IT Support and Services Designed to Unleash Your Business ℠ 

Facebook Twitter LinkedIn E-mail RSS
formats

An EASY Way to Use a Different Password for Every Site

Recently, someone I know had two separate bank accounts affected because a criminal gained access to his PayPal account. The “hack” was not due to a security flaw in PayPal’s site (though, as you’ll see, it could be better), nor was there a breach of security at PayPal’s datacenter. The cause was lack of password management.

“Security experts say to use a different password for each account…”

 

Nowadays, we tend to collect online accounts like spare change in the ashtray. (By a quick count, I have over fifty.) Keeping track of all these usernames and passwords is a daunting task.

Many sites require you to use your e-mail address as your username. (e.g. PayPal, eBay, Netflix, Amazon, Twitter, Facebook) This helps make them easy to remember, but it also means that a criminal already knows one part of your username/password combination. Security experts say to use a different password for each account, but it’s a pain to remember fifty different passwords, so we tend to use the same one or two for all our online accounts.

“If you’ve used this password for other sites, you’re in trouble.”

 

Let’s say you sign on to Facebook at a coffee shop, using a public Wi-Fi network, or you log on to Netflix on a friend’s computer that has been compromised by spyware. Your e-mail and password may end up in some criminal’s database. If you’ve used this password for other sites, you’re in trouble.

What happens next is that the criminal will try using that same e-mail and password at popular sites like PayPal, Amazon, eBay, etc. Since it’s all automated, they can try thousands of sites in no time. When they find one that works, they’ll withdraw money, or run up big bills, and you’ll spend days talking to fraud department auto-attendants, and running around changing bank accounts and card numbers.

Online banking and other financial sites are more secure because they use unique usernames, additional authentication methods and other security enhancements to make sure that you are who you say you are when you sign in. The weak link is non-banking sites that have access to your credit cards or bank routing numbers. Typically, they use single-factor authentication (password only) which is only secure if you use a different password at each site.

“‘I can’t remember that many different passwords!’ Yes, you can.”

 

The simple solution is to use a different password for each account. “But,” you’ll say, “I can’t remember that many different passwords!” Yes, you can. Here’s how:

Start by creating a base password of five to seven characters. It should be easy to remember, but it should include at least one of each of the following: lower-case letters, upper-case letters, numbers, and special characters.

Here’s one, for example: “I’m#1

Next, decide on some letters to use from each site where you set up an account. For instance, you might use the first two and last two letters from the Web site’s name. In the case of Facebook, that would be “fa” and “ok”. For Netflix, it would be “ne” and “ix”. (You could just as easily pick the last four characters, or every other letter, or some other combination, but keep it consistent.)

Now that you have a base password, and a site-specific set of characters, put them together. (Again, keep the method consistent.) For example, using the example above, your Facebook password might be “faI’m#1ok”. Your Netflix password might be “neI’m#1ix”. It would be pretty hard for someone to guess, just by looking at one password, that you have a pattern, and a criminal hacker isn’t going to bother trying when they have so many other insecure passwords to choose from.

Here are some tips for using this method effectively:

 

  • Try to keep your resulting passwords between eight and ten characters long. That’s long enough to be reasonably secure, but short enough to be accepted by the majority of sites.
  • If, for some reason, you need to give someone your password for a site (You should not do this unless absolutely necessary.) just tell them the password; don’t tell them your pattern because then they have your password for every site.
  • If you use one or more shared accounts (for instance, access to a corporate bank account) and you want to use this method, don’t use the same base password as you do for your personal accounts.
  • Some sites require you to change your password every so often. Obviously, that makes this method difficult to implement. In that case, just change your base password for that site and write down just the base password somewhere convenient.

 

 

 

 

2 Responses

  1. Shortly after publishing this article, I received some flack about sharing passwords. I said, “If, for some reason, you need to give someone your password for a site (You should not do this unless absolutely necessary.) just tell them the password; don’t tell them your pattern because then they have your password for every site.”

    I was reminded in strong terms that you should never give out your passwords. In general that is true, but there are rare circumstances in business settings where it’s unavoidable: For instance, you have the credentials to log on to the banking site where your corporate account is administered; you go on vacation; the other person who has permission to log on is home sick; someone at the office really needs to make a transfer or your payroll checks will bounce. In that case, you may have no choice but to give someone who wouldn’t normally have access the ability to log on.

    Of course, you need to change the password as soon as the access is no longer needed. Proper planning can eliminate most of these circumstances before they even arise, so it’s wise to do a little planning beforehand.

    And, just to reiterate, never give out your passwords.

  2. […] it to log in to a more secure site. For an explanation of this, see our previous article, “An EASY Way to Use a Different Password for Every Site“. The sad truth is that most people use the same one or two passwords for […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Home Security An EASY Way to Use a Different Password for Every Site
© Clocktower Technology Services, Inc.