Thursday, July 30, 2009

Tips on managing online passwords

My wife and I have had had several discussions about Internet security and online passwords. Why? Because my Facebook account got hacked over the weekend. We probably all know that accounts can get hacked, but can you imagine the headache if your accounts shared the same passwords? What if you couldn't get into your e-mail account anymore? What if you couldn't access your online banking accounts? (that wasn't the case in my situation, so I didn't lose control of my e-mail, blogging, Twitter, LinkedIn, eBay, PayPal, or any of my bank accounts. I was able to send a Tweet to all my followers to warn them about my Facebook situation).

If you have a common password that protects your personal health record (PHR), then you could be exposing yourself to potential hackers. Do you consider your health record more important than your banking accounts?

Many of us have a variety of online accounts. Do you use the same password on several accounts? You're putting yourself at grave risk if you do that. I admit that there was a time when I used a few passwords among different accounts. However, I now have unique passwords for every account and I use a systematic approach so that I can easily remember every one.

Allow me to share a few Internet security tips:
  • Never use the same password on multiple accounts. This may lead to someone hacking your Facebook account and then eventually getting access into other things (like your bank account, PayPal, credit card accounts, etc.)
  • Never use a dictionary word as your password. Using "wojljsdflkwe" is better than that any word that would appear in a dictionary.
  • Never use numbers that reflect your personal profile. Don't use numbers that may reflect your birthday, your address, your phone #, etc.
How can you systematically create a unique password for each website so that you can remember your password easily?

Suppose you really like the word "Amazon" as your password. It's 6 characters, so it works as a password on many websites. Let's see how we can use this word to create unique passwords for 3 different websites. We'll use the unique letter(s), common number(s), common word technique. This is a very basic technique that works quite well if you're a newbie at this.
  1. The unique letter(s) is based on the name of the website. Choose the 3rd and last letters of the website title as your unique letters and this becomes the first few letters of your password.
  2. Choose a common number. Let's choose 16 (legal driving age). This is the second component of your password.
  3. Choose a common word. Let's choose "zamazon" (I love to shop on Amazon, but we don't want to use a word that can be found in the dictionary, so we'll add a "z" to amazon). This becomes the end of your password.
When you combine these elements, we end up with 3 unique passwords for the following 3 websites:
  1. Paypal: the password would be "yl16zamazon" (y = 3rd letter; l = last letter)
  2. Chase: the password would be "ae16zamazon" (a = 3rd letter; e = last letter)
  3. Google: the password would be "oe16zamazon" (o = 3rd letter; e = last letter)
You can get really creative using this technique and you can develop unique password patterns for every website that you visit. You could end with your unique letters. You could flank your common numbers/letters around your unique letters. You could also choose different patterns for different types of websites. For instance, for banking sites, you may choose to start with the common number and end with the unique letters. For social networking sites, you may want to use the method in reverse (or change your common # or letter). You may want to have one common word for websites that start with a vowel and a different common word for websites that start in a consonant. Once you have a series of consistent patterns, you only need to remember your common number(s) and common word(s). This can reduce your risk for password theft which could lead to identity theft and a series of other major headaches. If you're married, you don't have to share your actual passwords with your spouse. You simply have to explain your method and share your common words/numbers. Let your spouse go through the exercise of coming up with a method. Sounds like fun, doesn't it?


  1. Thanks Roland. Of course, Ellen gets all the credit for this one!

  2. This article was incredibly helpful. I've always known it was best to have different passwords for different sites, but trying to remember all of them seemed like a nightmare. This system makes all those passwords unique and manageable