You need a password system!

johna by | October 10, 2018 | Computers & Internet Web Security



For your security it is critical that you use strong passwords that are unique for each website.

If you are using the same password for every website then it can be quite easy for someone to get access to your accounts. Take a look at how simple this can be:

1. Malicious person or organisation sets up an attractive or useful website. This could be something like a competition, or a website offering something for free like ebooks or software.

2. To use this malicious website you must enter your email address and choose a password. You want the freebie so enter your email address and your usual password.

3. They now have access to your account on any websites that only require just an email address and password. They can attempt to login to popular websites such as PayPal, eBay, Facebook, Instagram, etc using your email address and the same password.

4. From your email address they may be able to determine your email provider, eg. Hotmail or Gmail, and gain access to your email account. Once they have access to your email account they can look through your emails and identify other websites you use, such as banking and PayPal. If your usual password doesn't work on these or other websites they can request a password reset via email and then get access to those accounts too.

Any websites where two factor authentication is enabled will be safe, so this is a useful safety feature you should always choose to use.

So, how can you have a password that is easy to remember but safe and unique?

The answer is to have your own system of generating passwords.

Almost all websites have a rule for the minimum length a password must be, and many have rules for including upper case characters, numbers and non-alphanumeric characters.

So you can use the same system for all websites, your password system should include at least one capital letter, at least one number, and at least one non-alphanumeric character.

So the password is unique, you also need to include something to secretly identify the website. Why secretly? Well if your unique passwords are just something like "johnebay", "johnpaypal", "johnhotmail", etc then the hacker may be able to easily guess the password for each site.

Here's a simple example of a password system you could use. This one is for eBay:

bJohn18y!

b is the second letter of ebay.com
John is a word to use for every website with one capital letter
18 is a number to use for every website
y is the last letter in ebay.com (before the .com)
! is a symbol

aJohn18l! would be the password for PayPal using the same system.

To a hacker the "b" and "y" are not obviously identifying that the password is for ebay.com, although you may want to obscure the password even further.

For example, "John" might be easy to remember but a made up word might be safer. Capitilising the "J" also draws attention to it being separate from the rest of the password.

How about we use "alPha" as our system's word, place the second letter of the website name in a different position instead?

Our eBay password would be "ablPha18y!" and our PayPal password would be "aplPha18l!". They look more obscure.

When coming up with your own system consider other options like capitilising one of the letters of the website name, swapping the last letter and second letter positions, and so on.

Hopefully using these techniques you will come up with a system that is easy to remember yet safe.

Related Posts

Computers & Internet Retro Computing

What to do with an old laptop

by johna | August 19, 2022
Can old computers still be useful?

Retro Computing Computers & Internet

Repairing Commodore and Amiga computers in the 1990s

by johna | August 5, 2022
My experiences working in a Commodore repair centre in the 1990s and some of the common problems we used to deal with.

Computers & Internet Web Development Website Hosting

500 Internal Server Error after migrating from IIS 7.5 to IIS 10

by johna | November 4, 2019
As support ends for Microsoft Windows Server 2008 I have recently gone through migrating some websites to a new server running Windows Server 2016 and IIS 10 but some of the websites did not work.

Comments

There are no comments yet. Be the first to leave a comment!

Leave a Comment

About

...random postings about web development and programming, Internet, computers and electronics topics.

I recommend ASPnix for web hosting and Crazy Domains for domain registration.

Subscribe

Get the latest posts delivered to your inbox.