Have you ever visited a website, but you just can’t remember your password? Maybe it’s a site you only visit every Christmas season or near Aunt Petunia’s birthday to order her flowers. It’s super frustrating! If so, you are not alone! As cybersecurity month winds down, I want to give you a system for creating secure, unique passwords for every website you need access to that you’ll never forget regardless of how often you visit that website.
Secure means that it is difficult to guess. Unique means that the password is only used on a single site and nowhere else – no more using the same password over and over again in multiple locations. One key benefit of this system is that even if you do forget the password, you can hack it! No, I don’t mean matrix-style hacking. I mean, you can work through the formula I’m about to give you and figure it out… again. Are you ready?
Identify a phrase that is meaningful to you. This will be the most important part of the entire process. This phrase should have at least 10 words and represent something important to you. For example, I got to spend some time in Hawaii, so for this example, I will use the phrase “I love to see beautiful Hawaiian sunsets at the beach in Waikiki”. Here you will see that I have a phrase that is meaningful to me, and it has 12 words. Take some time and think about this first step. Make sure you get it right, it’s important; in fact, the most important part of creating an unforgettable password.
This is a simple step. Just take the first letter of every word in your passphrase, as is, and smoosh them all together as if they were one word. This word is called your “base word”. Using our example it would be IltsbHsatbiW. How’s that for what appears to be a random string of characters? Notice that I preserved appropriate capitalization as that will also make the password more secure. If your phrase does not have any capitalization besides the first word, that’s okay, we can add some later.
Before we get into the letter swap, let’s talk about what makes a good password. Microsoft says the following makes a good password:
The passphrase from step 1 has given us 12 characters to complete the first bullet point. Doing the letter swap gets after bullet point numbers two and three. Finally, our unforgettable password will come together as we wrap up bullets four and five in the last step (step 4).
The letter swap is where you change letters for numbers or symbols. Some examples are I (letter i) = 1, a = @, e = 3, o = 0, etc. Changes that you can look at the word and it makes sense. From our example of IltsbHsatbiW we could swap the first letter “I” for a 1, but since it is already capitalized, I’m just going to leave it as is. Now swap the “a” for @ and the second “i” for the number 1. Now our base word is IltsbHs@tb1W. To make a password super secure you should have at least two capital letters, two symbols, and two numbers.
If your base word does not have any capitals, numbers, or symbols you can just add them to the anywhere that makes sense.
An extension is a part that gets added to your base word. The formula for the final password is base word + extension. Here we are going to add another symbol, the underscore “_”, between the base word and the extension: “baseword_extension”. So, what is an extension? The extension should represent the website you are visiting in some way. There are two ways to look at this, generic and specific. I recommend being specific if you have a lot of websites you visit.
First, I’ll give you an example of what generic looks like. For an email site it might be baseword_email, for a banking site baseword_banking, for an airport parking site baseword_parking, and so forth. However, since most of us have more than one banking or email site, I recommend using a specific extension.
Let’s redo the extensions mentioned above using the specific pattern. Let’s say you have Yahoo and Gmail accounts; the password would become baseword_yahoo and baseword_gmail. If you were banking Chase Bank and US Bank, those passwords become baseword_chase and baseword_usbank. Do you see how they are more specific?
That’s the formula. Now let’s apply it to the example we’ve been using. My passwords for my email, banking, and any other accounts I need to create become easy to remember. My base word, plus the specific extension. Here are some examples of what that may look like:
| Website | Password Examples |
| Yahoo email | IltsbHs@tb1W_yahoo |
| Gmail | IltsbHs@tb1W_gmail |
| Chase Bank | IltsbHs@tb1W_chase |
| Cable Company | IltsbHs@tb1W_cable |
| Apartment Rental website | IltsbHs@tb1W_rent |
| Cell phone website | IltsbHs@tb1W_cell |
That’s it. You now have the formula to create a secure, unique, unforgettable password for every different website you visit. From a security perspective, even if one of your passwords gets compromised in a data breach, the rest are still secure because you did not re-use that same password anywhere else!
Now, let’s be honest, passwords are not the best way to secure access to a website or anything else for that matter, but it seems that passwords are here to stay for a while, so I wanted to show you how to use them securely.