Jonathan Johnston's Blog

Introduction

Navigating the labyrinth of passwords can feel like a no-win situation. If they're as random as a weather forecast, good luck remembering them. You might jot them down, but then there's the risk of misplacing that elusive sticky note or forgetting the very password that guards your digital vault—your password manager. And voilà! You're in an epic "forgot all my passwords" saga.

Here's another fun scenario: you've committed to memory a single, complex password and used it for all your accounts. Sounds smart, right? Until one of those sites gets hacked (which is as frequent as coffee breaks), and suddenly, hackers hold the master key to your digital kingdom.

As wise old Thomas Sowell once said, "There are no solutions, only tradeoffs."

In the world of passwords, your mission (should you choose to accept it) is to find the optimal set of these tradeoffs.

Cracking the Password Conundrum

Password requirements are like the well-meaning but slightly annoying friend who's always there to stop you from texting your ex. They prevent people from using embarrassingly obvious passwords like 'password123'.

But here's the twist: these requirements also give hackers a leg-up. They know your password will boast a capital letter, a number, a special character, and be at least 8 characters long. So even before the guessing game begins, they've got a head start!

Somewhereovertherainbowskiesareblue

Is a better password than

D6#mW&73

And you're more likely to remember it.

It's like we're stuck in the 80's when 8 bytes was a lot, especially if you had hundreds of logins.

Let's be honest, password-guessing isn't a hacker's favorite pastime anymore. These days, they often exploit security loopholes beyond your control to swipe your passwords. So, unless you've somehow ended up on a hacker's most-wanted list, the strength of your password might seem like a moot point.

But here's the thing—good security never goes out of style. Occasionally, encrypted password files fall into the wrong hands, and a flimsy password just rolls out the red carpet for hackers. They may not bag all the passwords, but hey, yours could make it to the 'cracked' list.

So, the million-dollar question is: how can you craft passwords that are memorable, regularly changed (in case of the dreaded hack), and unique for each site?

Password Formulas

A password formula is your secret recipe to concoct strong, memorable passwords. It's a blend of different ingredients—data elements you know—that ticks all the boxes for both site password requirements and robust security.

The trick is simple: Memorize the recipe, not the meal.

Creating your own formula is my top recommendation (after all, no chef reveals their secret sauce), but let's rustle up a few examples for inspiration.

Nonsense word + your current age + the first 5 letters of the website url

This formula comes with a built-in reminder—you update it annually on your birthday. With each website, it shape-shifts into a unique password. The nonsense word gives it a good stretch and, isn't in a dictionary.

Sure, it's got a number and any letter can be a dazzling capital. But it lacks that je ne sais quoi of a special character. So, let's jazz it up by turning the first digit of your age into its equivalent special character on the keyboard (hint: just press Shift).

So this might look like;
nArfsickle@1youtu

Nonsense word = narfsickle
Age = 21, turns into @1
Site = YouTube

Or
nArfsickle@1faceb

And then the next year on your birthday you'll update your password
nArfsickle@2faceb

Or you can mix the site name letters into the nonsense word so it looks more random if someone catches a glimpse.
nfAarcfesbickle@2

Or you could change which letter is capitalized based on the date, it's 2023 so the third letter is capitalized.
nfaaRcfesbickle@2

But don't get so complicated you can't solve your own formula, don't want to be outwitted with your own genius.

The beauty of password formulas is their limitless variations. Want to feel younger? Subtract a number from your age. Feel like adding complexity? Multiply it instead. You can use the full year, or throw in the month for more frequent password refreshes.

You might consider using the company's name, or the website's title, although that's prone to change. If it's an app, why not include the app's name? Just like your coffee order, make it personal.

But remember, simplicity is key. If it's too complicated, you'll abandon it faster than a bad Netflix series. Make it easy enough to remember and use regularly.

One formula, infinite variations, zero stress. Password security has never been this easy. Enjoy the simplicity!

Conclusion

Ultimately, if it works, it's the right way. Stick with what serves you best, not what sounds the most complicated.

Remember, in the world of passwords, you're the chef. So, go ahead, cook up a secure, memorable password recipe that's uniquely yours. Here's to never having a 'Forgot my password' moment again. Happy password creating!