Like most people, I have dozens of accounts for various websites, services and software. Unlike most, however, I have a unique, strong password for each site – and can remember every single one. And so should you.
Here’s both how I do it and why you should, too.
Let’s start with the why. In January, online shoe retailer Zappos.com fell victim to a cyber-attack, involving parts of their internal network and systems. The hackers were able to access millions of customer accounts – including names, e-mail and snail mail addresses, phone numbers, the last four digits of credit card numbers and, perhaps most damaging, cryptically scrambled passwords. Zappos reset passwords for the affected customers, but the real consequence lies in the customers’ other, non-Zappos accounts, which for many people will unadvisedly use the same passwords. Bank accounts? Email accounts? It’s hard to say. Using clues gleaned from the Zappos breach, the hackers may now have enough bits of information to gain access – and do some serious damage.
Think that’s a stretch? Not so much. The Zappos incident was merely the latest in a series of cyber breaches that includes megacorporation Sony. The unauthorized access of people’s Sony accounts resulted from their reusing their usernames and passwords across multiple sites.
Unfortunately, too many of us use similar passwords for most of our online log-ins simply because it can be hard to juggle and remember different passwords for the dozens of accounts we have. But the Zappos breach is a great example of how dangerous that can be. To be safe, you should always create a unique and difficult-to-crack password by developing an algorithm.
So, how do you go about creating an algorithm that works for you? One idea is to take the name of the website, add a number that is meaningful to you, and then add your own personal twist, for example spelling it backwards. So your password for Yahoo would become oohaY4669. The more steps in your algorithm, and the more unpredictable each step is, the more secure your password. Regardless of how you choose to structure your algorithm, once you start using it to create your passwords, you will be able to remember any of them by applying it again.
Moral of the story: create your own unique password algorithm and never forget it.