What you’re about to read will undoubtedly be more most important thing you’ve ever read online.
In today’s world, your password is the key to your life. Think about it for a moment – we use passwords for virtually everything and every web site we visit. Our entire lives hinge on this thing called a password.
What if someone had the password to to your email account, online bank account, FTP password? Scary thought isn’t it. It’s enough to make anyone who cares straighten up and get tense. While nothing is 100% secure, there are things you can do to minimize the horror of someone accessing your life – your online information.
Since most every web site you visit today has you log in for one reason or another, we’re always asked to create an account and to choose a password. Keeping track of those passwords becomes a chore and most people make the grave mistake of doing one or both of the following..
1) We either use the same password for multiple sites or..
2) We write down our passwords.
What we’re about to show you is how to make sure that every web site you visit will always have a unique password, you’ll never have to write it down, nor will you ever have to remember it. Sound too good to be true? Keep reading.
Similar to World War II where the United States and other Countries spent a lot of money and lost a lot of lives trying to break the German’s encryption codes or Cypher. What we’re going to do is to suggest that you create your own cypher or password scheme. Your new password scheme will become your personal password manager.
To explain this, you and I are going to create a very simple password scheme. Before we begin however, let’s pretend a few things…
1) Today is January 1, 2015.
2) Your birthday os February 2, 1974
3) Your best friend’s name is George
Let’s get started and follow along closely.
You’re at Amazon.com trying to make a purchase and they are asking you to choose a password for your new account. To do so, we’re going to use a very simplistic password scheme.
The password you’re going to give Amazon.com is going to start with the first 3 letters or numbers of their domain name or web address from the web site asking you to create a password.
Since it’s Amazon.com, the first part of your password is going to be: ama
Don’t forget that all passwords are case sensitive.
Next we’re going to add the month and year you were born so in this case our password thus far will be: ama0274
Next we’ll add the first 2 letters of George’s name capitalizing the first letter of his first name so that our password thus far will look like this: ama0274Ge
Next we’ll add a piece of punctuation, in this case a dollar symbol then either a 01 or 02 to the end of the password. The 01 or 02 represents which half of the year we are in. So since it’s January, we’re going to use zero then a numeral 1 to the end of the password so that it looks like this: ama0274Ge$01
Ten minutes later you decide to make a purchase at Walmart’s web site. They too are asking you to create an account and to choose a password. Using the same “Password Scheme” the password you’re going to provide to Walmart would be: wal0274Ge$01 (since it’s still January, the first half of the year, you’ll continue to use the zero 1 to the end of the password).
So to recap…
The password you’ll use at Amazon.com will be: ama0274Ge$01
The password you’ll use at Walmart.com will be: wal0274Ge$01
Note how both passwords are uniquely different.
Now let’s fast forward time. It’s now December 20, 2015 and you want to purchase a gift for George at Amazon.com. You go to Amazon.com and try logging in with the password: ama0274Ge$02 since it’s now the second half of the year. What happens? You get an error letting you know that the password you used is incorrect. You then try using ama0274Ge$01 and it works! The reason I’m having you choose to include the 01 or 02 as part of your password scheme is that EVERYONE should be changing their passwords at least twice per year! So before you leave Amazon’s web site, be sure to change the password for their web site to now use your new password of ama0274Ge$02 and save your settings.
Personally I prefer to update my passwords every quarter therefore my passwords include either a 01, 02, 03 or 04 as part of the password.
Let’s stop here for a moment and make sure you fully understand what you just read. If any of it sounds confusing, then go back and re-read what you just learned.
In the examples above I had you create a very simplistic password scheme as your new password manager. The reality however is that I wouldn’t want you to use the password scheme we just talked about. It’s too obvious.
Let’s assume for a moment that some jackass IT manager from Walmart is going to get fired tomorrow. Let’s assume he knows this and he wants to retaliate by taking his problems out on you. Depending on his lever of security, he possibly has access to your password and can see it. He obviously can also see your email address. Unlike computers, we as humans have higher brain functions. We can visually see things that computers would have a harder time with. In the example above I had you use the first 3 letters or numbers of the web site you were visiting. If some jackass from Walmart could see your password, they could easily see that your password started with a wal.
What’s to stop that bonehead from going to Google, since he and everyone else knows your email address, he could try logging into your Gmail account and use the password of: gma0274Ge$01 and get access to your email account assuming you used this simplistic password scheme for your Gmail password.
Out of all the online accounts you need to protect, it’s your email account.
Think about it for a minute… if someone had access to your email account, they could start off by changing your password thus locking you out of your email account. Then start requesting the passwords from all your financial institutions, your social media accounts, your retirement accounts and so on. It’s game over as you know it.
Do you see where I’m going with this? So instead of using the password scheme we used above, a better password scheme would be something like this…
Take the first 3 letters of the web site you’re visiting and reverse them. If it was Walmart, start with the L in caps. Then the month you were born 02. Then the second letter of the web site which is an a. Then a dollar symbol $. Then the first two letter of George’s name Ge. Then a zero 1 or zero 2 depending on which half the year you’re in. Then the last letter of the web site you’re visiting which is actually the first letter or their web address a w. And lastly the year you were born in this case 74.
This is what we end up with if you were providing a password to Walmart: L02a$Ge01w74
If it was Amazon.com, then the password we would provide to them would look like this: A02m$Ge01a74
Let’s looks at these password one on top of another:
L02a$Ge01w74
A02m$Ge01a74
Note that even though we have higher brain functions, it’s a lot more difficult if not impossible to parse out or visually see the letters of the web site we’re using because they are now embedded into the password scheme and reversed.
The next step if for you to sit down, grab a piece of paper and a pen and to ask everyone to please leave you alone for a little while. I don’t want you to be distracted and to concentrate on this very important task. Create and write down you’re own unique password scheme. Get creative using what you just learned. Once you’re written down your password scheme, start by visiting email provider and your financial institutions and updating your password for those sites using your new password scheme.
It’s only a matter of updating 4 or 5 sites with your new password scheme before you start to remember it without having to refer to your notes. Once you’ve remembered your new password scheme, take that piece of paper which has your password scheme written on it and burn it. So that the only place that password scheme is kept, is in your brain.
If you’re thinking that this is wonderful and useful, you’re not alone. In fact, this article is referred to by thousands of other web sites when trying to educate their own customers on choosing a password or protecting themselves online.
Sadly our company flags thousands upon thousands of requests for assistance. Unfortunately out of all the problems we hear about, more than 80% are password related issues. If everyone on this planet created their own unique password scheme and used it, that 80% would diminish significantly.
When it comes to your Gmail password, NEVER elect to “Stay Signed In” when logging into your Gmail or Google Apps account. The few seconds it takes to type in your password is great insurance in the event someone gains access to your computer or you borrow someone else’s and forget to log out. By never electing to have your browser remember your password, you’re forced to type out your password using your new password scheme thus reinforcing that you don’t forget it. Be electing to sign in automatically and having your web browser remember your username and password, it creates vulnerabilities. Don’t ever have your browser remember any of your passwords! Take the 2 seconds and type in your password yourself.
Here are a few more useful password related tips:
Never use the same password for everything! Never use the same password for everything! Never use the same password for everything! Do I need to repeat that again? Good.
Any web site which has access to personal and financial information such as banks or email accounts, should use a password scheme reminding you to change or update your password each quarter.
Consider using 2 Step Verification from those sites which offer it such as your Gmail account.
Using “Bosco” as your password is not advisable. Sorry Seinfeld lovers, that was just too tempting not to throw that in 🙂
Let us know what you think of this article and above all – Pay if forward. Make sure you forward this article to everyone you know and love.
John DeUlloa
GmailHelp.com
(Revised Password Manager Article from 2011)
robert says
This is one of the best articles I’ve ever read. For years I’ve always used the same password and paid the the price. Thank you!!!!
Julius Brown says
I agree with the previous comment. This article is brilliant. I can’t wait to share this with my friends. Could you please tell me if you recommend Google’s 2-Step Authentication for my Gmail account? I don’t always have my cell phone with me so that’s partly why I haven’t turned on the service. Thank you again for a VERY insightful article.
Dan says
What a GREAT idea to come up with a consistent scheme. I have done a version of this with names of sites I visit but this will enable me to shred my “hidden list” of passwords TODAY!!! Thanks John!
Rae Weiss says
One question I have about this scheme…
“If the web site was Walmart, then wal0264JoHn,” etc. Might it not be fairly obvious to individuals on the individual sites? What is to keep someone with access to the passwords used at these individual sites from trying “first three letters of another site” + “the scheme you used for their site” on other local sites you might use? In places where you don’t change quarterly, by keeping to this same scheme, they’d be able to hack you, no?
And I do not know how to make a site force me to change it quarterly if that is not their standard, but that would be a second question, so… 🙂
admin says
Hi Rae,
The point of the example was to have it be just that, an example. In fact what we suggested was a very basic example as to explain how it works. Obviously your password scheme could be anything. If you’re worried about a Walmart employee putting 2 and 2 together, then try something like taking the last 3 letters of the domain name from the site you’re visiting and use those characters. Another example would be to take the first 3 letters of the website you’re visiting and use the previous letter in the alphabet – so if it was Walmart, then use val – V being the preceding letter for W. I think you get the point. Again, the purpose of writing the article was to help by suggesting you use a password scheme as opposed to writing down passwords or using the same one for everything. In regards to your last question, it’s not the site that you’re visiting that is forcing you to change your password, it’s you. So if you visit a site in January and choose a password ending in 01 (first quarter), then in December when you try your password ending in a 04 and it doesn’t work but using the 01 does, then you know its time to change your password with that company before you leave their web site. I hope this helps.
Sasha says
Thanks for the good information!
Luis S says
Very useful advice and scheme.