Some people go for the simple solution and use the same password everywhere, or try to. But different systems have different password requirements, and some systems demand you change your password regularly and not re-use an old one, so the one-and-only-password technique generally doesn’t go very far.
Other folks have a pattern they use – some sort of root password to which they add a few characters that are distinct for each system. Or they include some numbers at the end that they change when a password expires and they need a new one.
Whatever your overall strategy, there are a few techniques you can use to help make memorable passwords that are also hard for others to guess.
To help us illustrate these techniques, I’d like to introduce my friend Jane Q. Doe, RN. Jane is one of those thoughtful, responsible people who tries hard to do everything as well as she can. Nursing school was a real challenge for Jane. Passing the NCLEX and getting her license in 1988 was one of her proudest moments. Jane currently works as a labor and delivery nurse at a regional hospital. But Jane isn’t all serious. She is crazy about frogs and collects anything in the shape of a frog or with a frog picture on it. All her friends know that and bring back frog knickknacks for her from their vacations.
Aim for a password length of 8 to 12 characters. Lots of systems require at least 8 characters. Some limit your password length to 14 characters or so. 8-12 isn’t too hard to type and gives you some scope for the imagination.
Years ago, Jane used ‘frog’ as her one password for everything. But, over time, more and more systems rejected it as too short and Jane worried it was too easy to guess.
Decide on an overall strategy and try to stick with it. I don’t recommend the one-password-for-everything approach but, if you do use it, at least make your one password hard to guess (below). Personally, I’m a pattern user with a couple of root passwords (one for personal use, one for work) that I alter a bit for each system.
A few years ago, Jane started using ‘janeqdoe’ at work and ‘bigfroggy’ at home.
Use those funny ‘strong password’ rules to your advantage. When you first come across them, rules such as ‘must contain at least one capital letter’ or ‘must include at least one number’ seem pretty lame. If you knew Jane, would ‘JaneQDoe88’ really be a lot harder to guess than ‘frog’? But, with just a little imagination, they help a lot. The simplest thing you can do is change some, but not all, of the vowels a, e, i, and o in your password to 4, 3, 1, and 0. And use a simple but unusual capitalization.
Recently, Jane started using ‘j4n3Qdoe’ as her root password at work and ‘b1gFroggy’ as her root password at home. She was surprised how quickly typing those strange looking sequences became completely natural and she stopped having to think about the substitutions at all.
Use simple variations rather than just using exactly the same password everywhere. Some re-use may be inevitable. But perhaps you could put a short device name or system identifier on the front or back of each password.
Jane uses her standard root for all the fetal monitors she needs to logs into but adds an FM to the front: ‘FMj4n3Qdoe’.
When passwords expire, try to change them as little as possible and keep similar passwords in sync.
Jane’s unit recently got an upgraded fetal monitor that insists she change her password every 90 days. Now, she is cycling through a series of similar passwords on that monitor ‘FMj4n3Qdoe1’, ‘FMj4n3Qdoe2’, etc. She’s decided that if even one more monitor is upgraded, she’ll try to change her passwords on all the fetal monitors at the same time, even the ones that don’t require it, so the group is always the same.
Write your passwords down safely, when you absolutely have to record them.
Jane took an extended vacation recently. She finally gave herself her dream vacation to Costa Rica to see the wonderful frogs there in the rain forest. She was worried she wouldn’t be able to remember some of her newer passwords when she got back. So, before she left, she wrote a few crucial ones down on the back of her badge. But what she wrote down was not enough to help anyone else guess her passwords easily. For example, for that new fetal monitor, she jotted down: ‘new Fetal Monitor: root3′.
Jane’s pleased with the progress she’s made on managing her passwords. But she’s noticed, lately, that she’s also having a hard time remembering all the different user names she now has. Newer systems seem to be getting pickier about what she can use and not letting her create accounts with her one or two old favorites. And door access codes have started to be a problem, too. She’s beginning to think that she may just have to ‘seek professional help’ and buy one of those password manager apps that she’s heard about. But she’s going to see what she can do for herself, first.
Do you have a favorite password or username tip you’d like to share? If so, please leave it as a comment.