Your Last Password

Passwords, when used effectively can safeguard data and IT systems from unauthorized access. They’re kind of the atomic element of Cybersecurity. So why another article about passwords? Well, the average person has 100 them and if you haven’t come up with a strategy for creating, and managing strong passwords yet, you’re normal. But that doesn’t change the fact that a strong password is all that stands between you and a cybercriminal.

Let’s review some password basics:

  • Don’t make it too short – AAA, cat, qwerty, or 123 won’t cut it.
  • Don’t make it easy to guess
  • Don’t make it the same one you use everywhere else. This is a tough one and probably the rule we break the most.
  • Don’t write your passwords down. 
  • Do use special characters, numbers, upper, and lower case. This is another tough one because it leads to the final offending Don’t.

Here’s a proven strategy. Hackers hate this one weird trick. Also, I’m not going to give you a bunch of options. I’m just going to tell you what to do step by step. If you commit to this strategy, you will:

  • Be compliant with 99% of the strong password policies out there.
  • Have a unique password for every site and account you have.
  • Only have one password to remember, so, in theory, there is nothing for you to write down.

Too good to be true? Maybe, but that’s why I said 99% of the time. Let’s get on with it: 

Step One – Create a single strong core password

The best way to come up with a core password is to imagine a quote that you already know, love, and have in your memory. It could be a line from The Godfather, or a lyric from a Pink Floyd song. You already know this line, so you already know your core password.

Consider the phrase, “Keep your friends close but your enemies closer.” A memorable line from Michael Corleone in The Godfather Part II in 1974. Here’s the core password from this phrase:

k y f c b y e c 7 4 !

That’s most of the work. You’re almost done. You now have a core password. In this example, it’s the first letter of each word from The Godfather in lower case and I tacked on 74! because this is the year the movie came out and it was a REALLY good movie!. You won’t have to write this down, will you? Now let’s use that core password on your Gmail account and make it unique.

Step Two – Make it one of a kind

Add the first letter of the domain you are logging into as a Capital letter in front of your core. Even though the address for Gmail is mail.google.com, the domain is google.com. So put a Capital G in front of your core password. Now add the last letter of the domain as a Capital letter E  to the end of your core password and you are done. Here it is.

Gkyfcbyec74!E

That’s a pretty gnarly password, isn’t it? You can safely check the strength of your password at security.org. How did the Gmail password score? Well, we succeeded. It will take a computer about 2 million years to crack. Want a few more examples? This is what your password would look like:

Facebook.com  –  Fkyfcbyec74!K

YouTube.com  –  Ykyfcbyec74!E

Bankofamerica.com  –  Bkyfcbyec74!A

Step Three – Inventory your passwords and update them

A final note: You may wonder what to do when a password policy requires you to change your password periodically. This is a common cybersecurity practice. Won’t that mess this whole thing up. Kind of but not really. If you had to change your Gmail password you can continue with your core password and your domain First and Last capital letters. You may choose to modify the special character and update all of your passwords periodically, or you may keep notes on these changes because you can write down a new modified password using the word core as a placeholder and the number 2 as an update like this:

Facebook.com  –  FcoreK2

YouTube.com  –  YcoreE2

Bankofamerica.com  –  BcoreA2

Like any useful practice, this approach might require a second reading to understand. But think of how much time you spend resetting passwords when you can’t remember them. Good luck.