Passwords. The proverbial pain in the backside we all have to deal with. Using strong, secure passwords is just a smart thing to do when visiting websites. And we’re told to use a unique one for each site. How is that even possible to remember? There are many different companies willing to store or generate all of your passwords for you, like LastPass, PassPack, KeePass and others. If you feel comfortable with an independent company having access to all of your passwords, then that may be the way to go for you. If, however, you would feel better having a different, secure password, for each and every site you visit, and never forget a one, then read on.

Below I will teach you a formula that I use for creating secure and unique passwords. I’ll try to be as concise and succinct as possible but it may be a little wordy because I want you to get it the first time. Once you’ve got the concept down and decide on the formula you will implement, it is quite easy to use and remember. If remembering your passwords has been a source of aggravation for you, then please take the time to read through this paper. It could render the rest of your life free from password recall aggravation.

So what constitutes a good password? There are two variables to work with: password length and password characters. Password characters are the set of characters, which can be used to type out a password on a standard keyboard.

For example:

Password characters available:

lowercase alphabet – 26 characters
lowercase and uppercase alphabet – 52 characters
lowercase and uppercase alphabet and numerals (alphanumeric) – 62 characters
alphanumeric + all type-able symbols found on your keyboard – 95 characters

Password length available:

Your password length is only limited by the password system employed on the particular site you’re visiting. Most websites require a password of at least 6 characters in length. Some sites require you to have at least one upper and one lower case letter. Some require the addition of a number. And yet others require you to use a special character. Some do not allow special characters. Our goal is to design one password formula that will work for all sites. For the example explained in this paper, I will design for an 8-character length alphanumeric password. An 8-character length password made up from a 95-character set, will yield a total of 6,634,204,312,890,625 possible different password combinations. I’m comfortable with that.

So… How do we do it? It’s quite easy. The only thing you will have to remember in order to design a unique, good password for each site you visit, is a formula. This formula will be made up of numbers and letters, of whatever length you decide. We’ll design a password for the sample site http://www.anysite.com. To keep this formula very easy to remember, I’m going to choose that the formula be made up of four numbers and four letters. The numbers will be, 1,2,3 and 4 and will be the same in all passwords. Then I’ll choose 4 letters, two of which will be capitalized. The letter choices will be derived from the website URL that I am visiting. Next, I’m going to choose which letters I will use from the URL. Determine and select the position of the letters that you’ll use on every site, e.g. the first four letters, the last four letters, the first two and the last two, or the first one and the last three, whatever you like. This preferential letter position will be absolute across all websites. If you decide to use the first three letters after www and the last letter before .com, then it’s position one, two and three, plus the letter in the last position, for every site. To make it simple, I’ll choose the first two letters after www and the last two letters before .com for the password of every site. Again, these are the positions of the letters that we choose from the name of the URL e.g. the first two and last two of the website http://www.anysite.com would be the letters an and te. I don’t use the www or the com as letters in my formula. This way you’ll always have different letters for every site.

The next thing you have to decide on is which letter(s) you are going to capitalize. We’re going to choose to always capitalize the first two letters. So now we have four numbers, 1,2,3 and 4, and four letters AN and te. The next step is to combine the numbers and letters. For this example we’ll assemble the password by choosing two letters, AN. Then two numbers, 1,2. Two more letters, te. Then two more numbers 3,4. So our password for http://www.anysite.com, using this formula of two letters, two numbers, two letters, two numbers, looks like AN12te34. That’s it. The only thing you have to remember is a four-digit number of your choice, or a three digit, or a five digit, whatever you’d like, plus a simple formula that you’ll follow for every site. I’ve used this system of creating a formula for passwords, for quite some time now and I have never forgotten one. And with 6,634,204,312,890,625 possible different combinations from just an eight-character password, I feel pretty secure.

To recap, building your formula will require you to decide on five items:

1) the character length of your alphanumeric password
2) how many letters and how many numbers will you use for every password
3) what position in the URL will those letters come from, e.g. first two, last two
4) which letters will be capitalized, e.g. the first one, first two, the last one, etc.
5) how you will arrange the characters, e.g. two numbers, two letters, two numbers, two letters, etc.

The last two items we need to cover is special characters, and the sites you visit that have fewer characters in their URL than you have in your formula. You’ll need to choose a default for both of these. Sites that require a special character are few and there are more sites that don’t allow them than there are sites that require them.
So, decide on a default special character that you will use on any sites that require it, and in which position you will place it, e.g. in the beginning, in the end, in the middle, etc. If we chose a dollar sign as our default special character and http://www.anysite.com required a special character, the password would be AN12te34$.

The last rule you’ll have to determine is what to do when presented with a site URL that has fewer characters than your formula requires. One that I can think of is American Airlines. The URL is http://www.aa.com. If I’ve chosen to use an eight character formula, comprised of four letters and four numbers, I’d have to come up with two additional letters to keep my formula consistent across all websites. I’ll choose the default letter(s) to be z and I will always place it in the last letter positions. You can choose any letter(s) and use them in any position, as long as you use the same defaults on every site you come across that would need them. So using our formula of two capitalized letters, two numbers, two lowercase letters, two numbers, our password for American Airlines would be AA12zz34.

I hope I’ve explained this clearly. My goal is to lend a hand and relieve you of any password recall aggravation. If you have any questions just send me a note or feel free to call me at 508.725.9000.

Best regards,
Michael

Great strategy, @mgoes – I’m going to move this over to the Small Business club since it’s not limited to Facebook

True @Mac.  Password security increases exponentially as you increase the character count.  One can design a password formula to any length they choose.  Having a formula allows the user to have a unique password for each site.  Without a formula one would have to commit to memory, or record somewhere, many passwords. While long passwords are more secure, many sites limit password length and some don’t allow special characters.  So, even if one chooses to use just one password, they ultimately will have to modify it for some sites.  For me, I’d prefer to memorize just one formula that allows for the creation of an endless number of passwords, than memorizing a single password, and its variants, to use across all sites.  

@Mac  I get it.  You’re a professional IT guy and combinations of long words work just fine for you.  That’s great and I’m glad your content with it.  I am not trying to convert anyone who is satisfied with their own system, even if it’s sticky notes plastered over their work area.  If they’re good with that, I am too.  I’m simply hoping to help others who are frustrated with their current method.

Personally, I would not use a combination of dictionary words.  I’m just not comfortable with that.  And, I’m not comfortable with using the same password for every site, no matter how secure it is.  Hence, one formula committed to memory that yields unique and secure passwords is the solution I’ve chosen.  For me, it has proven to be less complex than my having to remember multiple long passwords, and I tend to believe it may work for others as well.

Maybe you could help me to understand why you’ve put more effort into trying to find value in what I’m offering than spending time doing something positive, since you are clearly satisfied with your own way of doing things.  I am not proposing that having a formula for password creation is the be all, end all, for everyone.  I’m simply sharing, what I’ve found, to be an effective solution, that has worked for me.  And, hopefully will for others in the club, who may have been confronted with the same source of frustration.  That’s all. 

You’re a bright guy @Mac  That’s why I’m having a hard time accepting that you have read my posts in their entirety.  Nowhere did I suggest that you were trying to convert me.  What I wrote was that “I am not trying to convert anyone.”  And from what I understand, you offered an easy way to make a password, and variations of it, not unlimited unique passwords that can easily be remembered.  Can we please stop now.  I’d prefer to spend my time helping those who can benefit from it.  If there is anything I can do for you in the future, feel free to ask.  Spread the love bro.  Good night.

and you always get those strange sites. We use Verizon internal tools and I have:

• one that required a password including one of 5 special characters – the others are not valid
• one that requires a password that does not start with a letter or special character
• one that requires passwords 8 to 20 characters long, and the password I was using was 22

@mgoes useless when you get to a site where you have to change password.

Either you change every password or jut that one by adding a different special character.

Then, a month later you have to change change the second password. And then the third and the first a second time. Then the 4th and 2nd. 

And then your average users have that piece of paper because they have too many passwords. Unlimited passwords.

I have to apologize to you @mgoes, I didn’t realize that people were not allowed to have an opinion that didn’t match yours.

I changed my password to “incorrect”. That way, if I forget, my computer tells me “your password in incorrect”

Oh, my. Is this something I should worry about? I’ve been so happy without thinking this hard.

Mac, “incorrect” , now that’s funny!! @richardmclaughlin

Some people call me ignorant. I prefer “blissful.”

Work passwords (I love this) 6-9 character, lower case. Obviously security is not important here :0

I am interested to hear the answer to this question posted by @atlantarobin 

Has SME changed it’s policy on posting full articles as a forum starter? Also, can we now post our phone number in the clubs as was done here? @deairby @andrea-vahl @mgoes @richardmclaughlin @kristi-hines @rich-brooks @mike-stelzner