Overhaul your passwords--and keep your accounts safe!

For me, this time of year is usually when I start getting those dreaded password-expiration notices. For many of us, we us multiple EMRs, hospital computer systems, emails, list servs, and online course catalogs, each with a different username and password requirement. To keep all your passwords in line, try some of these tips I use. It might prevent you from resorting to a sticky note! 

1. Two-Factor Authentication: For most of us, this is the gold standard in password strength. You can keep a relatively easy password, and then authenticate your identity using a cell phone or other device. The most popular example of this is Gmail, which will send  a randomly generated PIN number to your cell phone when someone attempts to access your account. This PIN is then required to log in. Alternatively, you can use a smartphone app _called Google Authenticator that will randomly generate PIN for any of your accounts. I use this app to control my Gmail, Facebook, Twitter, and other accounts that offer 2-factor authentication. 
2. Create a password formula: Even though you need multiple passwords for different accounts, you can build a password formula that will provide you with an easy way to create a new, custom password for each site. 

In the example to the left, I created a random "base password" that includes numbers, capital and lower case letters, and a special character. This should be an easy to remember password (Red12345!). Then, for every site, I create a password based on the above "base password" by just adding the site name and a number. To keep your base password and formula protected, I recommend using a more complex version of this formula, as this is relatively easy to break once you see one password. 

3.    Create a throwaway account: For many apps and sites, creating an account is merely a formality. For these sites, I recommend using a secondary email account and basic password, since this will not include your credit card information or other personal info, I am usually less concerned with the possibility of that password being found.