So, it probably had at least one number, right? A number and maybe some punctuation — a dollar sign, perhaps? And maybe a capital letter or two?
What were you doing when you were asked to create a new password? Sitting at your desk? Eating a sandwich? Could it be “2sandwiches!” or “Lardbutt4me”?
Perhaps it’s an acronym of your favorite saying: I hate having to think up a new password all the time, geez, so, IHHTTUANPATTG, maybe?
Oh, never mind. The only response to that “Forgot your password?” prompt is an annoyed, resounding “YES!!” followed by an “AARGH!” It’s a blessing and a curse of modern life that so much of what we do is based around the Internet, and so much of the Internet requires a password.
A July 2012 Harris Interactive poll of 2,208 adults found that 58 percent of respondents who are regularly on the Internet have five or more unique passwords for their online log-ins and 30 percent had 10 or more unique passwords. And a pitiable 8 percent had 21 or more unique passwords.
And here’s the thing: Three-quarters of survey respondents said they try to think of the strongest password possible, but 37 percent of them reported having to ask for help remembering their user name or password for at least one site at least once a month.
The problem is, with all the horror stories we hear about identity theft, taking the easy route to password creation — “12345,” say, or “password” — only invites seeing a $5,000 Las Vegas vacation show up on your Visa bill, a vacation you didn’t take.
The good people at Google advise, “Passwords are the first line of defense against cyber criminals. It’s important to pick strong passwords that are different for each of your important accounts and to change them regularly.”
Microsoft takes it further, advising password creators to avoid:
■ dictionary words of any language.
■ common abbreviations or misspellings, or words spelled backward.
■ sequences, such as “12345,” “qwerty” or “abcdefg.”
■ personal information, such as family names or birth dates.
In fact, Microsoft offers a password security checker (microsoft.com/security/pc-security/password-checker.aspx) to help you create strong passwords.
And we always hear that writing down passwords is a terrible idea, lest thieves get hold of the list, and only someone begging for trouble would write them on a Post-It and stick them to a computer monitor.
This is the problem, though: remembering them. How, when we’re advised not to use the same password for everything, and when so many sites have unique rules for acceptable passwords, are we supposed to remember that the Amazon password is “P*f@gNp8?x” while the Facebook one is “mQ5%zL31wE”?
Many web browsers offer the option of remembering the password for you and automatically filling it in whenever you visit that particular site, but security experts generally advise against using this option. In the off chance your computer ever gets stolen, the thief will have, in essence, stolen your credit cards, too.
Experts, those same ones who advise we not write the passwords down or use automatic password rememberers or use as a password anything we’d be likely to remember, also advise that remembering them isn’t impossible.
Microsoft offers this system: First, think of at least one memorable sentence (one you’re likely to say). Then, remove the spaces between the words. Turn a few of the words into shorthand or misspell a few of them on purpose, then add a number that’s meaningful to you.
■ I hope I remember this password.
However, that’s still a lot to remember, especially if you’re doing it for every website. The technophiles at lifehacker.com advise coming up with one rule set for generating passwords. They say start with a base password, and then devise a rule that incorporates some form of the website name into it.
For example, if your rule is to use the first two and last two letters of the website name and your base password is “aple” (“apple” spelled wrong, since we’re advised against normal spellings), then your password for amazon.com (or Amazon) might be “Amapleon.” You can adapt your rule to incorporate punctuation or numbers, too, as long as you apply the rule consistently: “Am!apleon1,” for example, or, for Yahoo, say, it could be “Ya!apleoo1.” In this system, consistency is key.
Wikihow.com advises creating compound words from small, memorable-for-you words: CatDogSnowNap, for example, again remembering to establish a consistent rule for password creation that you apply across all websites. The words, then, could relate to the website. An Amazon password could be “BookZombieLoveRead.”
Also, wikihow.com advises basing passwords on things you love, then adding punctuation or numbers. If you love peanut butter, your passwords might be “peanut_butter4ever!” Again, if you have established rules, you might remove all the vowels from the password, for example — “pnt_bttr4vr!” — or replace vowels with numbers. If A is 1, E is 2, etc., then your password becomes “p2b5tt2r_42v2r!”
Password security advisers also are fond of acronyms. If your favorite song is “Eye of the Tiger,” then your base password might be “EotT,” and you can build on it from there.
So, if none of the Internet’s advice helps, and the temptation to write passwords down is too strong, then Security News Daily (http://www.technewsdaily.com/security) advises keeping that paper as secure as you would a credit card. They also advise instead of writing down the password itself, writing a hint that means something only to you.
Also, don’t write the website, user name and password on the same sheet of paper (again, if you must write them down, which you shouldn’t). And maybe even devise a code, replacing certain letters with certain numbers or punctuation, for example. As usual, consistency across all websites and through all passwords is vital.
And, when all else fails and if you’ve done enough research and are confident in their security, there are password managers available. The only password you’d have to remember, then, is the one for the manager itself. Many password managers are available for less than $30; PC Magazine recommends RoboForm Desktop 7, Kaspersky Password Manager 4 and LastPass 1.72, which is free, among others.
And if all else fails, pull a Ned Ludd, throw your wooden shoes into the mechanized loom and rally for a return to the Stone Age. Some days, that just seems easier.