Read this article BEFORE you create your own Dana Key and update all of your passwords. This article will teach you:

  • How to use The Dana Key as safely as possible.
  • How to make your Dana Key more complex.
  • How to respond to inevitable hiccups and URL variables.

Safety Tips

Have an alternate Master Password Key for your important stuff

You may not be as diligent keeping your allrecipes.com password as safe as your banking so it's important to be cognizant of the fact that all of your passwords are inherently linked when using this method. In the event that anyone obtained a couple of your other passwords, it is obviously possible for them to figure out your Sequence to get the rest. If you do intend to use this method for your banking, email, and other important services, you should use alternate Dana Keys.

  • You want to be able to change your password every few months for these kinds of services anyway. Following this step will make that far more convenient.
How to Create an Alternate Dana Key
  1. Come up with an alternate 3 letter word or acronym
  2. Use this alternate word/acronym in place of your usual one with the same sequence, or feel free to be extra safe and alter your sequence as well. Do what works best for you.
  • Consider also using a new special character and/or number. Perhaps you could use a different special character or number for each service, depending on how well you think you'd be able to memorize that.
  • Try to change them all at the same time so you don’t forget which ones you did or didn’t do.
  • Super Handy Tip: Do it at the start of every season: Winter, Spring, Summer and Fall and use a word or acronym relating to that season.
Don’t share any of your passwords

I don’t know what you’re going to do with my method. I don’t know how simple you’re going to make your Password Sequence, or what bizarre hack-job you’re potentially going to do to the whole thing.  I’m fairly confident that the passwords made with this method are better than anything you had going before, but with that said, I worry about you.  If you’re the kind of person who is going to do a really simple version of this, AND you’re the kind of person who needs to share a few passwords with a few people, then please keep in mind how easy your particular Master Password and Password Sequence may be to crack. So with that said, it's likely not acceptable to share any password that was made with your Dana Key.  If you have a house sitter who needs to logon to Netflix, you might on that occasion, go in and change the password to something completely random and different before sharing it.  On the bright side, this will perhaps be a rare moment of nostalgia for you as you type in your long lost password that ever graced a plethora of sticky notes: kittens99

  • The following "Complexity Tips" will also contribute to using this method more safely.

Complexity Tips

Use an acronym instead of a word

If you’re going to just plop your 3 letters into the password all in a row (as we did in our relatively simple example with Michael - which I don't recommend, but if you ARE...), then rather than using an actual word for your Master Password Key, pick an acronym you can remember instead. For example, instead of using “cat”, I might choose my child’s initials “mte”.  This way, your passwords will appear far more randomly generated.

 

Make your number appear more random

You can make your number different in each password by referencing the number of letters in the URL.  Count the letters between the www. and the .com.  Then, either go ahead and use that number, or make it more complex by doing some math to it.  For example, you could multiply, add or subtract it by a certain number (don't divide or you could get decimals that you wont know what to do with!).  You could even combine a couple steps like multiply by 2 and subtract 1.  If the number generally ends up being more than one digit, you can even separate the digits in your sequence rules.  The more random and less obvious, the better!

Let's apply this to the simple example we used with Michael:
  • You could make a rule to multiply the number of letters in the URL by 2 then subtract 2:
    • amazon: There are 6 letters in Amazon.  6x2=12, 12-2=10.  Your number would be: 10.
    • cbcmusic:  There are 8 letters in cbcmusic.  8x2=16, 16-2=14.  Your number would be 14. 
  • See? It's a different number in each password.

 

Make your uppercase letter appear more random

Create a rule in your sequence that makes one of the letters from the URL the uppercase letter, rather one of your '3 letters' in your Master Password Key.  This way every password will have a different uppercase letter, and it will be less obvious which letter consistently came from your Master Password Key. 

Let's apply this to the simple example we used with Michael:
  • Instead of "caT", your 3 letters would just be "cat", and you could always make the second last letter of the URL uppercase instead. 
    • amazon: The second last letter would be uppercase "O"
    • cbcmusic: The second last letter would be uppercase "I"
  • See? It's a different uppercase letter in each password.

More Complexity Tips Coming Soon!

Tips for Variables

Nothing is black and white and there are always going to be variables. Fortunately in my many years of doing this, I have already learned how to deal with complications as they come. I’ll save you some time by sharing these tips.

Beware of big companies that have several services

Google, Apple, and Intuit are examples of big companies with several services on different URLs that all use one password. When it’s time to sign in to Gmail but you’ve created your Google services password at “youtube.com” you might find yourself scratching your head.  So when necessary, use the company name instead of the URL.  In this this example of Gmail and Youtube, use the company name “google”.  For iTunes and iCloud, use “apple”.  Hopefully you will think of this the first time, but don’t kick yourself if you don’t.  Once you realize this has happened to you, go ahead and change your password to consist of the company name and just try to remember that’s what you did.

Pay attention if a company changes their branding or URL

Sometimes companies will rebrand themselves and months or years later you can find yourself stuck wondering why your brilliant little password won’t work. This happened to me with Turbotax.  Their URL to sign in used to be “turbotaxonline.com” and when they changed to “turbotax.intuit.com”, I found myself perplexed.  But honestly, it wasn’t a big deal.  I reset my password and it’s worked on their newly branded URL ever since.

Beware of the extension.url.com

You might have noticed above that turbotax.intuit.com has a few dots in it. In this case, it’s important to note that the URL you might be on when you create your password, might not be the same URL you’ll be on when you go to sign in because the words between the dots might move around depending on what section of their website you’re in.  The good news is that one of the words is almost always going to be the company name.  So, just like we did in the other example: use the company name.  It’s your best bet to ensure the fewest hiccups.

  • You can currently see an example of this at cibc.com. If you click to register for your account, it redirects you to cibconline.cibc.com. If you reference only “cibc” when making your password then you wont be confused when you go to sign in at “cibc.com” in the future.
Create a backup Sub-Rule, or alternate Master Password Keys

A backup sub-rule is a rule you add to your Password Sequence only when the password you attempt to create isn’t accepted. I recommend you make this sub-rule simple, such as typing your special character or your number twice. Examples of when your password may not be accepted:

  • The website has a particularly unique and finicky set of requirements such as a higher minimum number of characters. Your sub-rule might not even work with this one, but the least you can do is try. If you forget what you did and have to reset every time you go to that website, then so be it.
  • You accidentally reset your password after attempting to sign in with the CAPS lock on and now the website wont let you recreate a password you’ve already used in the past.
    • In this case, I recommend creating an alternate Master Password Key ( see above) specifically to reuse anytime you find yourself in this situation. After a few years you might have a handful of websites that use this alternate key, and that's okay. It's still easier than resetting your password every time.

In closing, despite there being a lot to say on the topic, I’d like to reaffirm that this really is quite a simple tool to use. I can say truthfully say that as of this writing, anyone who has ever tried it, has never gone back to their old password ways.  Thanks for your interest in the Dana Key.  I hope it will be as useful to you as it has been for me. Best of luck to you!