Friday, April 27, 2012

Since got hacked, I figured I would share my password generation method.  By memorizing one very short number, such as 5724, plus some simple rules, you can create a strong, secure password that is unique for any site you use, without having to remember the password or use any kind of USB fob or password management software.

I'll just jump in with an example.

First, come up with your four numbers.  Doesn't matter what they are, I'll use the 5724 mentioned above.  What each of these numbers mean is some kind of rule (offset or addition) to our password.  My rules might look like this.

5 (go up five letters from the first letter of the domain)
7 (multiply the number of letters in the domain by 7)
2 (go up two letters from the last letter of the domain)
4 (capitalize the fourth letter)

After you've remembered your numbers and what they mean, there's no more remembering, the rest is just generating the password.

Suppose we wish to create a password for

Rule #1 says to go up five letters from the first letter in the domain, so "C" => "H".
Rule #2 says to multiply the number by the letters in the domain, 7x3 = 21.
Rule #3 says to go up two letters from the last letter of the domain, so "N" => "P".

So with our two letters we use the first three letters of a name.  Perhaps for this example, we turn H and P into "Harry" and "Peter," which would truncate to "har" and "pet."

Or if you're a fan of the phonetic alphabet, "Hot" and "Pap" (Hotel, Papa).

Combine these with the number and you wind up with har21pet.

Lastly, our final rule says to capitalize the fourth letter, so our password is now har21Pet.  Easy peasy, lemon squeezy.

If a site you use gets hacked, it's very unlikely that they'll have your password to any site.  Further, by looking at the password, they'll have no idea how the domain name relates to your password -- cnn bears no resemblance to har21Pet -- and it's extremely unlikely that your password is har21Pet anywhere else.

Heck, add one more rule and it becomes extremely unlikely to have a dupe.  ie, your additional rule is to simply add the number of letters in the domain to the end, har21Pet becomes har21Pet3 in the case of CNN.