- Pick your Words or Phrases. Pick 3-5 words or phrases you can easily remember. The words SHOULD NOT show up in a Google search, even misspelled. This means if you are going to make up words then make up new unique words no one has used before. For phrases you can use poetry, lyrics, book quotes, anything you would like. We would encourage you to stay away from quotes or lyrics that are extremely popular since you are not the only one that would have thought of them.
- Shorten words or phrases into something manageable. If it is a long enough phrase such as "I do not like green eggs and ham said Sam I am." then shorten it to "IdnlgeahsSIa." or some variant. There are two reasons for this; first, typing a massive phrase can take people a while and is prone to typos. Second, many password systems still do not have the ability to handle passwords >16 or >20 characters. Our goal is simplicity without a management system. Note that we left the special character ".". In password cracking special characters enhance security, although a few password systems will not take them.
- Verify the passwords are >8 and <20 Characters. Now you should have 3-5 solid, non-Googleable words or abbreviated phrases with >8 and <20 characters each.
- Make it Easy to Locate Which Password to Use. The next step is to figure out a trick to identify each website so that you can pick one of your passwords. You could use the first letter or second letter of the domain name to identify the password to use. E.g Letters A-L get one password, M-S get another, etc.
- Figure out a Unique Identifier for Each Website. Figure out something about the domain name or website that will give you something fairly unique. E.g. Logmein.com has 10 characters in the domain name, perhaps you use that. You could also directly steal something from the site, such as its name and use it in the password. E.g. Insert the initials "lmi" or "logmein" into your password.
- Place the Unique Identifier into your Password. Now, take your new unique number and apply it to your password, perhaps with the shift-key applied, which will make the characters special. In the case of the password we reference above: "IdnlgeahsSIa.", if we used both methods identified in step five we would insert "10" with shift held down and "mi" into our password. The result might be "IlmidnlgeahsSIa!". Note that we did not insert the shifted "10" or the lmi at the very beginning or end of the passwords to make it a little harder to predict for someone attempting to compromise our accounts. At this point most hackers are probably moving onto easier targets unless you have become the target, in which case they will probably try to find other ways to access your accounts. If they do keep trying to access your accounts using passwords there is a good chance you would receive notices that something was up before they gained access elsewhere.
- Create a cheat sheet to carry with you. Until you have committed your new password methods to memory carry a coded sheet of paper with you, perhaps in your wallet. Do not just write the entire process, just the cliff notes necessary to jog your memory. This way if you lose your wallet your passwords are still safe, all they will find is paper scribbled with unintelligible notes.
After trying a variation of this system if you think your password management method is still too complex mix it up and perhaps simplify the system. The key is to keep passwords long, avoid dictionary words, mix up the letters and numbers, if possible insert some special characters, and keep from using the exact same password on several websites.
Even if this type of strategy does not keep people out of all of your accounts by the time they figure out what sites overlap (should be very few) you will hopefully have received dozens of "Invalid login attempt detected" messages in your inbox, allowing you to take action.
