An editorial yesterday in the LA Times called ...
One of the Most Useful “Web” Tips I Have Ever Learnt: Unique Password for Every Site.
Here’s a neat little trick I learnt a long time ago and it’s allowed me to have different passwords for different sites for as long as I can remember.
Step 1) Pick one alphanumeric password you know you will always remember. Something like: “tuca3212″
Step 2) From now on just remember that above alphanumeric password and add the first 4 letters of every sites name before (or after) that above password.
An example:
Say you were logging into Twitter.
Your password would be:
Twittuca3212
If you were logging into Friendfeed.
Your password would be:
Frietuca3212.
Discussion - 24 Comments/Pingbacks RSS feed for comments on this post
-
Aprenda a criar uma boa senha na internet! // justplay.info
[...] a criar uma boa senha na internet! Segundo um post do The Next Web, existe um jeito bem prático de não esquecer mais as senhas para os muitos serviços aos quais [...]
Exactly what I have been doing during the past 3 years. And I thought I had a unique idea that noone will ever have again! :-P
Or, just get 1Password (Mac / iPhone) and have a unique, strong password without having to remember a thing.
I hear ya Aaron but 1st you have to pay and 2nd it’s a pain if ur on a computer other than ur own, 3rd it’s just one password u need 2 remember…
Brilliant idea :) (note to self – if I’m as clever as I think I am, why didn’t I think of this ??)
One point to remeber is that, depending on where you use this methodology, you may HAVE to include one or more numerics, and / or special characters somewhere in the password.
Just make sure you have allowed for this in Step 1 :)
Not an expert in security, but doesn’t this make it easier for a cracker to hack into your accounts ? (as soon as he acquires access to one of your accounts and recognize the password pattern)
But will not that also be used against you, all the cracker now needs to do is guess your ATM PIN :D
I agree it’s very wise to use different passwords for everything. But I use the firefox plugin Sxipper to randomize my passwords and later log in with them. So even I don’t know my passwords. I don’t know whether Sxipper syncs over multiple computers, but you could use foxmarks for that.
Just as Lucas pointed out, this technique is pretty easy to understand and if someone has access just to one password(phiser, exgf…) it will guess the other ones. What I suggest is making it a little bit more complex by instead of adding the first letters just add the number of characters of the service like this 00XX. So if you have friendfeed for example you do it like 0010masterpasswaord. There are a lot of combinations but this could be a start.
Visit http://supergenpass.com/, create the bookmarklet and get strong, unique passwords for every domain!
Definitely an improvement over using the same password everywhere, but the most secure solution of course is to use strong, completely random passwords on every site.
Recommend Roboform – takes all the hard work out of this. Works on all your browsers (except Chrome of course…grumble), and you can sync your logins across multiple machines.
Not a bad Idea.
I’m using Roboform too. I thinks it is worth it. I’m always see this on online guru’s toolbar when they make screen capture videos.
As part of our research I read your article with interest.
ID Fraud Prevention starts at home.
We at OEM Partnership take ID Theft & Fraud seriously and have developed a software program that hides your sensitive data and enables access to it via a Picture of your choice.
No more Usernames and passwords to remember.
If you feel your passpicture has been compromised, simply change it !
Check out our free trial at
http://www.picturepin.co.uk
Thanks
Brian
Sensible enough! You just got to remember all those passwords to avoid problems. Thanks for the tip!
That actually doesn’t solve the problem. Having such a unique password for every website you use, still depends on a suffix. Say somebody knows your password for your Twitter account, now she can also get into your gmail (she just needs to replace the first 4 letters.) In short, it’s a *very* bad practice to even do that :)
completely agree but you just need to make it a little more complicated that’s all. I was just trying to keep things simple for illustrative purposes.