your password is going to be a combination of your favorite Aerosmith song and your first date with your significant other – DreamOn7479 – if you a ! to the end, it is very secure even though it has the very common pattern of letters then numbers. Even though you might remember the password, you might not remember which account you are using it on, so you can make a document (I actually use my Outlook for this – I store it in my contact “fields”), and store the password with the hints:
My Credit union: email/AerosmithDateBang
email – hint that I use my email address as user name
Aerosmith – hint for the song
Date – hint for your first date
Bang – hint for !
Let’s try another one. Maybe you have accounts for sites that are less secure – say a site where you store your photos. You don’t order prints or products from the site, you just upload photos for sharing with friends. This password doesn’t have to be super secure, maybe you even reuse it for similar sites where you never share any financial data. For this one, you use your dog’s name and your luck number with an added symbol for a little extra security: Marley11&. In your document, you’d write:
Photobucket: email/PetluckyAmp
Pet = hint for your Dog’s name – the initial caps lets you know that you have to capitalize it.
Lucky = hint for your lucky number
Amp = hint for an ampersand.
For your everyday passwords – the ones you use all the time and it would be bad if they are hacked, you could use option #1 above, and then for those accounts that you only log on once a month or twice a year – you could use the hint method. Make sure your encrypt or password protect your document though – just for an added protection. And please don’t save the document with the name “passwords”.
- High Tech – I save the high tech options for last. Why when this is a technology post? Well, the high tech options for password management almost always take more time and some have a financial investment. My blog is about the easy-to-do and easy-to-maintain options, and in this case, the high-tech option is a bit more effort.. I usually find that technology is worth it – but I haven’t used one myself, so I cannot say if that’s true or not.
The high-tech solution is to use a password manager. What is a password manager? It’s an application that will keep track of all your log in IDs and passwords. It will also generate new passwords for you. All you have to remember is one master password for the password manager. You could use the SALT method above for your master password so that you never forget it.
There are many password manager applications available. Some are free, some cost money (or cost money to upgrade features), and some charge a subscription fee. Most have extensions for the mobile apps, and all the different browsers and desktop apps.
If you choose to use a password manager, there will be some set up time when you have to go into sites where you already have your log in and passwords to register them with the password manager. Once this is done, it’s pretty easy to use. You log into the password manager first – like you are logging on to your desktop, then when you go to any site that requires logging in, the password manager will take care of it for you.
How do you remember all your passwords?
