We all know passwords are important. But how do you set up secure passwords for multiple accounts, and still remember them all? I love a good system, and I have one for my passwords.
How to set secure passwords
There’s no point setting up a system of easy to hack passwords. All you passwords should be of a decent length – 8 characters is the the minimum recommended to protect against a ‘brute force’ attack (trial and error using computer generated guesses).
A tip to generate a strong but easy to remember password is to use a phrase. You can add extra security by incorporating a foreign word, or an unusual place name, as it is more difficult for algorithms to pick these up.
You should include capitals (not just at the start) and some numerical or special characters (i.e. not just letters).
Never use easy to guess data like your house number, year of birth, children’s names, sports team etc.
Set up additional security
Wherever you get the option, set up two-factor authentication, which means that accounts will need two separate steps to access. This is usually a password, plus entering a code that is sent to your phone or email. I try to create multiple options in case I’m overseas and need to access something like a bank account without being able to receive texts.
You can also make use of biometric security on your phone.
Don’t re-use passwords
You shouldn’t use the same password for more than one account, but these days almost every website wants you to sign up before you can read content or make a purchase. So how can you avoid generating hundreds of different passwords?
The first thing you can do is to use a password manager like a Google account or AppleID where possible. This gives you the overarching security of a ‘master account’, and generates totally random passwords for individual sites.
The second thing you can do, is to only generate unique passwords for really critical accounts like your workplace account, bank accounts (including PayPal), email, and Google account or AppleID. I then use the same password for any ‘low risk’ accounts like signing up to newsletters or for customer accounts where I’m not storing any critical information. Credit card information is typically stored with a third party payment provider, so it’s usually ok to use a generic ‘low risk’ password for online stores. This means that you only need three to four individual passwords.
Change your passwords regularly
Most workplaces require you to change your passwords regularly, and you should do the same with your personal passwords. A handy tip to do this in a systematic way, where you don’t need to create a brand new password each time, is to change one character or number at a time.
For example, for a password like ‘Mynumber1townisUlladullah’ you could change the number each time you update it. You can then keep a note of which number you are up to, without needing to write the whole password down (it goes without saying, but never do this!!).
Another system, is to replace each letter with a different special character each time you update. In a password like ‘Haikuwriter’ you might replace the ‘H’ with # for the first version, then replace the ‘a’ with ‘@’ for the next. Again, you can keep a note of which letter you are up to with replacing, without needing to write down the whole password.
Any other handy hints for setting passwords?