Managing Monumental Password Lists

I am a web developer. I hold the keys to countless sites on my own system, accounts with vendors, and all the usual ones the average person must deal with — email, banking, Amazon.Com, online payment systems — which by itself is too much for a mere mortal to bear.

On lamenting such tribulation, one friend solved the entire problem for all of us by suggesting we just use the same username and password for everything.

If only.

I find it barely manageable at best, frustrating as hell at worst. I’m not an idiot — my IQ says I’m supposedly at the opposite end of that spectrum — but I sometimes feel like one. So why is it do darn hard?

The requirements for a username vary, and no matter how obscure, sooner or later you’ll want to sign up for something where it’s taken. Some logins use your email address instead — and often won’t even tell you it’s asking for it so you try your usual user names over and over to no avail. And heaven forbid you’ve had more than one email address over the years and can’t remember which one you used for a particular site …

But passwords are the real problem. Some systems won’t let you use certain (or any) special characters; others demand it. The same for capital letters and numbers. And the same for length. In other words, it is practically impossible to only have one password for everything, and you’ll have to remember which one goes with what account.

So why not just remember them all, once and for all? Because some systems, like my bank, make me change it once or twice a year. And it can’t be anything like previously used passwords.

So how do I survive?

A System

Over time, my efforts evolved into a (somewhat) comprehensive system, in part because passwords have become necessarily stronger over the years. Below are the main elements. Mileage may vary based on your needs, but even using a few of these as hints will probably make your life a lot easier in the long run.

  1. I use certain usernames (and email addresses) for business and others for work.
  2. I have three primary passwords of varying complexity — simple ones for casual accounts, moderate ones for most things, and very strong ones for when security is paramount, such as my server and all my client accounts.

This means that for most logins, if I don’t remember at all, a handful of tried combinations will get me in.

I have another system for remembering client passwords — which I generally assign to ensure they are strong enough and I can give it back to them if they need it instead of resetting it. I won’t go into particulars, but I use a root series of letters, numbers, and characters, some of which correspond by telephone keypad number-letter cypher to certain character places in their primary domain name. This makes all of them unique and calculable — but only to me. THERE IS NO RECORD OF THEM, ANYWHERE. If I die, they will have to be reset by my successor if the client doesn’t know.

A Password List

I don’t recommend having a notepad or bunch of sticky notes stuck to your monitor, but I’ve actually seen those in workplaces, visible to anyone who walks by. If you have to have them recorded somewhere, there are phone apps — password protected, of course, but you only have to remember the one.

I avoided this arguably necessary evil, but only in part. Especially for accounts that have odd requirements or make me change the password regularly, I have a PARTIAL note of the password. Currently, for my bank account, it’s “rK0” and for PayPal, it’s “r..7”.

That’s right. I just gave you my passwords hints to my money. In fact, I have it on a Google-indexed page for reference. But you don’t know my username or email address, respectively, or what or how many characters are missing. But I know it’s a variation of a password starting with a certain letter and ending with a certain number. I remember how my passwords evolved and what I added to them to meet requirements over the years, so it’s actually on the easy side to fill in the blanks.

What Works for You

In the end, your passwords should be meaningful to you — so long as they aren’t related to your birthday, last four of your social, or even words in the English language if you can help it. Mix up capitals and add numbers, but do it consistently and it will make remembering a LOT easier.

If you keep them somewhere, be safe. Maybe an app or online isn’t best for you and going old-school with paper and pen makes sense. Maybe it absolutely doesn’t.

But whatever you do, do it purposefully. The alternative is being locked out constantly — rather than just often enough to scream and rant about it.