Following a recent scare about password security folks have been asking what they should do to keep their information safer on-line.
Well, the obvious this is not to use the same password for every site, but it’s really hard to think up and remember new passwords for each site.
A couple of quick and easy ideas are to pick a word you can remember (but not something easily identifiable with you) and add some letters from the site you are visiting to make it unique.
For instance if your chosen phrase is “cheese” and you are creating a password for Twitter you could take the first two consonants from the site name (tw) and combine them “twcheese”. You could make it more complex by adding a special character and adding mixed case “tw$Cheese” or substituting numbers for letters “tw$Chee5e”. In the same way your password for Facebook would become “fb#Chee5e” – easy to remember, because of your rule, but hard for someone else to guess. If you’re feeling like making it even harder you could take those two consonants and shift them on the keyboard… up a row or across a character so the password becomes “gn$Chee5e” (f becomes g, b becomes n. The p, l or m would wrap to q, a or z for instance)
Of course this still means remembering the passwords, and sometimes a site may have specific rules that break your usual pattern (minimum or maximum length, complexity, use of special characters etc) so it’s nice to have a tool to help with that…
I use KeePass to keep track of those passwords for me (both ones I create and also for some sites I get it to generate random ones for me). It’s especially handy because for a lot of sites I simply have to navigate to the site and hit the hot-key and it will auto-complete username and password fields for me, so I don’t have to leave any information in my browser. KeePass secures your password collection against a master password (so you only have to remember one thing) or uses a physical key (so as long as you keep them separate it’s very secure).
Because I use a couple of machines I also use the KeePassSync plugin which lets you sync between Amazon S3 storage or DigitalBucket (a free online file storage platform). The only thing I wish I could do is carry the passwords around on my phone and use Bluetooth pairing or a USB connection to make sure I always had them to hand.