We all know that you shouldn't re-use the same password on different websites, but this is extremely difficult in practice considering the number of sites people use today. Password managers were developed to help solve the problem of remembering passwords. Some examples are KeePass, Password Safe, and LastPass. They work fine for many people. However, I personally don't like the idea of depending on a password manager. I want the ability to pull the correct password out of my brain in case I'm ever in a situation where I don't have access to the password manager. There's also a risk that your passwords could be compromised (this is true about any data that is stored, encrypted or not).
I have about 80 different passwords, but I don't have any problem remembering them. I don't write them down or use any sort of password manager. I came up with a system that enables me to remember my passwords. It works for me, so I'm sharing the technique in case anyone else thinks it might be helpful.
With my system, you only have to remember two things.
- Your "core" password.
- Your scheme.
Second, pick a scheme based on the website's domain name. The scheme will be used to supplement your core password. As a simple example, you could look at the last 3 characters of the site's domain, add one letter to each (this is actually an encryption technique called "ROT1"), and append this to your core password. So, for the site "www.verizonwireless.com", we see the last 3 characters of the domain are "ess". Therefore the 3 additional characters would be "ftt" and your final password becomes kM92ax43ftt.
For sprint.com, your final password is kM92ax43jou.
For att.com, your final password is kM92ax43buu.
Tweak your scheme however you want before finalizing it. Some possibilities:
- Prepend the first character to your core password/append the last two
- Capitalize one or two of the letters
- Subtract two letters ("ROT24" encryption) instead of adding one
- Look at the first two chars + last char of the domain, instead of the last three
P.S. My system isn't perfect. It doesn't work on sites that have a short maximum password length (like 10) or have onerous password requirements (like requiring a special character). It also doesn't work for my Windows domain account or my home router where I'm not actually logging into a website. I treat these as exceptions and remember them separately. I do keep notes about exceptions as well, but I rarely need to refer to them.