Passwords are the bane of our modern existence. Nearly anything you want to do calls for a password. As the Internetâ€™s reach extends beyond computers and into phones, TVs, appliances, and even toys, we have to enter passwords with increasing frequency and in ever more annoying ways. Remembering and recalling all those different passwords can be frustrating in the best of circumstances and impossible in the worst.
To make dealing with passwords easier and more secure, everyone should use a password manager like 1Password or LastPass. Such apps generate random long passwords like kD*SSDcCl7^6FN*F, store those passwords securely, and automatically enter them for you when you need to log in to a Web site. They are essential in todayâ€™s world.
Youâ€™ll still need a few passwords you can remember and type manuallyâ€”for instance, the master password for your password manager and your Apple ID password. Make sure those passwords are at least 12 characters, and we recommend going to at least 16 characters.
If youâ€™re unsure of the best way to create a strong password, try taking the first letter of each word in a sentence you can remember, and also change a few words to digits. Then â€œNow is the time for all good men to come to the aid of the party!â€ becomes a password along the lines ofÂ
Nitt4agm2c2ta0tp!. So that no eavesdroppers learn your password, avoid saying your sentence out loud whenever you enter it! Or, combine four or five unrelated dictionary words, likeÂ
correct-horse-battery-staple, that add up to at least 28 characters. (Donâ€™t use the examples in this paragraph!)
When possible, take advantage of two-factor authentication on sites like Apple, Google, Dropbox, Facebook, Twitter, and more. Accounts protected by two-factor authentication essentially require that you enter a second, time-expiring password as part of the login process. Youâ€™ll get that second password via text message, authenticator app, or other notification method when you log in.
But what we really want to talk about today is what you should not do with passwords. Follow these tips to avoid making mistakes that can undermine even the security provided by a password manager.
- Donâ€™t use the same password twice. This is key, because if the bad guys get your passwordâ€”no matter how strongâ€”for one site, theyâ€™ll try it on other sites.
- Donâ€™t share passwords with anyone you donâ€™t trust completely. Thatâ€™s especially true of passwords to accounts that contain sensitive information or that can be used to impersonate you, like email and social media. However, sometimes you have to share a password, such as to a club blog with multiple authors. In that caseâ€¦
- Donâ€™t send passwords to shared sites via email or text message. If someone hacks into your recipientâ€™s email or steals their phone, the password could be compromised. Instead, use a site like One-Time Secret to share a link that shows the password only once, after which the recipient should put the password into their password manager.
- Donâ€™t write your passwords on sticky notes. Yeah, itâ€™s a clichÃ©, but people still do it. Similarly, donâ€™t put all your passwords in a text file on your computer. Thatâ€™s what password managers are forâ€”if someone steals your computer, they canâ€™t break into your password manager, whereas they could open that text file easily.
- Donâ€™t change passwords regularly if you donâ€™t have to. As long as every site has a strong, unique password, changing a password is a waste of time, especially if doing so makes you write down the password or communicate it insecurely. If you do have to update a password regularly, a password manager makes the task much easier.
We realize that itâ€™s tempting to take the easy road and share a password with a friend via email or write a particularly gnarly one on a sticky note. But todayâ€™s easy road leads directly to identity theft and is paved with insecure password habits. You might think no one would pay attention to little old you, but times have changed, and organized crime is interested in any Internet account that can be cracked.