Develop an Algorithm for Your Online Passwords and Never Forget One Again

Daniel

background image

I am sure that most of you guys have dozens of passwords for different websites. Blogs, hosting plans, social networking sites, online services, forums, you name it. The problem is to remember what password is for what website (and using the same one all over the place would be crazy for security reasons).

A first solution is to use a password manager, as I recommended in the past. However, even using that I often end up losing passwords. This happens when I forget to sync my database of passwords between different computers, for example.

To solve this problem I am starting to use a technique to be able to know all my passwords automatically. How? By creating an algorithm to create the passwords.

Here is one example:

  • The first digit is the number of characters on the name of the website.
  • The second digit is “c” is the number in the first step was odd, and “t” if it was even.
  • The third digit is the last letter of the name of the website.
  • The fourth digit is “$” if the letter in the previous step was a vowel, and “%” if it was a consonant.
  • The last three digits are the first three letters of the name of the website.

Using the algorithm above, your password on Twitter would be “7cr%twi” and on Facebook it would be “8tk%fac”.

Once you start using the algorithm to create your passwords you will be able to remember any password by applying it again. Obviously the important thing is to make sure no one knows what your algorithm is (and that the algorithm is slightly complex).

Browse all articles on the General category

36 Responses to “Develop an Algorithm for Your Online Passwords and Never Forget One Again”

  • Steve

    I love the algorithm ideal. As long as your algorithm isn’t discovered. Password managers are also really good. Keeping the password data file on you flash drive that you backup and carry with you, is excellent.

  • Josh Surber

    It is quite a bit simpler to use something like SuperGenPass. This is a simple bookmarklet. It preforms some MD5 magic on the domain of the site you’re on and a master password. This way, all your sites have different passwords, but you only have to remember your master password. And there is no pw database you have to worry about falling into the wrong hands. As long as you are at a computer with a browser that supports JavaScript you have all your passwords at hand.

  • Daniel Scocco

    @Young, what problems would be if someone discovers one of your passwords? Figuring out an algorithm would be almost as hard as guessing your passwords (provided you use a decent algorithm).

    For example, if I tell you my Facebook password is “d45$33jdfac”, can you find the algorithm and find my passwords for Twitter, for my blog and the like?

  • Ryan

    Yep, that’s exactly what I do! Google, Twitter, Facebook, and my blog all have separate long passwords. Everything else is base + combo.

    🙂 they sure do

  • Arun Basil Lal

    @Ryan:

    That’s something similar to what I follow. I have some levels of priority for websites. Like Gmail and Twitter and Blog are of top priority, so I use secure and long separate passwords for them.

    For other websites, of lower priority I have a base password and some site specific combo.

    Great people always think alike. IMHO 😉

  • Ryan

    Great post – LifeHacker had a similar method but I think this one is better.

    @Arun if you need a simpler one, check this out.

    You might want to choose a base password, then add all the consonants of the site (eg, Facebook would be “fcbk”) then maybe a number.

  • Aleksandar

    Great idea. I use my fascicle now and take it with me when I go with laptop, but that can be nice solution for future sites with login details.

  • Franck Silvestre

    Great idea, as for me, I am using a special technique. I don’t remember the name, but I got the idea while reading a website.

    It was basically telling that the best emails are those made with a sentence. You think about something, and each of the first letters or numbers is a word for your password.

    You usually don’t forget those.

    Franck
    the Body Guard marketer

  • Arun Basil Lal

    Freaky, I would sit in front of the login screen if I use such an algorithm, I could use a simpler version of this one though 😉

    years back, I read this somewhere “Don’t be scared of losing your pass, you can always reset it”

    That’s what I do when I switch computers, I reset it, I just have to remember my email pass.

  • Young

    Daniel, if you use an algorithm for your passwords, there will be problem if one of you password is hacked. So I prefer to remember the email address than to create an algorithm, I can get the password back by email anyway.

  • John White

    Is the real danger that somebody is going to guess my password, or that my password along with thousands of others will be stolen in a huge security breach over which I have no control? I read/hear more about the latter than the former.

    A decent password strategy is a good idea, but keep it in perspective.

  • KiksMedia

    Great ideas out there. Thanks

  • Surender Sharma

    I am lazy to remember the password of my blogs,hostings and other systems.
    Thanks for sharing the valuable information here.

  • reinkefj

    I’d suggest that you use a “code book” on all passwords. (I created one for my friends on Lulu. http://tinyurl.com/yz3lf2k $15 bucks).

    BUT, you can use really any paperback.

    Use one page for each site. Write the site name on the top of the page.

    Pick your favorite number — my wife’s is 37.

    Take the third line and the seventh word.

    Stick a # after the first letter.

    (Want a longer one? Add the eighth word.)

    AND DON’T LOSE THE BOOK.

    (My book is easier.)

  • Oliver

    This is definitely something I need to think about doing as I have so many different passwords and I get confused. I will have to try this and see if it makes it any easier for me.

  • Rocky Garcia

    Nice tool. Now you don’t have to be a password conscious on any site you should use.

  • Dickie Armour

    Great blog! I love this idea and have been using it myself recently as I begin to get to grips with all the new social media sites.

    I don’t use such a complex algorithm but I do use certain numbers and letters from the relevant website.

    But I like your idea of having a specific formula. And I really like Dean’s comment about making it longer than 7 characters.

    Thanks 😀

  • Lee Ka Hoong

    Haha Daniel, good method to remember the password. I’m sure there is bunch of people try this method to login your blog or website control panel right now. lol! Luckily that’s not the method you use for your login password. 😀

  • GetBrowser

    Password Manager is really a great tool that help us save our passwords.

  • Chester

    I’m using the same set of password for almost all of my sites. Lol. Crazy right! Thanks for the wakeup call!

  • Dean @ Pro Copy Tips

    I’m a copywriter, not a security consultant. But I know some security guys and here’s what they’ve told me …

    Use the longest password you can.

    Your passwords above are only 7 characters. Length is more important than complexity because if someone is going to use brute force to break your password, they’re probably going to work through all available characters. A password that is 10 to 12 characters is very hard to break. Get it up to 20 characters, and it become nearly unbreakable.

    Also your method is a little complex. All you really need is a “pass phrase” that is variable. For example, make up a sentence you can remember but which others can’t guess: My cat Smoochy has 9 lives and 4 legs. Take the first letter or numeral of each word: McSh9la4l. That gives you 9 characters.

    Now add the name of the website: Key Word Suggestion Tool. This translates to KWST. Put your pass phrase together with the site name and you get McSh9la4lKWST. So your password is 13 characters and strong. Make it more complex or longer if you choose.

    This method creates good passwords and is dead simple to remember.

  • Dana@Online Knowledge

    Nice idea. I may create my own password algorithm so i never forget my password again.

  • Daniel Scocco

    @Pascal, nope it is not 🙂

  • Jerry Low

    The way I do it is grab a pen and paper…. start writting letters and numbers and just stop at around 10 – 15 characters. Memorize it and that has been my password for the past two years. It requires good memory with random characters but semi-effective as well.

    Either way, the methods shared in your post can eliminate those “life hackers” brute forcing with your name and birthday

  • SJL

    I also do it dd’s way…
    But I also need use the firefox’s password manager to remember them. ^^

  • Daniel Scocco

    @dd, good method as well.

  • Oscar – freestyle mind

    I’m too lazy to memorize that. I still use a password manager and I sync everything with dropbox. Anyways that’s a good idea if you don’t use a password manager.

  • Pascal

    Hi Daniel,

    Hope the above mentioned algorithm is not your real one . 🙂

    Anyway , this is good idea. Initially it will be hard to enter when login. But after some days, it will be easy and we’ll know how great idea is this.

  • Wulfgar

    A slight change to your algorithm is in order.

    Most apps or some websites don’t allow you to reuse some older passwords. Your algorithm above would create a static password, so the next time you need to change it, you’d have to change the algorithm or ignore it, thereby introducing a chance that you might forget.

    Simply adding an element based on the date would allow for a much greater flexibility.

    My algorithm for instance uses the last 2 digits of the year, and the 2 digits of the month, in addition to some of the elements you described. So, even if I haven’t changed my password in 2 months, I have at most 2 guesses until I can recreate it.

    This method gives you the advantage of having a dynamic portion of your password, bypassing the “you can’t use former passwords” limitation.

  • dd

    Another idea is to use crypto (like md5 or sha1) for your passwords.

    First, choose a good long password that you will use everywhere. For example qwerty (don’t use that, just an example). Now for every site, your password will be the md5 (or sha1) of qwerty + site name. For example:

    $ echo “qwerty http://www.facebook.com” | md5
    9d7d9b30592fd43dd6629ef5c12c6e9a

    $ echo “qwerty http://www.twitter.com” | md5
    cdf0e74e19836efb20f29120884b988d

    That way my password for facebook is 9d7d9b30592fd43dd6629ef5c12c6e9a and for twitter is: cdf0e74e19836efb20f29120884b988d

    Both long and secure. If someone steals my twitter password he has no way to reverse back to figure out the other passwords. Plus, doing that you don’t need any password software stored (just the md5/sha1 binaries which come by default on Linux and are easy to find on Windows).

Comments are closed.