If your like me (God help you.) you’ve got accounts on dozens of websites. Your bank, credit cards, eBay, PayPal, Facebook, Twitter, your blog, and any number of forums or hobby sites. Each one has a login and password. How in the world do we keep track of it all?

For most folks, the solution is simple. Simply stupid, that is. They use horribly insecure passwords. A colleague just sent me a link to the Top 20 Most Common Passwords which in turn links to the Top 500 Worst Passwords (Parental Advisory!! Some people have potty-passwords!) Way too many people use names, common words, or easy to guess combinations, like “121212” or “qwerty.” These people are easy marks for hackers. Don’t be an easy mark!!

The advise I’m about to give you is not unique. I claim no mystical knowledge. You can find it on any number of web sites, but I do think it’s worth sharing.

First off, I strongly recommend that you create what I like to call a spam email account. Use hotmail, yahoo, etc. to create a free email account that you’ll only use for signing up on websites. That way, you’ll have a place to get the inevitable confirmation email, but you won’t be risking your personal email address to spammers.

Now, for passwords:

1 – Don’t use words or names.
2 – Don’t use common non-words. (ex. “qwerty” or “asdf” [Keyboard patterns] or “NCC1701” [Registration number of the Enterprise on Star Trek. Don’t laugh, it’s #139 on the 500 worst passwords list!])
3 – Don’t use common personal information like birth or anniversary dates or phone numbers.
4 – Don’t use only numbers.

“Well, good grief,” you might be saying. “What am I going to use?!” In a word, acronyms! Do you have a favorite song, movie quote, or Bible verse? Here’s an example:

Twinkle twinkle little star, how I wonder what you are.

Now as an acronym password, that becomes “ttlshiwwya”.

5 – Add special characters and use both upper and lower case letters.

For our example above, we could use “*” instead of “star” in our acronym. We could also use “R” instead of “are.” We could replace the lower case “l” with a number “1”. And we could capitalize the first word of each phrase. Now we’ve got “Tt1*HiwwyR”. That’s a pretty good password… except that I just published it on the internet, so now it’s junk. Don’t use it!

Now for one more rule that I have not heard anywhere else, so I am claiming as my own.

6 – Come up with a system that incorporates something unique about the website in question.

Remember I said we’ve got dozens of sites for which we own passwords. It does no good to have a rock solid password that you use everywhere. What happens if, say, Facebook gets hacked and someone steals your rock solid password? The hacker is not going to make any money off of hacked Facebook accounts. Where he butters his bread is taking those passwords and trying them out on eBay, PayPal and major financial websites. If you’re Facebook password is the same as your bank, you’re in big trouble. Likewise, you may want to create multiple spam email accounts or login names that are related to the website. This will decrease the chances of someone cross hacking your accounts.

Come up with an easy to remember keyword for each site.

Bank website -> Money
eBay -> Junk
Stamp collectors forum -> Lick
Online T-shirt store -> Threads

You could even use the name of the site (not as secure, but easier to remember). Now, obviously, you’re not going to use these keywords as your password, but you can use them as part of your password.

Let’s say we take “Tt1*” from the example above. We’ll call that our password root. Now we need a password for our bank, “1st Secure Bank of Awesomeness” whose website is “www.1stsecurebank.com”. Take the last three letters of the website: “ank” (Not “com”… duh.) and inject that into your password root. We could just tack it on the end (“Tt1*ank”), but that might be too easy. How about we interweave the two. So “Tt1*” and “ank” become “Tatn1k*”. Now, you need a password for your stamp collecting forum, “WeLoveStamps.com”. Using the same method, we get “Tmtp1s*”. Get it? Now you’ve got a unique password for every website you visit that is nigh impossible to guess.

But what’s this?! You’re bank wants you to answer some simple questions to help identify you in case you forget your password! What’s your mother’s maiden name. What was the name of your childhood pet. Where did you go to school. These are easy questions! No problem, right? WRONG!

Remember a while back when Sarah Palin’s email was hacked. Guess how the hacker got in. “What school did you go to?” Umm. “Wasilla High School?” Bingo! I promise your bank won’t reject you for inventing a fake answer to these questions. In fact, I would recommend that you give the answer to a different question.

Q) Where did you go to school?
A) 1992
Q) What year did you graduate?
A) Amarillo High School
Q) What was the name of your childhood pet?
A) Sarah Parker
Q) What is the name of your closest childhood friend?
A) Freckles the Fish

The trick here is to remember what answer goes with what. If you don’t think you can pull that off, you might be better off just making something up. Be sure it’s something you’ll remember.

Q) Where did you go to school?
A) Gotham High School
Q) What year did you graduate?
A) 1939
Q) What was the name of your childhood pet?
A) Batty
Q) What is the name of your closest childhood friend?
A) Alfred

Did you catch that? Batman? Eh? Nudge nudge? Pretty smart, eh?

Now, I fully expect you to spend the next two hours going to every website you’ve ever been to and changing your passwords and your security questions. You’ve got work to do, buddy! You’d better get crackin’!!