••• CLICK HERE FOR AMT236 •••
Passwords are like tattoos of the Bishop of Peterborough dressed as Elvis: we’ve all got them. RIGHT? On that subject, Dylan muses upon the question raised by Jack in AMT236:
There are plenty of opinions in the IT community to support the idea that a password change policy is actually not beneficial in a meaningful way. In fact in some cases it can harm security as users who are forced to regularly create new passwords are more likely to choose easy to remember (and potentially guess) passwords, or to write passwords down or record them in a file.
However it really is a good practice to use a different password for every site you visit. The method I’ve used and recommend to other people is to use part of the site’s name or URL within the password you use. You start with a reasonably complex password that’s common to all your sites, and then modify it slightly for any given site.
So you could have “R4gh1p5″ as your common password. On eBay you might then use “eR4ghy1p5″ on that site – the same password, but you’ve added the first letter of the site’s name at the beginning, and the last letter of the name before the “1” in the password. This way you have a unique password on every site, but only have to remember the base password and the rule you’ve come up with.
Good tip, Dylan. For the legion of people whose password continues to be ‘password’, I’ve made your life easier: you just need ‘epasswyord’ for eBay, ‘apasswnord’ for Amazon and ‘gpasswsord’ for Geocities. I assume those are the only websites you use.