Well, it’s time for my annual round of password changes. Every year, I change the passwords for every account that has required me to have one. I do this for security reasons, just in case someone has stolen a password or my accounts have otherwise been compromised. I also have a different password for each account, so if one password is stolen, the thief cannot gain access to all sites I frequent.

You may wonder how I can keep track of them all. Easy! I develop a password scheme. The schemes I develop allow for a unique password for every site, but also one that’s easy to remember. Obviously, I’m not going to tell you what my current scheme is, or even those from recent years, but I will share one from several generations ago.

First, let’s go over some password do’s and don’ts:

1) Do make it long: “pw” is a bad password for multiple reason, first of which it’s short. Make your passwords 8 or more characters in length.

2) Do make it hard to guess: Don’t use obvious words, phrases, abbreviations, etc. “kentucky” is a longer password, but it’s still pretty obvious, especially if you live in Kentucky and are a UK fan! Make a password that isn’t a word, or is at least a combination of words, such as “uknumonefan.” Another route to take is to think of your favorite quote, Bible verse, etc. and use the first letter of each word for a password. For example, “Pick battles important enough to fight and small enough to win” would make the password: pbietfasetw.

3) Do mix upper- and lower-case letters, numbers and symbols: As with above, a word with just lower-case letters can be figured out sooner rather than later by those who really want it. Mix it up to make it harder. Throwing numbers and upper-case letters into the mix expands the pool of choices from 26 to 62, even higher if you add symbols. A popular technique is to substitute numbers for letters (3 for e, 0 for O, 7 for T, 4 for A) and capitalizing every other letter. Taking the above password - uknumonefan - we can turn it into uKnUm0n3f4n. Much harder to guess, but still fairly easy to remember. Let’s take it a step further and add a symbol to the mix. First, let’s transform it to uKnUm1f4n (don’t want it to be too long), then replace the 1 with !, which is shift-1. This leaves us - uKnUm!f4n. Much harder to figure out than “pw” or “kentucky!” Unfortunately, some websites (including my bank’s!) won’t allow you to use certain symbols, or even any symbols at all. If this is the case, make the password longer to make up for it.

4) Do change your password frequently: Even with tough passwords, they can still potentially be guessed. If you write down passwords on paper or store them elsewhere, someone could see them. Changing them often will ensure you protect yourself.

Now for some (more) don’ts:

1) Don’t make the password so hard it takes you twenty minutes to type it. You’ll end up hating it and going back to the easy password.

2) Don’t make the password hard to remember. If you do, you’ll have to reset it every time you try to login, and then you’ll be really confused.

3) Don’t repeat the same letter, groupings, etc. throughout the password. Keep it as unique as possible. 2288e!e! isn’t all that great of a password because of the repetition.

4) Don’t the same password for every website. Don’t use your hotmail, yahoo email, etc. passwords, or a password for a website that you don’t trust, for your bank or other financial websites. Make sure your bank and other important websites have a unique password, different from others. If a password gets stolen, you don’t want to give the thief access to everything!

Now, as I mentioned above, I develop a scheme that allows me to have an unique password for every account, but is such that I can easily remember it. An example of this scheme is: o3o2!cvhm

The scheme is this - month, year, symbol, username, website. The first “o3″ is the month, March in this case. I substituted a lowercase “o” to hide this. The second “o2″ is the year, 2002 in this case. These two parts of the password are the same for all passwords and help me remember when the password scheme was instituted, or alternatively when I need to change it again.

The next part of the password is a symbol. I choose “!” as the baseline, but this can easily be changed to anything based on what the account requires (if it allows symbols or not) and to help with uniqueness. This is also a good part of the password to use if you’re forced to change a password every few months. You can keep the main scheme of the password intact, and simply change this symbol to create a new password, using ! the first time, @ the second, etc.

The next two sections of the password ensure uniqueness per account. “cv” represents the username for the website. In this case, my username was most likely cvaught or something similar. Easy to remember, since you need to know your username anyway, but unique per site…in most cases. Sometimes you’ll have the same username for multiple site, which is where the final part of the scheme comes in. “hm” denotes the website or account in question. Here, “hm” is for hotmail. The combination of the username and website parts of the scheme ensure an unique password for every account.

There it is, a password scheme that’s tough to figure out, unique for every site, and will remind you to change it!

How secure are your passwords? Do you still have the same password from 5 years ago? Please leave a comment with any password tips or experiences you may have.