I used to keep a three-page list of passwords because I had so many. Not very secure. Now I keep a much shorter list, on which no passwords are written. It’s based only on what sites require/allow what elements.

The elements I need to keep track of are letters, numbers, special characters and whether or not password changes are required. Password Type A (most common) allows letters & numbers only. Type B (growing more common) allows special characters. Sites that require periodical password changes are Type C, which can be combined with other types (e.g. Type AC). If I run across an exception I simply write a rule and give it a type.

Next I created a pass phrase since multiple words are harder to crack than a single word. For best results I start with an unusual combination, such as “Chocolate Ankle.” (You might prefer made up words, which is okay as long it’s easy for YOU to remember.) I’ll use Chocolate Ankle for my example.

Now that I have a base I squish it together so that it’s long enough for security, but not cumbersome to type: ChocoAnkle. Next I substitute a couple of numbers that look like letters and get: Ch0coAnk1e, which becomes my base for Type A. For Type B I change a letter to a special character: Ch0co@nk1e.

The key step is to create a code that makes every password specific to its website so that if one password gets cracked the rest aren’t compromised. For instance you might decide to use the first two letters of the site name in reverse, thus the password for mybank.com might become Ch0coYm@nk1e.

The trickiest type is Type C. How do I remember what change I made last without writing down the whole password? My solution was to choose a specific location within my password, such as the third character, and change only that character. Then for that site I do write down the site name and only the new character. So my entry for mybank.com might be: “Bank-BC!” and the current password would be:Ch!coYm@nk1e, which looks very hard to remember, but it’s not because it follows my personal rules.

Now I can keep a single-page cheat sheet, because all I list is the website and its type. Best of all no more written down passwords…well, one exception on the last page of my will. Only my executor knows about the types and their rules. I send him my cheat sheet periodically.