Simple Solution to Password Management

Managing website passwords is an arduous task, and for many, simply falls to a solution of one password for everything. Of course, that fails in so many ways, but probably remains as the most common methodology employed. I've tried so many different ways to handle passwords, but eventually settled on a simple, free, and highly secure solution.

Let's review the two basic methods employed and see where they fail, and then my solution.

Single Password for All

The one-password-for-everything solution fails spectacularly, with the most significant loss, due to the fact that if revealed, ALL your sites are accessible. You might think that you'll do a great job keeping the password secret, but the problem is not you, its that many sites are not even encrypting your password in their own databases, which makes it available to anyone at the site.

Anytime you have a site that gives you the ability to retrieve a lost password and provides you your password, perhaps in an email or over the phone, you will know that this site DOES NOT encrypt your password. If they did, they would be only able to reset your password, and in no way could they themselves know the password. That's the ingeniuty of encryption.

Pro

  • Easiest method to use.
  • Free.

Cons

  • If revealed, then usable on ALL sites.
  • High amount of work required and longest period of exposure, since ALL sites will need password updating.

Unique Passwords for ALL

Having unique passwords for each website is a great, nearly perfect idea, but it fails in how you manage the passwords. Since each password is unique, you have to store it somewhere, perhaps in your phone, and then you have to have it available for whenever it is needed. I used to store all my passwords in my phone contacts (an entry for every site), but then discovered that phone apps most commonly have access to your contacts! Total fail, since now where I was storing my passwords was being made available publicly!

There are a number of phone apps and websites that will store your passwords, but their failures are still a single point of storage, so you always need to have the storage medium available, and also you potentially are putting your passwords in someone else's hands, which I am not willing to do. Trust no one.

Pro

  • Unique passwords for every site.
  • If password exposed, limited to single site.
  • May be free.

Cons

  • Difficult to manage.
  • Storage medium–phone, paper etc.–may not be always available.
  • Loss of storage medium results in loss to all access.
  • Access to storage medium would enable someone else to access all your sites.
  • If storage medium is an app or website, potential third-party exposure.

Self Generated Passwords

My solution is simple and has the following attributes that satisfy all of the Cons listed above. My solution has a storage medium that you always have with you–your brain–each password is unique, and no one has access to your passwords.

The storage medium is your brain, and what you'll be doing is coming up with a simple algorithm that you can calculate every time you need a password. I won't tell you mine, but here is an example:

password = First 2 letter of web site + Dog's name (1st and 3rd letter capitalized) +
  3rd letter of web site + a number

Now you have to remember the algorithm, but it'll be a lot easier memorizing than trying to memorize unique passwords for every site.

So, let's say the site is Gmail, your dog's name is Charger, and our number is '23'.

The password for your Gmail account: gmChArgera23

Some sites require special characters, such as '#*!$%', so have an optional part of your algorithm that you will utilize when your password fails at first try. Perhaps you'll add a '$' after the first 2 letters of the web site.

The optional password: gm$ChArgera23

And for sites that really have extreme requirement, write those down somewhere, which may not be the best, but your exposure will be limited to just those sites in the event you lose your storage medium.

Pro

  • Unique passwords for every site.
  • Storage medium–your brain–is always available.
  • If password exposed, limited to single site.
  • Free.

Cons

  • Sites that have demanding passwords require may require physical storage (and be vulnerable).

You can make your algorithm as complex and crafty as you'd like. For example, you could scramble the letters of the website in the algorithm by using the key to the right of each letter on your keyboard.

Your Gmail password: h,ChArgers23

You can get really fancy, limited only by the amount of mental work you want to do every time you need a password.

Good luck and keep your algorithm secret!


Carson R Cole