Don’t try to change all your passwords and your entire password generation process in one shot. It takes time to develop a method that works for you.
Let’s all start today and stop creating accounts using our tried-and-true password. You know, that one you’ve used for every website from Yahoo! and Google to eBay and iTunes.
Create a new, stronger password and start using it for any new site you create a profile on so long as it does not contain financial information. Do not use it to replace any passwords at this time. Create a second, equally strong password and use it to change your tried-and-true password on sites that contain financial information. This means that each of us, starting right now, needs to create two brand new, strong passwords.
Also starting today, make a list of sites that have these new and improved passwords. Associate a category with each of these sites, so that we can further harden your passwords in the coming weeks. My recommended categories are listed in this post.
Optionally, create a third stronger password and use it to change your password on sites that do not contain financial information but use your tried-and-true password. Be sure to also note these sites.
On your list of sites, do not record the actual passwords used. This list is designed to begin to understand what your online footprint looks like without compromising your security.