- Pick a phrase or a password you already use.
- Each time you sign up for an account, add one or two random words to the end of it.
- Never reuse that password.
That’s it, only three steps.
Here are some examples:
This is lightyears better than using “Fluffy123” for everything. Just don’t use the sites name, I go over why this is bad here.
All the people telling you to shove a special character in there or take the first letter of each word of a sentence are overcomplicating things.
When you overcomplicate passwords, people are more likely to reuse the same passwords, and password reuse is the biggest threat facing everyone online.
How To Pick The Random Words
Avoid using random words that you create. Instead, get your random words from…
When put on the spot, our minds go blank, and we end up picking obvious words like desk or window. To find unique words go to a website that is always changing like Reddit or your local news site.
Have A Little Fun With It!
I like to make a little game by finding the funniest or craziest words combined.
Going through a website right now I found the two words “Zookeeper” and “Barber”. A “ZookeeperBarber” is just plain funny.
It’s a fun game to play, if you got the time why not find a few more and keep them close for the next time you need to create a password.
The Best Option
The very best option for creating passwords is to use a password manager. A password manager can generate and store the passwords for you.
But a password manager is not for everyone.
A great option is to create the passwords recommended in this post but use a password manager to store them. This way, you get the best of both worlds.
And if a password manager is still not for you at least you know a way to create unique passwords easily. Below is an example of how to set up a piece of paper to hold your unique password and places to put usernames and websites name.
Why Can’t You Reuse Passwords?
The reason why you want all your passwords to be unique is that many of them will end up in a breach.
A breach is when hackers get into a website and steal passwords along with other information. If you’re curious you can check to see if you’re in any known breaches at https://haveibeenpwned.com/.
Once they have the passwords, they’ll try them on as many sites as they can. Since so many people are bad about reusing passwords, they often get into people’s other accounts and steal whatever they want.
It’s best to think of all your passwords as being disposable. Once you’ve used that exact password you must throw it away and get a new one.
Can’t They Guess My Password?
What you see in the movies is not what happens in real life.
A hacker will get a list of usernames and passwords from breaches. They take this list and use software that tries all the usernames and passwords on many sites at once.
And that’s about it.
They’re not going to break down the list and try Bob’s password 100 different ways; those lists often have 100’s of thousands of other people to get through and doing everyone 100 different ways is not practical.
They do search the list for words or characters like “facebook” or “fb” for the people who put the sites name in the password. If someone’s password were, Fluffy123Facebook it would be nothing to figure out their Paypal is Fluffy123PayPal. So don’t put the sites name in the password.
Not only that but brute force guessing of passwords is not something that happens on a modern day online account. Most websites block anyone who is making too many guesses. Not only that but there a ton of people to have to brute force guess all their passwords. Unless you’re someone important, brute forcing a server is not worth anyone’s time or even possible for many websites.
The only time a complicated password is needed is for local attacks. Encrypting that PDF or your password manager, those require a password that is just a little bit more complicated.
But your account at Barnes & Noble doesn’t need anything crazier than “Fluffy123Turkey”.