Developing a password schema for easy recall

Developing your own password schema is probably the single best defense in protecting your online information. It seems the number of web sites we want to interact with is increasing each and everyday. Internet products and services require usernames and passwords and that is where the trouble begins.

Password dangers

remembering passwords
Source: http://mashable.com/2013/04/09/passwords-thoughts/

In an earlier article “Are you using Facebook Connect?”, I eluded to the dangers of using a service like Facebook Connect as a single source to access many of the web sites. If your Facebook Connect account is hijacked, any web site that utilizes this service is also compromised. The same scenario exists when you use the same username and password combination to create an account on many different sites.

The question is, “How do I remember a different password for each site?” I mentioned in the same article that a password schema will make it easier for you to remember different passwords for different sites. By utilizing a password scheme, you create an unique password for each individual site.

Password schema:

Before we delve into developing our password scheme, the examples I provide are only to help understand the concept. Please do not use the examples and come up with your own.

Creating a schema is fairly simple by changing a few characters for each password you create.  Selecting these characters is accomplished by using two or more characters from the name of the site. Then combine these characters with a standard set of characters that remain consistent in creating a password for each site.

Example:

Using DavidGumpper.com, the following is a password schema that I have determined to be unique to me (WARNING: This is NOT my password schema and you need to develop your own. DO NOT USE THIS ONE!!).

Example password = 123dAi456

  • First, I developed a standard set of characters to use in all my passwords, ‘123‘ & ‘456‘. This combination will stay consistent in the creation of all my passwords.
  • Second, I have decided to use the first, second and fourth characters of the web site name. = dAi

By using this password schema, when I create a new account for a site named InternetDRG.com, the password for this site would be 123iNe456.

Password ‘best practices’

  • Use a combination of upper and lower case letters in your password.

Notice how the second character in the previous password schema is an upper case letter. Using upper case letters in your password  is a ‘best practice’ to follow. There are some web sites that require both upper and lower case letters, so develop a password schema that takes this into consideration now; it will save you headaches with passwords that do not meet your schema.

  • The standard set of characters for your password should not contain any part of your birthday, social security number, addresses, middle names, kids names or any other information that is personal or can be found on the Internet.

As an example, a password for DavidGumpper.com could be dAi79mts. The first three characters are from the site name. The remaining are my standard set of characters where 79 was my football jersey number in high school and mts is derived from the NY Mets. Elements that I can easily remember, but no one could put together from any source on the Internet.

  • Make sure your password schema contains eight or more characters.

Most web sites today require a password that contains at least eight characters. Make this choice now when you are developing your password schema. It will save you from having passwords that do not conform to your schema.

In the long run

In the long run, having a password schema prevents access from a single compromised username and password combination. Developing your own password schema is only the first step in protecting your accounts online. Another step in preventing hijacked passwords can be accomplished by ensuring wherever you are providing personal information on the Internet, your session is secure by using https (located in the web address of your browser) and initiate access to your accounts by navigating to the web site. Do not use links to go to the login pages, especially links in emails!

I hope this helps and I am looking forward to the comments.

Published by

David Gumpper

Testing The Profile Page

4 thoughts on “Developing a password schema for easy recall”

  1. Good advice Dave, I went from a single password to different passwords for every login. This is a creative way to do so.

  2. I came into a slight complication with my schema. My work computer had to be sent to another city to be worked on by our IT group. At one point, a trusted collegue in IT called and said he might need my password to get into a certain program. I wasn’t sure that my schema was unique enough; that is, it was too generic and he might be able to figure it out and then my data would not (necessarily) be secure. I trust he would not hijack my data but still, the idea that I needed to do a better job developing my schema struck home.

    In the end, he was able to complete the job without needing my password. Now I just need to tighten up my password schema a bit..

    This is great advice, thanks for putting it out there!

  3. Martin: Thanks for the comment. I would never give anyone my passwords to systems, even if they are an IT guy. They should have the correct security structure in place to complete the request, or at least only perform a remote access to your computer to access the program.

    Have a great day.
    DG

Leave a Reply