Exploring the ways to simplify generating and remembering those pesky passwords.
Intro
Greetings, fellow netizen! Allow me to test my hacking skills and take a wild guess at the password you use for every vital account under the sun. Take a moment to ponder it for X units of time…
Aha, could it be “thepassword1234” or perhaps “112233445566778899”? I see, you’re one of those elite 1337 users who swaps out letters like “O” for “0”, aren’t you? Then your password must be “4dm1n1str4t0r”.
Problem
Let’s cut to the chase, friend. In this frenetic digital age, it’s crucial to have a robust and distinct password. No more weak links, no more compromises. Protecting our virtual identity and confidential data should be of utmost priority.
However, in this fast-paced world, when we encounter a Signup screen, we are taken out of our comfort zones for a moment and faced with an additional hurdle - concocting a strong password that we haven’t used elsewhere. It is stressful, annoying and a challenge we’re just not in the mood for, I know.
Now, I will not talk about the necessity of using a decent password manager or insisting that you MUST be using 2FA for every single account. I won’t do it, because you already know these things, and they’re already on your never-ending todo list, I know.
Instead, I will show you a method I have personally used for years, to keep my passwords relatively strong and easy to remember.
Solution
I tend to categorize the accounts I sign up for into different levels of security. There are at least 3 levels I tend to use and I will try to give you an idea of how it works.
First of all, I lied a little earlier - I don’t remember my actual passwords. At least most part of the password is just gibberish to me. But what I do remember though, is the method I use to come up with the password. And that’s the secret sauce - the method. I will show you an example of what that method could look like. But after reading this post, I want you to get crafty and come up with your own method, tailored to your taste, with your personal touch.
Let’s break down the method in a few set of rules. We will take the weakest password of them all - “password” and make it more complex with these simple steps.
-
Looking at the keyboard, I want you to type out “password”, but swap each letter with the one that is one row above. Most QWERTY keyboards are staggered, meaning if you go up a row from any key, you’ll have two choices like on the diagram below:
Choose at your liking. I will go for the left hand side keys. That’s our number one rule for this method - swapping letters with the top-left ones. Now, this step might differ if you use an ortholinear keyboard, but bare with me on this one.
Before After p 0 a q s w s w w 2 o 9 r 4 d e Now suddenly our “password” becomes “0qww294e”.
-
Let’s take things up a notch with the second rule - if we ever get to the row of numbers, we will be using
Shiftkey, therefore adding special characters automatically.With this new rule in place, our progress looks like this:
password -> 0qww294e -> )qww@($eIt is much better, don’t you think? And it only took us 2 simple rules that we can easily remember.
-
Now if you are anything like me, a short password like that will scratch that part of your brain, so our third rule - if our original password starts with consonant, add odd numbers (from left to right) and if it starts with a vowel, add even numbers.
Now let’s check our progress:
password -> 0qww294e -> )qww@($e -> )qww@($e13579 -
And finally, here comes a personal touch - a “salt”. Developers will be familiar with the concept, but for those who aren’t in the know, it is just a random string we will attach to our password above. This is where you could use the password you use everywhere perhaps. Basically something random, fancy and something you will never forget.
For my example, I’ll use the leet-speak code
k4rtv3l1. It’s random, yet stylish. To attach my salt to the generated password, I’ll use the trusty colon:character.password -> 0qww294e -> )qww@($e -> )qww@($e13579 -> )qww@($e13579:k4rtv3l1
So we took password, applied 4 easy rules, and we got )qww@($e13579:k4rtv3l1.
Now let’s discuss the unique part of it. What if we added a little twist? The next time you sign up for an account, use the name of the website or service as your starting point instead of “password.” This way, each site will have a unique password. As long as you remember the method, you can make it as simple or complex as you want.
If you have multiple accounts for a website, why not include your username in the mix? For example, if I’m registering at kartveli.dev and my two usernames are rick and morty, then instead using just “kartveli” as the starting point, which is the website name, I would use “kartveli:rick” and “kartveli:morty”.
Excercise
On that note… using the rules/method we outlined above, what would be the password when signing up for kartveli.dev? Take your time to do it yourself and let’s compare the results below.
kartveli -> iq45f3o8 -> iq$%f#o* -> iq$%f#o*13579 -> iq$%f#o*13579:k4rtv3l1
Conclusion
I hope I have sparked some curiosity in you to try out a fresh approach to password security. I mentioned that I tend to use at least 3 levels of security. What I mean is, I’ve got about five distinct rules up my sleeve, and I add or remove them based on the significance of the account. If it’s just a random website that doesn’t mean much to me, I’ll use the first two rules along with a separate e-mail I have for such websites. For most crucial accounts, I’ll apply all five rules.
You might be wondering, “how do you even remember which rule goes where?” Well, friend, it’s like second nature to me now. But even if I make a mistake on the first try, I know precisely how many rules I need to apply to hit that next level of security.
See, I did not talk about the necessity of using a decent password manager or insisting that you MUST be using 2FA for every single account. I did not do it, because you already know these things. I know, I know you know.
Thank you for reading and stay safe out there.