The use of online resources continues to grow, and with it, the value to having an online account with the companies with which we like to do business. Lots of people have accounts with companies like Google for email and Amazon for shopping.
Although it is generally safe to use services like these, not all services are as established as these services are. Companies who started their businesses online tend to have a firmer grasp on the realities of securing data compared to traditional companies who only look at their online presence as an expense and a necessary evil.
Only in the months of June and early July 2012 big web sites such as Linkedin, Last.fm, eHarmony, Yahoo, Nvdia and others have reported a security breach where user’s login credentials had been stolen. These are only some of the known recent leaks, and the unreported number of cases is probably much higher. – Thomas Pircher
Once a site has been compromised the information like the username and password is typically put up for sale. In an example of Target being compromised you may well think that the problem is localized to your relationship with Target. However, since most sites use an email address as a universal identifier for usernames and users tend to use the same passwords for multiple sites, now the person with your credentials can potentially access your other online relationships like banking, shopping, email, and more.
Now we are faced with a dilemma. If we should have strong passwords for websites, and we need to have unique strong passwords for each site, that is a lot for anyone to remember.
This is where creating a pattern comes in handy. With just one complex password you can use it as a template to make passwords for each site you visit unique.
Step 1 is to come up with your complex password, and
Step 2 is to come up with a rule how to use that password and the letters in the website you are using.
By combining steps one and two, you can create unique complex passwords.
The example below is also published on Thomas Pirchers site.
the root password is: abc+123-XYZ
the fixed rule is: take the first 2 letters from the domain name, then append the root password and finally append the last two letters from the top-level domain
the password for google.com would be goabc+123-XYZco
the password for yahoo.in would be yaabc+123-XYZin
the password for example.net would be exabc+123-XYZne
Some tips and possible solutions to common problems
If a site has different top level domains, such as gmx.de, gmx.net, then it is necessary to choose one preferred domain name and to use always that one.
Sometimes a website will have multiple domains, which can be for technical reasons or geographic distinction. If you find this to be the case you can decide on one to use regularly.
Mr. Pircher advises,
Don’t make the rule too complicated to remember. It is better to use a simple but effective one.
Now that you have a method to establish your pattern you can use this process to create uniquely complex passwords. In the event that one site you do business with becomes compromised you don’t bear the increased risk that your other accounts could be in jeapordy.
Now, this method can be very effective but it is not a magic bullet to protect you online, but it can provide some peace of mind to hedge the significant risk that many run today authenticating with the same password on multiple sites.