How to remember all your different passwords

We all know that we shouldn’t use the same password everywhere since it’s a security issue, but sometimes we do it anyway. There are several software solutions that can keep track of all your passwords (such as KeePass or 1Password), but what if you don’t want to use something like that and you still want to use different passwords everywhere?

To remember my passwords, I use an approach similar to the following:

To begin with, you have to choose a master password and break it in half. You’ll use the first half as the first part of the new passwords and the other half as the last part of them. For example, abcd is going to be our first part and 34() the last part.

Then, you get the first 3 letters (or any other part, it’s up to you) of the service/website you’re creating the password for and add them to the middle of your password.

For example, if you’re creating a password for twitter, the middle part of your password will be twi. Therefore, your unique password for twitter will be abcdtwi34(), for facebook abcdfac34(), etc.

If you wish to make it a little harder to guess how the passwords are created (e.g. in the event that someone manages to find some of them in a plain text format and tries to compare them), there are several things to do.

You can reverse the letters, so the two passwords from the previous example will become abcdiwt34() and abcdcaf34(), or use a simple encryption technique such as the Caesar cipher to encode them (our examples become abcdwzl34() & abcdidf34() using a shift of 3) — but beware, every step you take will make the password harder to calculate, therefore to remember!

Photo by Gio Contardo

  • http://makemysecret.appspot.com/ raigu

    Nice tip. I was also struggling with a lot of passwords and made a site to generate passwords that are easy to remember. They can be used as master passwords.

    • Stathis

      Thanks. Nice idea with the password generator. :)

  • Kostas Bariotis

    Nice one.
    A technique i am using(inspired by the classic numpads) is to type the first letter of the site i am registering to, on a numpad and using SHIFT variations on that. So on Twitter this would be T => 789852 => 789*%@.

    Add the second letter or the last to make it more complex.

    Do no try it thought. It wont work. :P

    • http://burnmind.com/ StathisG

      Nice idea, that could be even used along with the technique I described.

  • http://modkaffes.com modkaffes

    In the unfortunate event of our passwords (created with this technique) falling in the hands of attackers in plain text, it would be fairly easy for an experienced decrypter to crack the code. After all Caesar cipher is crypto101.

    There’s this interesting comic strip from xkcd that hasn’t been proven wrong yet.
    http://xkcd.com/936/

    • http://burnmind.com/ StathisG

      Sure, but using the same assumptions, i.e. an attacker gets hold of two or more of someone’s passwords and has an interest in attacking that specific person, if that person consistently use -let’s say- 4 random common words, the attacker can use a dictionary attack and crack them as well.

      Most likely, the best way for the victim to be relatively safe in this kind of attack is to use strong passwords which have no relation to one another (not even in their length), which -inevitably- will make them quite hard to remember, which defeats the point of this article. :)

      • http://modkaffes.com modkaffes

        Very valid points!