Home  »  Solutions  »  Remember Just One Password That's Unique For Every Site
Preview of Remember Just One Password That’s Unique For Every Site

Remember Just One Password That’s Unique For Every Site

Nate Weiner - Posted in Solutions, , , Comments (45)  -

Like anyone using the internet today, I have a lot of accounts that need passwords. Bank accounts, social networks, new startups I’m checking out, email accounts, blogs, forums, you name it. Though I keep unique passwords for important services (like servers and email accounts), it still is a pain to have to remember passwords for every service I’m using on the internet. So after a while I find myself reusing passwords.

But that’s not very safe, because if one service is compromised and my password is found out, everything else goes too.

Well last week as I was begrudgingly making up another password I realized a simple way to make this madness a little easier. It’s a simple way to only have to remember one password, but have it be different for every site.

How to Make the Password:

Step One

First, rather than remembering a word for your password, remember a phrase instead. For example:

“I Have Way Too Many Passwords To Remember”

Then take the first letter of each word as your password, so…

I Have Way Too Many Passwords To Remember”

would be: ihwtmptr

This makes your actual password look very random. Alone, this would be a pretty secure password.

Step Two

Say you need a password for your bank (ex. Wells Fargo). Just take the first letters of the name
(Wells Fargo = wf) and add it to your password:

wfihwtmptr

Or another example, if you need a password for Facebook:

fihwtmptr

This way your password is different for every site, is secure, and all you have to do is remember one phrase!

Extras

You can make this a little less obvious by putting the initials from Step Two in the middle of the password instead of the front. You could even make this easier on yourself by using the name of the site/service in the passphrase. For example:

What Is My Facebook Account Password?”

would be: wimfap

What Next?

Related Posts:


More: , ,

Comments (45)


  1. Have any of you used other methods to manage the insane number of passwords we all need?

    March 19th, 2008 Nate Weiner

  2. well… it only made people who want to find the password a little bit harder…
    it’s best to MD5 what ever your passphrase is with the site’s name… and use that as password

    March 20th, 2008 Mgccl

  3. This is what I did for my accounts. But I can’t give you any hint on my password creating convention. :D

    March 20th, 2008 Syahid A.

  4. @Mgccl

    Can you MD5 a password in your head? This method isn’t meant to be hardcore security, it’s meant to be a good level of protection that’s quick to remember.

    I agree though that extra steps should be taken with truly important passwords.

    March 20th, 2008 Nate Weiner

  5. There was a password cracking contest a few months back that demonstrated how length is actually more important than complexity.

    I posted about it here: http://tinyurl.com/yqebur

    If you’re going to use a method like the one you described, pick a longer sentence.

    As for other password solutions - try a password manager ;)

    March 26th, 2008 Tara Kelly

  6. [...] the Idea Shower » » Remember Just One Password That?s Unique For Every Site - It?s a simple way to only have to remember one password, but have it be different for every site. Posted on March 26, 2008 in links by admin [...]

    March 26th, 2008 AKA Riptide Furse » My del.icio.us bookmarks for January 31st through March 26th

  7. Another variation is to make your password a dictionary word, but to move your fingers one or two keys to the left (or right) while typing. Easy enough to remember.

    That said, you should simply demand OpenID: http://demand.openid.net/ :)

    PS: I’ve been thinking about a site like this (ideas, solutions) for years, congrats for making it your reality!

    May 21st, 2008 Robin Millette

  8. Also check out PasswordMaker: http://passwordmaker.sourceforge.net/

    June 18th, 2008 Totalnubee

  9. The password can be made more secure by using a combination of different cases and replacement letters (for example 5 instead of s, 7 for T and so on).

    June 24th, 2008 Ashish Bogawat

  10. If only it were so simple - unfortunately as sites become increasingly more security conscious, they add more restrictions to the size and composition of the passwords. Since they are all doing this independently, they often choose restrictions that are in conflict with those of other sights.

    June 30th, 2008 Carl Campbell

  11. What I do is take an animal, food, color, etc. that I enjoy (only one) and misspell the word. Like changing an s to a z. Then you add numbers. For example for different accounts on computers you could have your laptop be e.g. googul11 and then make your password for your asus eee pc googul12 or 21 and then your desktop googul23 or 32. Then just have a longer one for your email (one of a kind) (e.g. you could make it googul321. And then a you could have a unique one for all of your social sites. Like for twitter, myspace, meebo. E.g. googul234. And then one for your file storage sites. E.g. googul456. Anyways… it’s the same word, just misspelled so it is hard to guess, with a different set of numbers at the end. [:

    July 31st, 2008 Will

  12. Good idea. This was suggested by a teacher of mine a while back, and although I don’t do it, it’s a great idea.

    What I hate is when sites have bogus requirements for your passwords (like case, or numbers, or special characters). It’s impossible to make a single phrase that works for any account. I like having a secure password, but some sites don’t allow special characters, and some require them.

    @Will
    Then the only thing that changes is the number sequence at the end, and you’re forced to remember numbers rather than an actual password.

    August 4th, 2008 Ishmael

  13. Well, I am using quite a similar method for years now and it really does work. I manage a heap of computers and remembering all the passwords without a formla of some kind would not be possible. Having all passwords exactly the same, well, it would be plain disaster, as you sometimes need to give the password to a client or a co-worker.

    I just need to point out, that the forumla should not be too easy to figure out with just looking at a few known passwords. So adding more variables that are not so easy to spot helps.

    August 6th, 2008 J.L.

  14. Thanks, a nice article, I am using this in webpages, but it doesn’t work in servers or pages that have harder security demands and passwords need to be changed periodically. If someone have idea for them, I’d like to hear it!

    August 15th, 2008 T.U.V

  15. More thoughts:

    There are some critical security threats: People should be able to understand/know which sites they should register this way.. If user registers her/himself to one or more malicious site(s) which/thar is/are set up to collect usernames and passwords, the owner of the malicious site (or a bot) may try to crack passwords againts other sites by finding and removing added characters of step 2 and adding new characters:

    If malicious site is for example http://www.malicious.xxx, and user has registered with a password ‘mihwtmptr’, it is pretty obvious that the added character is ‘m’. If the user has registered also to http://www.safe.xxx, ofcourse at the first time the password collector tries ’sihwtmptr’ as password :P

    There is always also a change that usernames and passwords of sites or services get lost (usually in md5) and are published, as we have seen too many times… And, as we have also seen, people use same too short passwords and usernames in different pages, and because of this real passwords have been calculated “from md5″.

    If usernames and passwords get lost and are published, this method gives more security, because md5 sums of passwords are not similar. But if plain text passwords are stolen (by malicious sites or somehow) and characters of step 2 have been taken directly for example from page’s url or service’s name, this method does not help much. It of course makes cracker life harder, because the same password does not fit everywhere. But it is possible that passwords of two or more different pages are stolen and/or published in plain text, and then guessing the method of step 2 may be pretty easy.

    So, some ideas: People should use also different usernames (which is not an option, because people want to use same usernames everywhere:) Using different usernames also not completely remove the problem. If parts of passwords remain same but usernames differ, and these have been got lost and maybe published, crackers may just find passwords with same stubs (in this case ‘ihwtmptr’), collect different usernames and test them all against other pages.

    Also do not take letters directly from the name of the pages, f is not good for facebook, use instead letters next to the f, for example d or g or something else that does not directly tell the cracker the method of step 2.

    For “not so crusial sites” this is a very good method to remember passwords, but people should not use this method in every page!

    Do not use this ‘ihwtmptr’ anywhere, invent your own and use also numbers and capitals.

    August 15th, 2008 T.U.V

  16. TUV is right. Password managers can be a good idea. Take your passphrase, make it a combination of uppercase-lowercase letters, numbers and symbols like @,!,$. Foreign language words typed in the above manner would be great if somebody cannot MD5 the passwd.

    September 4th, 2008 Ted

  17. I like your method. A suggestion could be to replace the vowels with numbers or symbols: wfihwtmptr ~= wf!hwtmptr

    By the way, I’m a newbie to your site but am becoming an instant fan of ReadItLater. Good stuff.

    September 6th, 2008 Dave Robbins

  18. Don’t forget to throw in a random number or character once in a while too!

    September 6th, 2008 Mark Mathson

  19. i have a very good idea too for passes but ofc. i will not say because i am already using :P

    September 6th, 2008 slnkr24

  20. Another suggestion: Never give your real email. E.g. I have several email addresses that all get collected in one account from which I can write with every address (e.g. gmail offers such pop3 collection - and automatic deletion from the other account and the writing with other mail addresses) . You can use the same password for fairly safe pages (all big ones I would say ;) ) that you register to and your mailaccount - and even store secret information in the account, as long as no connection between the final mail account and the user account on a page can be made (which is through the collection - nobody knows my “real mail address”. The important stuff needs unique pws anyway (bank…) and if you don’t use the exactly same username for all pages out there the chance to get caught by a password collector who actually finds a way to use this information is quite small!

    If the email you give is a non-usual one (e.g. I use the maildomain of my site) it gets even more harder, as the collector first has to find out where you can actually get into the account.

    Use generic pws for all other mail accounts and maybe remember one or two more words for unsafer pages - and, you’re safe. The main risk is still a password sniffer that actually is on your own pc… and fake banking pages and the like…

    btw your pw-generation-way is cool… once you get the idea it’s obvious, but to get it in the first place…

    September 14th, 2008 kdas

  21. the one that worked best for me was to take a word and split it in half, say “aluminum” = “alu” “minum” then stick a set of numbers in the middle, say the number for aluminum in the element chart 13, then capitalize the second part of the word. So you get: “alu13Minum”. this gives you a pretty solid password with out making it too hard to remember.

    With this site specific thing, I have done similar things, take a pretty small word, add my favorite number, then tag on a few letters at the end that change, so, my base password would be “play12″ then tag on some stuff specific to that site, “IdeaShower” would get “play12IS” and if they need longer passwords, add yor 12 a few times: “play12IS1212″ you still get the easier to remember system of only using the base “play12″ and the uniqueness by using the site’s identity.

    October 31st, 2008 BillyNair

  22. use a password database it works :D

    November 9th, 2008 Ludger

  23. I suggest creating a semi-random password either with a pattern of letters or using a method like the one above.
    Then I just slightly manipulate it with caps or numbers, symbols for other passwords. It seems to work pretty well.

    Of course some real crypto with a secret key you store locally would be ideal, but takes lots of work.

    December 1st, 2008 SomeReader

  24. I use a similar approach:
    I took two words from my German dialect. 99.99999% of all the people around the world don’t understand these words and my dialect is not written. :-) Then I put a symbol between both, put some letters to uppercase and then I take the first and the last letter of the site where I use the password. Let’s say my word are “cat” and “dogs”.
    Step 1: catdog
    Step 2: cat’dog
    Step 3: cAt’doG
    Step 4: Facebook: KcAt’DoGf

    Works well!

    December 10th, 2008 Ivan Blatter

  25. If you’re like us (lazy), it’s far simpler to use a tool to make the job easy for you, LastPass will allow you to have one good master password, and can create good passwords for you on the sites you use.

    December 13th, 2008 LastPass Password Manager Staff

  26. Hey!

    Nice post. To make memorable passwords I use a standard format. Eg. I choose and easily remembered number ie. 314126535 (pi) Then prepend and append words that make sense. eg. face314126535book, flickr314126535account

    This isn’t exactly my system but it’s similar! works for me!

    December 23rd, 2008 Dale

  27. Lastpass is the best tool for this, in my opinion.

    February 1st, 2009 Jason

  28. In my religious practice we use a hymnbook. I find using my favorite hymns to be a way of creating easily remembered (or found) alphanumeric passwords. For example, hymn #613 “Thy Holy Wings” has 3 verses. It becomes 613THW3.

    February 20th, 2009 Richard

  29. A really excellent password manager I use is http://www.clipperz.com - they also have a “one click to login” facility for any site details that you have in your list. I guess as they publish their algorithms, I have to assume that they are (as yet) unhacked, or someone would have blown the whistle? : ]
    p.s. Read It Later rocks!

    March 3rd, 2009 Nick

  30. Back in ‘90-’92 I worked at AT&T. I had a dozen different accounts on the various systems and they had to be changed every month. Back then I used the same password for all systems (definitely not recommended today!), using the following algorithm: [first three letters of birthstone of the month] + [2-digit month] + [first three letters of the flower of the month]

    The nice part of this system was that all of the necessary info was on a calendar hanging next to my computer.

    When I first got on the Internet, I was assigned a random 4-letter password. For a while I just took that random password and added a former pet’s name. Later I started taking the SECOND letter of the website and adding my pet’s name to the end. The only problem I have had was when a site changed its name (such as GeoCities –> Yahoo).

    March 8th, 2009 SoSaysSunny

  31. In an easy to remember password replace a with @/&, i with 1, s with $ and so on. This also takes care of the special characters, numerals clause.

    March 19th, 2009 Arvind

  32. [...] or having to keep them all written down somewhere (which in itself is a security risk). The website ideashower.com offers a simple way to create a unique, easy to remember password for every account. Step [...]

    March 31st, 2009 why god hates me ยป How To Easily Remember A Different Password For Every Site [Security]

  33. I like the “up and to the left” method of password creation. This could work for different websites as well. For instance, your password for ideashower could be:

    8e3qwy9234

    Throw in some random capitalized words and you could have:

    8e3qWY(@#$

    This is done by taking your fingers (in the traditional home row position) and moving them up and to the left one. Instead of ASDF JKL; it’s QWERUIOP. Type normally from there. It takes some getting used to, but it makes for very secure passwords if you randomize capitalization or - even better - if you intentionally misspell words.

    April 1st, 2009 CMK

  34. Another way to is to choose one letter to become a number an E as a 3 for example…

    April 1st, 2009 sean

  35. I use a phrase and part of the site name such as “jump for joy” and ideashower : jmp4sh0w3r

    Facebook : jmp4fac3
    Twitter : jmp4tw1tt3r

    I keep a list of my username password combos and asterisk out the 1st part of the phrase (just in case someone is snooping) : ****tw1tt3r

    You can do this with a longer phrase. It is pretty intuitive. The only problem is the user name which can be different depending on the site.

    April 1st, 2009 James Ballard

  36. for the same purpose I have made an Web/Windows App
    You can put the sitename, a initial password and a key(salt) and it will generate a password for this.
    See it online at serviciipeweb.ro/downloads/pwdgen/index.aspx and you can download for home the windows program at serviciipeweb.ro/downloads/pwdgen/

    April 6th, 2009 Ignat Andrei

  37. On password creation and management, I was surprised that there were no comments about using Roboform. I feel I can’t live without it! I have dozens of unique passwords stored there and have never had a problem.

    June 23rd, 2009 NaomiJ

  38. I like this idea so much, and USE this idea so much, that I switched from the free version of the Read It Later iPhone app to the paid as a little show of support.

    You can really tweak this concept & come up with any kind of permutation that works for your own mind, situation, or security needs…

    Thanks!

    July 2nd, 2009 David

  39. I have thousands of passwords and needed them to each have maximum security. I use the random password generator available here: http://www.pctools.com/guides/password/

    I store all passwords in an excel spreadsheet which is encrypted and protected with a password.

    As such, I only need one password to be able to access every site I use while keeping the password for each site/service at maximum security so that it is almost impossible to be able to guess one password I use, let alone more than one.

    Hope this helps everyone.

    best wishes
    Dave
    SmartMediaPro.com

    September 2nd, 2009 Dave

  40. I’ve started using supergenpass.com, it’s a bookmarklet (aka lightweight) and has a web version if you’re not at your own computer.

    But what’s the point of a strong password if the site you’re logging into stores it in plaintext (aka readitlater)?

    September 3rd, 2009 Nate

  41. This is a great idea, and I’ll begin using a version of it. Passwords are a huge issue. After years of frustration, I believe I finally found a password manager that is robust, encrypted and multi-platform; it’s Last Pass. I’m not involved in its development, just a finally satisfied user.

    September 15th, 2009 Jim

  42. I have been using a password generator (free on line) and using the same password for everything.

    September 16th, 2009 Rick

  43. 1Password does exactly what you are asking for. Without having to remember more than 1 password yourself:
    http://agilewebsolutions.com/products/1Password

    October 13th, 2009 Jo_st

  44. not bad idea, not bad at all :) I like it … but by tyoing pass so many times you will memorize it, and than you don’t need the whole sentence at all right?

    November 27th, 2009 Tower Defense

  45. Sound like good suggestion, but it has a flaw, if someone intercept one of your password in plain text, that person will be able to engineer the other password for your other site, since he now know the pattern of your password generation… hm… maybe i’m a bit too paranoid :)

    January 17th, 2010 merc

Leave a Reply

Posted in: Solutions • Comments Feed: RSS 2.0 • You can leave a response, or trackback from your own site.