Password Formula

 
Note: This is kind of a long article. If you just want to know how to make a unique, secure password for every site you log into, jump down to The Solution
 
So you might be wondering why a franchise blog is writing about passwords. It’s simple; regardless of your line of work, cyber security is important to you. If you are a franchisor, you likely protect your franchisees bank account information, credit card information, SSN, etc. with a password. If you are a franchisee, you likely protect your franchisor’s intellectual property, as well as your employee’s personal information, with a password. We all use them, and most people’s passwords are simply not safe. Why? There are four steps to a secure password, and I am of the opinion that, for most people, following them is impossible. Chances are you already know the four steps, so feel free to skim and then jump down to the solution if you want.
 

Step 1: Make it unique

 
This one seems obvious, but many people don’t even take this simple precaution. How do I know? Because many hacks and password dumps have shown that the top five passwords in use today are “password”, “123456”, “12345678”, “1234”, and “qwerty”. Of course, clever individuals do letter/symbol or letter/number substitution, so that “password” becomes “p@55w0rd”. This was a decent solution 10 years ago, but now this is so common that many dictionary hacking programs will try p@55w0rd before they try password! Now, to go truly unique, many people are recommending password phrases. A pass phrase would typically be something that is meaningful to you, but not obvious. For example, “Lightiningwonin04!” would be a secure, 18-character password. According to Online Domain Tools (link), this password would take a quadrillion years to hack. Not bad! Pass phrases are a good way to make a password unique. We could even bring this up a bit with some simple letter/symbol substitution and make it “L!ght!n!ngwon!n04i”, and we are even more secure. There is no such thing as an uncrackable password, but an 18 character password that uses letters, numbers, and symbols and only has one actual word in it (“won”), is pretty close. You could get closer with a random string of characters, but random strings won’t likely make it past step 2.
 

Step 2: Don’t write it down

 
This one seems pretty obvious, and I won’t belabor this, but your password is not secure if you save it in plain-text on your computer, email it to yourself, or write it down somewhere that someone might find it.
 

Step 3: Different passwords for different sites

 
Now this is where things get difficult. On a daily basis I typically log into 5-10 sites which might include my CRM, Google, Twitter, Facebook, Linkedin, my bank, my other bank, my utilities, etc. If I had to guess, I probably log into 20-30 sites over the course of a month. If just one of them gets hacked, and I am using the same password for the others, my entire cyber security is out the window, regardless of how good my password is. You should use a different password for EVERY SINGLE ACCOUNT.
 

Step 4: Changing passwords

 
How often you should change passwords is a matter of debate, but I think that you should change at least once a year, and any time there is an issue with security.
 

Really, it’s impossible

 
Lets be honest, you can’t remember 20+ unique passwords that change every year. It just isn’t happening. At this point you probably think you have only two choices; compromise your security by eliminating one of the steps (most people eliminate step 3), or use a password manager. The problem with the first choice is obvious, the problem with a password manager is that it can be compromised, and you can run into issues if you are using a computer other than your own.
 

The solution

 
So let me give you a fairly simple solution. Its called a password formula. If you have a password formula, like I do, you then only have to remember one formula and you will remember every password to every site you log into. You can change your formula once a year, and you have true cyber security. I am (for obvious reasons) not going to share my personal formula, so I am going to give you an example.
 
Here are the steps:
 
First, chose a symbol. For this example we will use “!”
 
Second, chose the letter formula. For this example, I am going to use the first, second, and and last letter of the service I am trying to log into. So for LinkedIn, it would be “L”, “I” and “N”. I am going to add the first initial of my middle name in the middle. So my letter formula would render “lian”. To make it a little more complex, add a capitalization. I will capitalize the last letter. So far my password for LinkedIn using this formula is “!liaN”.
 
The third step is to select four non-consecutive numbers that are not specific to you (not tied to your date of birth, year of birth, kids birthday, SSN, etc). I am going to use “21478” (look at the number pad on your keyboard and you will understand why). So now my password is “!liaN21478”.
 
Finally, lets select one more symbol. I am going to use “)”. So my final LinkedIn password with this formula would be “!liaN21478)” That is an 11-digit password that would take a few million years for a brute-force hack. A dictionary hack would be completely unsuccessful. But I can remember it fairly easily. With this same formula, my Twitter password would be “!twaR21478)”, and my Gmail would be “!gmaL21478)”. I now have a unique password, its different for every site that I log into, I can remember the formula therefore I can remember every password, so I don’t have to write it down. When it comes time to change my password, I can simply change the number set, the symbols, and/or the capitalization and fairly easily memorize a new formula. Also, if I have multiple log-ins, I can easily modify this formula to account for that. If I have, as an example, two LinkedIn accounts, I can either start or end the password with a number (1 for the first account, 2 for the second) or a letter (P for personal and B for business).
 
Don’t use this formula exactly, obviously. Come up with your own. Here are some ideas of what you can put in the formula:
 
 The name of the service you are logging into
 
 The URL of the service
 
 First letter of your, your spouse’s, kid’s, business partner’s, or best friend’s first, middle, or last name
 
 The middle numbers of your home or work address (just not all of the numbers)
 
 The area code or prefix of your phone number
 
 The first or last 3 numbers of your office zip code
 
As a last note, this might seem to complex. Too hard to remember. But think about the passwords you are remembering now. By having a formula, you only have to remember one password to have unique passwords to every website you log into. I think you can handle that complexity!
 
For what it’s worth, I don’t use this on every single website. I have a “throw-away” password. It’s been in about 22 breaches. I use it on sites that I will never share my DOB, SSN, banking, or other info on.