The saddest thing I’ve read about the ongoing PS3 security debacle is the number of people who have said openly that they can’t remember what password they used for their Playstation Online account and therefore which of their other passwords they need to change now.
We all have squillions of passwords these days. Or maybe we have one password that we use for everything, in which case we are idiots. Or we have a system for remembering multiple passwords, like the one Martin Lewis is advocating right now. I like Martin Lewis’s system right up to the words ‘Note the password down’. Even if you’re writing them down in code, that’s still insecure and inconvenient.
I have a different system. Every time I need a new password I generate one on the fly using an algorithm in my head. Every password is different. Every password takes less time to generate than it does to type.
Here’s roughly how it works.
- You need a personal word or phrase. It should contain upper and lower case characters, and ideally digits and special characters as well. It should not be a dictionary word.
- You need a way of quickly deriving a non-intuitive word or phrase from the website. The name of the website backwards would do it, or the first six characters of the site name, but you can think of something better than that.
- You need a way of deriving a number or alphanumeric from (2) or a combination of (1) and (2), in your head, on the fly. It doesn’t need to be too complicated but it does need to be complicated enough that someone can’t glance at your password and immediately work out how the number was derived.
- You need to decide what order you type these in.
There you have a password generator. It will create nice long secure unique passwords. You will not need to write anything down. If you follow basic security protocols (1. never give your password to anyone or let anyone watch you type it in; 2. see 1.) you should be fine.
There are websites that limit the length of your password or won’t let you use special characters, and you should think carefully about whether you want an account with them, because they are insecure. If you find a bank website that puts an upper limit on the length of your password, then find another bank.
I look forward to being told where the flaw in my system lies.