I have a
technique for making
passwords.... I'll share it here in part because I actually kinda deviated from it in making my password for
E2, but in general it works well -- least ways, I've never had a problem. It will sound complicated, but if you use the method regularly, it'll just get incorporated into your thinking and remembering your passwords with no difficulty.
Now here's the starter advice. You should never use the same password for two different
websites. You don't know who from
Microsoft can access your
Hotmail password, or what
Facebook employee can see your password there, or who has that privilege on any random forum to which you might post. That doesn't mean that you have to come up with something completely novel for every website either -- instead, you'll need a
basename, an
algorithm, and a
formula to bind them.
The basename will be a set of 6 to 8
letters and
numbers that is a
constant. Do NOT just throw the numbers at the end, that's what people trying to hack your stuff will look for. Do NOT use a word that relates to something close to you -- your
pets name, your mother's
maiden name, the
street you grew up on. Don't even pick the word consciously, because even your tendencies can be hacked by a clever enough
social engineer.
Here's what you do. Pick a
book off of your
bookshelf, doesn't matter which. Flip it open to a
random page and put your
finger on that page in an equally random way. Whatever word you're pointing at, scoot over to the nearest 4-5
letter word. Doesn't matter what it is, you own that word now. That's part of your basename -- but words are easy even if they are random, so make it NOT a word.
Spell it in
reverse, then mix it up a bit more. I just did this and the word I picked was
merit, so I'm flipping that to
tirem and then, just to make it even less wordlike, I'm pretty much randomly moving the first letter to the next-to-last position:
iretm. Nothing I have ever told anyone about myself, posted on the
Internet, or discoverable through any
public document, connects that string of letters to me.
Now we add numbers, and we scatter them inside the word. Any two numbers will do, so long as you do NOT use a sequence in your
birthdate. I just picked 56 at random, and the thing to do is insert these numbers in random positions in your string of letters:
i5re6tm. Now, you're not done yet, but getting close. Pick two more random positions and add blank spaces there, these will code the specific website the password is for. So now I have
i5_re_6tm. The
underscores are not part of the code, they just stand for something that will be stuck in there, namely an algorithm for the website to which this particular password applies.
Take
Everything2, for example, if I want to use this as my password for E2 then I'll be substituting a shifted E and a shifted 2 in those spaces. Shifted how? One or two letters up or down is the easiest, and since the exact letters won't be in the blanks, an outsider looking at your password will have no starting point for figuring out that you are using a
pattern at all, much less what the pattern is. I'll
downshift by two (I think downshifting is less
intuitive than upshifting), and E2 becomes C0, so my password for this site under this
construction would be
i5cre06tm.
Seems like it would be hard to remember, but once you start using variations of that for every website, all you need to remember is
i5_re_6tm, and that you are downshifting your website
identifiers by two. G-mail will be
i5erek6tm (e and l substituted for g and m). If you still have fears of someone figuring it out, do the website identifiers backwards (
i5kree6tm).... If the website is just one word, use the first two letters (so Google = go = em =
i5erem6tm; IBM = ib = gz =
i5grez6tm; Mac = ma = ky =
i5krey6tm.
That's all there is to it; now go forth and get thine passwords hacked no more.