A few days ago OneMint was attacked, and embarrassingly enough someone or some machine had simply guessed my password. I now know that this wouldn’t be too hard as it would have taken a desktop PC just 3 days to figure out my password.
I have been on a mission to change my passwords since then but there are two challenges in this. You can come up and remember one strong and unique password, but it is very hard to come up and remember 20 unique ones. I say twenty because that’s the number of passwords I need for my accounts that have some financial aspect to it. If you include all of my passwords, I’m sure it would go over a 150.
The other method is to have some sort of a formula in your head to generate a unique password but my struggle so far had been that it wasn’t unique enough, or strong enough or universally acceptable enough.
I’ve overcome all of these and I have been using my current way quite successfully for the past two or three weeks, and if you currently have passwords that can be guessed within days by a desktop PC, I strongly recommend going through this post, and seeing if this method or a variation works for you.
Step 1: Setup a base formula, which means that there should be some combination of special characters, words and numbers that will always be in your passwords. For instance, you can say that all your passwords will start with “%” and end with “ghoda9873*”
Step 2: Use the name of the website in your password but with some replacements. For instance, you could say that if the website is two words like SBI India, you will only consider the first word, so SBI would be part of your password. Then you could say that “I” would always be “1” in your passwords. In this way you can make certain replacements, and come up with a unique password. In our example, a password for SBIIndia.com would be “%SB1ghoda9873*” which would take a desktop PC 2 billion years to crack!
If you use this formula a few times, and customize it to the way you’re used to thinking then you will be able to setup new passwords quite easily for all your accounts. This has the obvious drawback where if a person comes to know a couple of your passwords, they can guess the rest quite easily but it still beats having a simple one anyway.