A long time ago I picked a password I thought was great and I used it everywhere. This password is now what I call my “Throw Away” password. I have used it since 2001 and I use it whenever I sign up for a new service that I’m not worried about security on. I also have a “Common” password for trusted sites that don’t involve my personal information (YouTube, Netflix, Facebook) and a “Secure” password for very personal sites (Email Accounts, Banking, Bills). Below I’m going to tell you why you need at least two types of passwords and what the definition of secure really means is in terms of a password.
Why You Need Multiple Passwords
Hacking happens all the time. Not the hacking of you per se, but the hacking of websites with shoddy security practices. Let me give you an example of why you should reserve one password for your “Secure” sites and use a “Common” password for others. Let’s say you sign up for an account while buying a book at a random, previously unknown online retailer. This retailer has not taken it upon themselves to encrypt your password on their server and their server gets hacked. Now the hacker has your email address and your password. If you used the same password when signing up for the book site as you do for your email, they now have access to your email account. With access to your email, they can submit a “Forgot Your Password” request on many websites and get the email delivered right into their hands. With the email in hand they can change your password, and take over your various accounts.
The Solution is Very Simple
Create a new secure password for your email account, which of course you can fully trust since you’re all using Gmail now. Now that you have your new secure password, this password should only be used on sites you can really trust to keep your password encrypted and protected. Nobody is perfect, but large scale sites like Facebook, Twitter, bank sites, online bill pay sites, and any other site you really trust can usually be relied upon to keep it secure, or to alert you immediately if there’s a problem so you can change your password quickly. Then if you do have to change your password, you know the few sites you’ve trusted with this password.
Your other password I called “Common” should be the one you use on sites you don’t grant the same level of trust you give your bank and bills. Sites like Netflix and YouTube are fine to use this password on. This way if something happens to those accounts the most you’re out is some time in getting access back to your account and you avoid the full scale onslaught of your digital life.
What is a Secure Password?
I’m a big believer in a memorable, usable password. If your password is so complex you have to keep a record of it somewhere, especially if that somewhere is on a sticky note on your monitor or under your keyboard, then it’s not secure. Your password needs to be at least 8 characters, because so many services require this nowadays, and it needs to have some complexity to it.
A Method to the Madness
Having a password like “Dj#wP3M$c” is complex, but it’s just not necessary in most cases. What if instead you used a fake email address like “firstname.lastname@example.org” as a password. It’s got symbols, uncommon words, and it’s really long which would make it extremely safe. For added security you could even capitalize "My" and "Dogs".
Another method is to combine two easy to remember words into one. Take the two uncommon words (according to most password dictionaries) “Method” and “Secure”. We could mesh them together into “MSeetchuorde” and have a very secure yet memorable password. I don’t really like this method, but it may work for some. A variant of this is a theory new to me where you make your password at least three words with a space between them. So based on one smart guys research, "Fluffy Bunny Pillow" is easily one of the most secure passwords you could create simply because it has spaces in it. Note that the spaces are key. If a site won't allow spaces and you like this method, use something like an underscore "_" to fill the gap.
Personally, I prefer to create a new password by placing my hands on my keyboard and randomly typing something that comes out naturally and includes some numbers and at least one capital letter. An example I’ll do just for this article is “Solin234”. Try typing that a few times and you’ll find that it’s very easy on the hands, can be typed really quickly, and it even kind of sounds like a real word, which will make it easier when you try and memorize it.
Change your “Secure” password at least once a year just to be on the safe side. To be honest, I do it more like once every 2-3 years, but I also don’t take Facebook surveys and I don't get computer viruses. If you’re confident in your computer skills like me, then the regular changing may not be as necessary.
Tell me your favorite method to the password madness below in the comments!