Warning: this post is going to be a bit longer than I like to do on this blog, but it’s a topic that comes up a lot.

Whenever the topic of passwords comes up at least 50% of the people I talk to (friends, family, clients) say they basically use the same password for everything. I totally get it. If you have different passwords for every site, how are you going to remember dozens of passwords and what site they are for?

The problem is, if you have one password for everything your personal security is only as strong as the weakest website with that password. The security on that Fantasy Football message board is probably not as strong your bank’s website, so why are you using the same password. We also keep hearing about these massive data leaks from Yahoo! and other sites, so any is at risk. Most people are embarrassed, but they don’t know of a better way.

There’s even a site that will tell you if your email address has been stolen and leaked (you should definitely check to see if you’re at risk).

So what to do?


Option 1: Use a password service like Last Pass.

They track your passwords for you and you only need to remember the master password that you set up for that account.

Option 2: Use a personalized system (this is what I use).

Step 1: Create your codex

  1. Create a list of 26 words. One for each letter of the alphabet (A: anchor, B: bean, C: carry, etc.). Write them down on a piece of paper for now. Each word should be 4-6 letters long.
  2. Choose a 2-4 number combo and a symbol.

This is your codex. Every time you need to create a password you’ll use two of these words and the same number combination and symbol.

Step 2: Your personal system

  1. Decide how you’ll which two words you’ll use. For example if you’re creative a password for “google.com” you could use the word for the first letter (g) and last letter (e) in which case your password words might be: “gamer” and “epic”.
  2. Decide where the numbers and symbols go, and which letter(s) should be capitalized (#gamer27Epic, Gamerepic27#, 2gameR#epiC7, etc.). For your own memory’s sake this should be standard across your different passwords.

Step 3 (optional): Harden your system.

If you’re going to go through the trouble of changing all of your passwords you may want to make them as secure as possible. There are a few ways that you can make your passwords even stronger while using this same basic system.

  1. Use certain symbols every time you use a certain letter ([email protected], s=$, i=!, h=#, v=^) and then make sure each of the words on your list has one of those symbols.
  2. Use three (or four) words instead of two.
  3. Use numbers that are related to the website name (google: two syllables + six letters = 26, google: g: 7th letter + e: 5th letter = 75)

I know this is not a perfect system, and it is not the very best in terms of security, but it’s much better than one password for all of your accounts, and I’ve found it very usable. At first you’ll need to refer to your list, but pretty quickly you’ll memorize all of the words on your list (FYI it’s better not to have this list stored on your phone or in your email, paper is better). And if you share this system with your spouse you’ll start to say things like “honey, what’s the S-word?” and it will be funny.

Thoughts and comments are welcome.