Let’s say you want to create a password for a website.
How to do it?
One way is to create a password and use it repeatedly on a lot of other websites. That’s a poor solution.
Another solution would be to use a password generator and manager to generate and save a password and use complex, random passwords. The solution is optimal, but it requires some technical skills – handling a password manager is not very complicated, nor is it simple.
You could use a system like GMail offers: create a username based on email, something like:
firstname.surname+randomtext@gmail.com,
where “random text” could be random for each website you create an account.
And, either based on such an email or on the URL of the website, you could create a uniquely different password.
So, if I want to create an account on vodafone.ro, I could use my email name+vodafone.ro@gmail.com, and password “mypassword+vodafone.ro”.
Yet, just by looking at the above example, one can understand how I got to have that password and try to replicate the login on different websites.
Yes, a bot will fail to replicate the password, but a human hacker will easily understand my password.
There’s another solution, though – based on either the URL (vodafone.ro) or email username (name+vodafone.ro@gmail.com), I could generate a string.
There are some hash generators that, starting from such a string would generate a random password.
An online example, but there are many others: SHA256 Hash Generator Online.
Hash for vodafone.ro: “990F509B877370D67FB2202D3D0332543642E6846D17F9F3029E60C0EB395DAC”.
Hash for name+vodafone.ro@gmail.com: “533C151BC4F877C3E7CFE2033CF602F27D6833BD60C8EF5CC0430B431C4D3BF1”.
This is also not impossible to hack, but it’s much more complicated.
You could even create a custom function, a custom hash generator.
Thus, you would have an unique, complex, password for each website.