Over the past few weeks, I’ve been asking every new prospect and client, how many Internet passwords they have to remember. The question has several levels.
“How many places on the Internet do you log into on a regular basis”, I ask
Usually the answer is 4-8.
“What about associations, alumni sites, facebook, myspace, LinkedIN…sites that you may not access every day?”
Usually the answer is “another 10 sites”
“Ok, what about sites that you have signed up for, but may only need to log into once in a blue moon. Examples, account management for your cell phone provider, your 401K account, sites like classmates.com, etc”?
Usually the answer is “10 or more”
“Lastly, what about sites you signed up for and you do not expect to return to in the next year. Althought you still may need to access the it in the future to update account, billing or contact information?”
Typically I get 20, 50, no idea, or “lost count”
This is when the average sales rep or recruiter realizes they have anywhere from 25-100 (or more) places they have have passwords to. (Personally, I have well over 200 and I’ve lost count).
Then it gets fun.
“Do you use the same password?” I ask
95% of the time I get a …….YES.
This is a security nightmare. What happens if facebook or myspace or one of these well trafficed sites gets comprised? Then someone has YOUR password to all the other sites you use.
Yes, there are password managers. I am not a fan of them. You can’t take them everywhere and computers do crash. Today, I present a humanistic solution to password management.
It’s a simple concept I call password schemas. It starts with picking a core password and then modifying it based on the attibutes of the place you are using. I am going to use my dog’s name as an example of a core password. Her name is Captain Janeway, so the core password is CaptJane (for those of you thinking it…no, I don’t use my dog’s name).
Password schemas, used badly, can be dangerous. You could expose all your passwords should someone figure it out. However, using a schema is far superior to using the same password everywhere. The more creative you get with the schemas, the better your protection is.
Here are some schemas: (I just made up names for these). For each schema I am going to use mail.yahoo.com as the site example
Alpha front/end: using the first letters of a site in front or end of your core
yaCaptJane CaptJaneya ( “ya” comes from first letters in “yahoo”)
Syllable front/end: use syllables of the site in front or end of your core
yhCaptJane CaptJaneyh (“yh” from first two syllables in “yahoo”)
Keyboard replacement: In the password below, I used the key above each of the letters “CaptJane” on the keyboard. Example: the “D” key is above the “C” and the “q” key is above the “a”, etc. Downfall here is that may need the keyboard in front of you to remember your password.
DqmbUqhc
Alpha front/end + keyboard replacement. Combining schemas
yaDqmbUqhc
Vowel replacement: replace O with 0, replace A with @, replace E with &
Keyboard wrap: if the site name starts with a “y”, start with y and use the next 7 additional characters to the right. If you hit the last letter, wrap around to the other side of the keyboard.
yuiopqwe (yahoo)
ghjklasd (google)
hjklasdf (hotmail)
These are just a few ideas of password schemas. One of my favorites is to replace vowels with full words: example A=Alpha, B=Bravo, C=Charley. The key thing is to sit down with a paper and pen and create your own. Be creative, have fun and come up with something that you will remember. Make sure it would be hard for someone to guess your password by looking at a few examples. The combinations are endless.
Captain Janeway & Donato
(she thinks she is a lap dog)