So the thing is, I manage a lot of sites – some my own, some for my clients. And the one thing they all have in common is that they require a password to allow me to get in to the administration area.
That’s not to say that they all have the same password in common – far from it! That’s just such a bad idea. As is using too common or simple a password.
But every site nowadays seems to have differing requirements for how the password must be constructed. Capital letters, lowercase letters, numbers, special characters; most sites now require some combination of any or all of these.
I needed a method to enable me to remember all those passwords, without resorting to a spreadsheet or some other kind of list. There are some really good password managers out there, and I have tried a few, but I often use different devices to access these sites, and syncing the passwords across devices is a tedious and not always successful endeavour.
So I remembered a really clever and simple method that was first described to me by one of the best Professors I have ever had – who was also a very security-conscious person.
All I have to do is remember one simple 6-unit pattern. I’m not going to tell you what that is, but I can tell you that it is based on the domain name of whatever site I need to login to. And you can do it as well.
Just pick a pattern of up, down, right and left, in any combination, and with any spacing (between 4 and 6 items in the pattern is ample) and apply it to the keyboard. Choose one direction to move in when going up or down, and keep it consistent (in this case we’re moving to the left). For example if your pattern is 4 units long, say, 1-up, 2-down, 1-right, 3 left, and you are trying to login to Google, your password would be t (1 up and to the left from g) m (2 down and to the left from o) p (1 right from o) s (3 left from g) i (1 up and to the left from l) and z(2 down and to the left from e). If capital letters are required, capitalize the one in the same position, every time – in this case we will choose the first letter – T. And if special characters are required and you pattern has not landed on any of them, add one at the end – again, this can be the same one every time; let’s say our special character in this instance is the ampersand (&). So the final password would be Tmpsiz&. This sounds way more complicated than it actually is when you use it, because your base word (the domain) is right there in front of you, so all you have to remember is whatever pattern you have created.
One of the most ingenious things about this method is that, even if the domain has two of the same letters in it, even side by side, 99% of the time the substitution will be a different letter for each of them, so no repetition pattern will show up to make it easier for a potential hacker.