DEV Community

Discussion on: How to properly use passwords

kspeakman profile image
Kasey Speakman • Edited on

To add on to your suggestion, it is good practice to use different passwords for every website. Because not all sites treat passwords with equal security. If you use the same password everywhere, that random forum you signed up for 3 years ago might be pretty easy to hack, and therefore it will expose the same email/password you use for FB.

So, I have a strategy for varying passwords between websites that doesn't require a memory palace. I use a complex base password like the post above describes. But I add some characters to the password that are specific to the website. For example, for a bank website, you might choose ba (the first 2 letters in bank) as your extra letters. You take your base password and add the extra letters to the front, middle, end, or some combination of positions. You can choose your extra letters from the kind of thing it is, or the name of the site, or just the first thing you think of for that site. Whatever your strategy, you only have to remember 2 bits of information: your base password and your extra letter formula. Then anytime you go to a site you can mentally calculate what the password should be.

The placement of the letters (front, mid, back, etc) gives some variance for when sites force you to change passwords. Then you use the same letters, but put them in a different place. If you come back to the site sometime later and are having trouble logging in, you can try a different letter placements.

quantumsheep profile image
Nathanael Demacon Author

I didn't mention that the use of different passwords for each website is recommended, nice to mention it!

Your method is a nice way to handle multiple websites issue, like for it will be Dv or something like that.

scottishross profile image
Ross Henderson • Edited on

Current guidelines suggest not having a new password for each website, as you can forget it and through frustration remove all safety precautions.

A better solution would be to have 3 interchangeable characters and use the website names shorthand for it. I.e:

If you have a password like fg24f!hyn%
Add 3 letters for what website: fg24f!HYn%fac (Facebook), fg24f!HYn%twt (Twitter), fg24f!HYn%gth (GitHub).

That way you have learned a master password, and then just remember what website you're trying to log in to... Which hopefully isn't difficult!

Thread Thread
kspeakman profile image
Kasey Speakman

Thanks. Yeah, that's exactly what I was getting at.