You must have lived this moment in your school days. You prepare for your written test leaving one tough chapter. You get the question paper in your hand, you run an anxious look at the paper and your heart stops for a moment. The question from the tough chapter is lurking there.

We relive this moment when we visit a website after many months and the website asks that dreaded question – what is the password? After a couple of futile attempts at guessing the password, you frantically look for that life-saving link that says- forgot password? But now you are on to the arduous process of setting a new password.

Why does this happen to us? It goes back to the issue of our limited working memory! Unless you memorize your passwords like mathematical tables, there is hardly any chance of remembering them, especially if we don’t recall them regularly. Our digital world today demands passwords on every website we visit. It’s not practical to memorize those many random passwords. What is the way out?

One major technical solution that is available now is to use password manager applications. When you use a password manager application, you have to remember just one password, and the rest of them will be created and provided to you by the application. But, most of them are available as freemiums, so for more serious use, you would require to pay. Also, you may not feel secure handing over all your passwords to just one agency. 

If you are looking for some simpler and cheaper solution, here it is:

Our approach here will be to minimize what must be memorized and then write down everything else in a cryptic way in a secure place. Let’s get into the details. 

The easiest thing to take care of is to minimize the user IDs that we use. With the ubiquity of emails, your email addresses have become the best choice for user IDs. Try to limit the user IDs that you use, if not just one, to control the chaos.

The next thing would be to minimize the number of passwords that you require. As you know, Google, Facebook, Twitter, and a few others provide a mechanism to authenticate and identify through their service. You should use them to the maximum. You would get to manage several websites with just one password.

You should maintain a pecking order of services for yourself, instead of going by a random choice. It’s like using, let’s say, Google first, and if that is not available, using FB, and if that is also not available, Twitter, and so on. However, you will need a mechanism to recall the passwords of these service providers well, whenever needed.

There would still be several highly secure websites that do not use these service providers. Typically, they would also ask you to change passwords quite frequently. In this scenario, you may want to prepare a logical (to you) series of passwords. A complex keyboard pattern is my best suggestion here as you could move that pattern around the keyboard to get a series of passwords. The only thing you now have to remember is which one in that series is the active password. 

For all other websites where you don’t have to change the passwords frequently, you need to get creative and make hard-to-guess passwords. Do not use passwords such as your pet’s name, or child’s name, which others know about. There are several movies and TV shows that are hinged on how a villain could guess the password and could get into someone’s account.  Although that is all fanciful, the risk exists. You could use derivatives of those familiar names and words but only in a way that no one else could guess that derivative.

Now that you have a bunch of passwords in use, the next question that arises is how to secure them. Writing them on paper is very inefficient and not a fool-proof solution. The best idea here is to use a cloud service, such as Google Drive or Microsoft OneDrive, etc. This is what you should do:

  1. Create a document on the cloud that is NOT named after “password”. Call it whatever else that would give you a clue that it contains passwords. This is where you would store your passwords but in a cryptic way so that neither a person nor a machine could make sense out of it even if it falls into their hands. 
  2. Each entry in this document will contain the name of a website, the respective user ID, and the password against it. You should use a cryptic name for the website and the user ID that only you could decipher. The only caution here is that, do not make it so cryptic that even you couldn’t guess it on your next visit. Once this document grows, you would end up using the file search mechanism, so you need to know what you should search for. For passwords, you would write the password hint and not the actual password. Again, the hint should help only you to decipher the password and no one else.
  3. The last thing you need to do is to create a shortcut to this document on the browser bookmarks bar, where you could see and use it easily.
  4. The next time you do not remember the password of a website, click on the shortcut to open the document, search for the cryptic word for the website and check the password hint. Whenever you change the password, you should first update the password hint in the document and then go to the site to change it, so that you do not forget to enter the new information in the document. 

That’s all to it. You might struggle with this method initially like anything new that we do, but with practice, this will make a fool-proof, secure, and reliable support system. Not being able to get the website credentials in time is a big productivity dampener, in today’s security-conscious world. Sprucing up your password system will take you a long way in staying productive. 

Subscribe to my newsletter, to get tips like this and more, directly in your inbox!

(Originally published in Times of India on July 17, 2022)