Blog

My eldest recently approached me, mid-way through creating himself a Steam account, and asked me the question "Dad, what's a good password?"

"Good question!" I answered, and launched into my explanation of creating himself a password scheme, before I realised this is something to note down properly.

Before I start: passwords are a pain, but the magical password-less future is still some years away yet. So this is important.

Using the same password everywhere is a problem. Don't do it.

Instead, adopt a password manager (I pay for Bitwarden on the basis that it's a powerful tool that works in a simple way and is very, very affordable) but I appreciate fewer people use a manager than they should. So instead; adopt a password scheme.

First, find something you cannot fail to remember. Lyrics, a haiku, the opening line of your favourite book, an address, whatever. It doesn't matter what. For the purpose of this illustration, I'm going to adopt a quote from Thanos in Avengers: Infinity War:

"Dread it. Run from it. Destiny arrives all the same."

Next, shorten your chosen phrase to something representative that you will always recall - I'm simply going to take the first letter:

DiRfiDaats

Then you need to make an effort to establish what service you're using. So if it's Google, Amazon, Facebook, etc - then decide how you're going to remember it. For simple purposes, I'm going to take the first three letters:

• Google becomes Goo
• Amazon becomes Ama
• Facebook becomes Fac
• ...etc

Then pick a number you remember. Even if it's your birthdate! For this example I'm using four basic digits:

0123

Then: put it all together.

That's it. It takes longer to write down and explain than it does to actually start using it. For example, using this scheme I would immediately have unique passwords everywhere:

• A Google account password could be GooDiRfiDaats0123
• An Amazon account password could be AmaDiRfiDaats0123
• A Facebook account password could be FacDiRfiDaats0123 (although deleting Facebook is a better option :p)
• ...and so on.

To adopt a scheme such as this, you only need to be able to remember three things: the phrase, the number, and how you chose to identify the service. Armed with that, you instantly have passwords for every service you sign up to, that are unique and won't be found in any dictionary. The entire process is as complex as you want to make it - for example, your phrase could be "Ninety-nine green bottles on the wall", which you could shorten to 9T9gb->wall if you wanted. It's entirely your choice how you go about the process, just make it personal so that you don't forget it!

I've been using a scheme like the above - admittedly, a more complex one than this example, but you get the idea - for at least a decade and up until the point I started using Bitwarden - which made me even lazier at recalling passwords - it never failed.

The only issue I ever ran into was what to do when you get the inevitable "our database has been compromised"-style email and are forced to set a new password. For this, you have many options, but appending an indicator to a changed password is a good idea - perhaps ^2 for the first change, ^3 for the second and close your account with anyone who gets hacked enough to change your password a third time!

Nonetheless, even in the age of data breaches - especially in the age of data breaches - it's vital that you aren't using an easy password everywhere, and remembering a scheme such as this is simply easier than remembering lots of different passwords on their own.

Give it a try next time you're faced with a password change prompt - start slowly, convert a few sites and over time it will become second nature to establish your passwords in this way.