It’s possible; just not the way you think.
There are two approaches to using just one password everywhere: the really, really bad approach, and the really, really good approach.
I’ll discuss both, and why you really want that really, really good one.
Become a Patron of Ask Leo! and go ad-free!
Using just one password
Using the same password for all your accounts is extremely risky. Poor security at one service can compromise them all. A better approach is to use a password manager to remember and generate strong passwords. The only password you need to remember is the master password to your vault.
The same password everywhere
What most people think of as “just one password” is using the exact same password for all their online accounts. This is a really, really bad idea.
Using the same password everywhere puts you at the mercy of whichever service has the worst security. Even if services A, B, and C all have perfect security1, if you use the same password at all of them and for service “D”, which has poor security, your single password for everything stands a very good chance of being discovered.
The real risk, of course, is that if your single password is discovered, all the accounts are vulnerable. If a hacker gets your password for any of the accounts, they can now run around and try that password on all your accounts. And to be very clear: they are known to do exactly this.
Not knowing where your accounts are doesn’t stop them, either. Once they know they have an actual password, they can and do try it on dozens, if not hundreds, of online services. Chances are extremely high they’ll hit one you use.
The ideal world
In an ideal world, you would use a different password for every login.
In an ideal world, your passwords would all be long and complex.
Passwords should be unique, long, complex, and hard to guess — yet you need to remember them all.
I have a couple of alternatives for you.
One password, once
The fact that your email password is “6MQFhUEwjiqyeiEdnsck” and your bank account’s is “xu4v9KzoQLRRNhY9nseK” is something you might never actually need to know yourself. 1Password simply keeps track and remembers it all for you.
It can also generate random passwords for you — those two password examples above came from 1Password’s password generator.
All you need to do is remember just one password: the password to unlock your 1Password vault.
1Password can synchronize your information across machines, across browsers, and even across mobile devices. I use 1Password myself and swear by it.
The problem is, of course, if you ever find yourself without 1Password, you may not have your passwords available. I can’t tell you my Gmail password, for example, and that was an inconvenience the other day when I was using a computer that didn’t have my 1Password data on it.
My other alternative to password management is to use an algorithm. By “algorithm”, I mean a set of rules that you use each time you create a password that you can then use to remember all your passwords.
For example, you might say your passwords are:
- The first three letters of the site URL for which you are creating a password
- The first three characters of the name of your first pet spelled backward
- Your age on your birthday in the year 2010 + a number like 333
- Three characters indicating what the site is about – perhaps “ban” for bank, “ema” for email, and so on – with the first letter capitalized.
- If the service requires it, a special character at a standard location. Perhaps a “#” the end.
According to those rules, my Gmail password might be “gooons386Ema#”.
No one would guess that password, but it’s something I can re-create by remembering the rules of my algorithm without remembering the actual password.3
That’s just an example. You would create your own set of rules using things you can fairly easily remember and some personal information you’re not likely to forget. You can even jot down algorithm hints without seriously compromising the passwords themselves.
I use both.
- I use 1Password-generated secure passwords on everything I possibly can. I could not tell you these passwords if my life depended on it, but 1Password remembers.
- I have a select few algorithmically generated passwords. These are passwords that are lengthy and complex, but if need be, I can recall. I still store them in 1Password, because it’s easier to let 1Password do the data entry when it offers. Passwords I might have to laboriously “type” into a streaming service on my television could fall into this category.
If you do choose your own passwords, make sure they’re strong ones. A frighteningly high number of account hacks are simply due to password guessing. People who know just a little bit about you can make guesses at your password, and they’ll be right a startling amount of the time.
A word about paper
Don’t write your passwords down.
That’s exactly where thieves know to look if they break into your home or office. If you must write something, write down a hint to help you remember. But ideally, either use something you can remember on its own or something your computer can securely remember for you using a tool like 1Password.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Footnotes & References
1: No such thing, by the way.
2: I use 1Password as my example because it’s what I recommend and use myself. There are many good alternatives out there as well.
3: For the record, that’s not my password. I do use an algorithm for a couple of key passwords, but it’s quite different than what I’ve described here.