Do you have 1 universal password for every thing you do online, or do you follow best practices and create a unique password for everything? If I had to wager a guess I would say a majority of users create 1 or maybe 2 passwords that are both easy to remember and used for multiple websites. Even though security experts say that it’s smart to create a new password for each online activity it’s not always easy to adopt this strategy, here’s why.

The most obvious reason people use 1 or maybe 2 passwords is that it’s easy to remember their log-in credentials for multiple sites. Many people want to create an “easy to remember password”, in fact many websites encourage visitors to “pick something they’ll remember” so they pick their pet’s name and add some numbers, and they might capitalize some letters in hopes to throw off would be hackers.

More often than not people create easy to guess passwords that look something like: Fluffy1998 (this is the year I adopted my cat fluffy so I know I’ll remember this password). The problem with Fluffy1998 is that it’s considered “weak”. There are automated attacks that could crack this password in a matter of minutes, but the visitor doesn’t think or care and clicks submit and is now a member of the newest online community.

So we know the problem, how can we create and manage our passwords?

Step 1. Create Stronger Passwords:

Let’s tackle the problem starting with creating a “strong” password. I have two suggestions.

1. The first method to creating a strong password is to pick a phrase that you can remember, for this example I’ll use the phrase: “My favorite author is Stephen King and in 1978 he wrote The Stand”. Let’s see how we can turn this into a strong easy to remember password:
   My favorite author is Stephen King and in 1978 he wrote The Stand. The produced password looks like this:
   MfaiSKai1978hwTS
   
   When you type this password just recite your phrase as you type and you will be able to remember a 16 character “strong” password.
2. The second method for creating a strong password is to use a password generator. My favorite password generator was created by Steve Gibson of GRC (Gibson Research Corporation) and can be found at: https://www.grc.com/passwords.htm There are three types available, generally selecting a subset of the 63 random alpha-numeric characters will suffice. The security community recommends a 20 character minimum to prevent brute force… but anything over 12 should be fine in most circumstances.
3. Create a password using one of the two methods above. Now let’s move onto step 2 managing passwords.

Step 2. Managing Passwords:

Note: Though I will mention one piece of software below that I use, this isn’t a software tutorial. I encourage you to learn more about the software mentioned by visiting the site and downloading a copy.

1. I highly recommend downloading a password management application. I use “Password Safe” originally written by Bruce Schneier but is now an open source project. Using password safe you can easily manage multiple strong passwords without having to remember any of them. The only password you’ll need to remember is the password to unlock your password safe. (For the remainder of this article I’m going to be referring to password safe as my choice for a password management application).
2. After downloading and installing your password manager you’ll need to create a new password database (this is where you’ll store an encrypted version of all your passwords for every site you visit).
3. During the phase of creating your password database you’ll be prompted for a password that will be used to lock your safe. Enter the password you created in step 1 of this article (if you haven’t created a password from step 1 do this now), this password should be strong enough to keep all your other passwords safe. The only way to “open” your password safe in future uses is to supply this newly created password.
4. After your new password safe has been created you can start adding new passwords to it (for the various sites you log into). For each new entry in your password safe my recommendation is to copy a subset of characters from the password generator at GRC to ensure that your getting a strong enough password. After creating your a new password make sure you save your database. Now you have a very strong password to use online that is unique to a specific site. When you want to use a password for one of your sites, simply open your password safe, double click the entry for the site that needs authentication and your password will be copied to the clipboard. You can then paste the password into your site’s log-in box. (note that if you minimize password safe to the system tray or close password safe after copying a password it will clear the clipboard, you’ll need to retrieve your password from the safe again in order to paste it)
5. Generally when I create an account to a new site I open my password safe and create a new entry for the site. I have a different entry in my password safe for every site I visit ensuring that I follow best practices.

If you follow the steps above for creating and managing passwords you should be much more secure online.