So you're using a password management tool to keep track of all your passwords. What if that tool gets hacked? That's not a joke — it happened last month at LastPass, a web-based service that encrypts multiple passwords. Although LastPass users' actual passwords weren't compromised, their email addresses
and password reminders were.
The LastPass incident is a valuable reminder that the most secure place to store your passwords is still inside your head. But can you remember the password
for every website you use without making the security mistake of reusing passwords? We certainly can't. That's why at Xantrion, we recommend and use
a simple trick that generates passwords that are hard to crack but easy to recall. It just takes three steps:
|1. ||Start with a word you won't forget, and spell it with at least one special character. For example, "apple," spelled "4pp!e." You'll use this "seed" password in all your other passwords. |
Come up with a simple algorithm based on the site's domain name. For example, you could use the first and last letters of the name as the first and last letters of your password
Combine the two. In our example, then, your password for WebEx would be w4pp!ex, and your password for Salesforce would be s4pp!ee.
You can make the details as complicated as you want, but as long as you remember the domain name and your personal algorithm, it's easy to generate unique,
high-quality passwords you still won't have to write down or store anywhere.