Passwords


I am extraordinarily lazy with passwords. Traditionally I have used just two passwords for everything. Even my PINs have been just a shortening of one of those two passwords. One of them--the stronger of the two--is character-for-character a password my parents were 'assigned' when they signed up for AOL about 1,000 years ago. I use that one for the more serious things like bank accounts and Gmail. 

The other password is based on--well, I'm not going to tell you that because it would be super-easy to figure it out if I did. I use that for about a million different things. Which is super-dangerous. Because if anyone got ahold of that one I would be well and truly effed. Ironically that is the weaker password. I am an idiot.

I knew I needed to completely change my [arguably non-existent] password scheme to protect myself online. So here's what I did...

I found a really useful password generator via OneThingWell, called Oplop. There are two really clever things about Oplop. One, it generates random passwords based on an account nickname you choose and a 'master password' that you keep constant for all of your Oplop-generated passwords. For example: your Amazon.com account could be nicknamed 'amzn' and your master password could be 'password'. For that combination Oplop returns 'fT1OVXZ4'. And it will always return that password for those two entries. You never have to remember the password because if you remember the nickname you gave the account and your master password, you can always re-generate the final password. And its easy to cut-and-paste the password [be sure to either clear out your clipboard or use a script to do it automatically for you]. And it's secure in that neither the nickname or the master can be derived from the final password.

The second clever thing about Oplop is how easy it is to access it. This is important because you aren't likely to remember all of these seemingly random passwords for all of your sites and accounts. It has to be easy and quick to look them up on Oplop. It is. On the MacBook I have the site bookmarked in my Bookmarks Bar. In iOS you can save Oplop to your Home Screen as a web app. Just click on the Add button at the bottom of the screen [in the middle--between the Right Nav button and the Bookmarks button] and hit Add to Home Screen. Of course, Mobile Safari is smart enough to recognize Oplop as a web app and pops up a little banner telling you how to do it...

The end result, I have really, really secure passwords for everything now with just one more step--and that's only when needed. And you couldn't crack them by knowing me, because I don't even know what they are. 

What about sites like Amazon that require your password all the time? Doesn't it get tedious to re-generate the password every time? Indeed it does. That's why I only use Oplop for sites that either use the Keychain to stay logged in or that I don't go to that often. For other things that I need to enter all the time, I found another solution--also on OneThingWell, Singing Passwords. In a nutshell, you take a line from a song and use the first letter of each word in that line. From there you alter it--adding numbers, capitals, etc., to get a robust password that you can easily remember.

For instance: the first two lines of Being for the Benefit of Mr. Kite, one of my favorite Beatles tunes, go: 'for the benefit of Mr. Kite / There will be a show tonight on trampoline.' Take the first letters and you get: ftbomktwbastot. Add in some numbers and an obvious capital: 4t8omKtw8ast0t. Now that is a damn good password that should be easy to remember and really tough for someone to break--as long as you don't tell anyone which song you used... 

This stuff is important, but tedious. It needs to be easy for the average person to do this. With Oplop and a bit of a song it is.