Password Management

In This Article

• Why and where to use passwords

• Good passwords versus bad ones

• Using password managers

• Using an alternative method

• Action items to start doing

login screen

(No time to read right now? Just want to see the list of things to check? Here you go.)

Passwords are a “necessary evil” until better technology, such as biometrics and artificial intelligence, becomes more reliable. 1

Passwords can block hackers or make their job easier. They're one of the primary ways people get hacked and have their sensitive information and/or identity stolen, often without their knowledge.

Luckily, there are some relatively simple things you can do to protect yourself.


Why Do We Even Need Passwords?

padlockUnlike the “old days” when personal and sensitive information was printed on paper and stored in filing cabinets, a lot of info is now stored electronically on devices and “in the cloud”.

Unfortunately, that makes it much easier to access and copy with no evidence trail that it's even been stolen.

Many services we use, like utilities, entertainment, banking, and others are necessarily protected by passwords because unauthorized access could be very bad.


Where Should We Use Passwords?

Everywhere you can! The obvious places are computers, laptops, tablets, smartphones, and websites. But with a lot of physical things now getting connected to the Internet (thermostats, doorbells, light bulbs, refrigerators, etc.) it's important to use passwords on them as well.

Ask yourself: “If someone had physical or electronic access to this, would that be OK?” If the answer is “no”, you need to protect it with a good password.


Passwords: Bad versus Good

So what makes for a good password?

Well, let's first talk about bad ones. Any password that is short, simple, obvious (like your pet's name), or made up of regular words can be guessed quickly by hacker software than can try millions of combinations in less than an hour.

passwordA good password, on the other hand, is long, complex, and unique (never used in more than one place).

A complex password will use a combination of letters (UPPERCASE and lowercase), numbers, and special characters such as @, #, $, and %.

When I create passwords, I follow these guidelines:

  At least 24 characters long (and at least 36 for financial / banking websites)

  At least 6 UPPERCASE letters

  At least 6 lowercase letters

  At least 6 numbers

  At least 6 special characters

Here's an example: “83vB*Ki7&L!R5(C9Hy!e5%O7ec”.

Test Your Password

If you want to see how long your password would take hackers to guess, enter it here. You might be surprised (and a little scared, which is good).

(And don't worry, the creator of that website is a highly-respected security researcher. His website does not store your password after it tests it.)

 


But How Will I Remember My Passwords?

rememberIf I've convinced you that a longer and complex password will protect you better, you're now probably thinking, “But how will I remember such a complicated password?”

The answer is simple: You won't. (And you won't have to!)

I don't know any of my passwords. Instead, I use a password manager which is a software application that runs on my computer and phone. I have a master access code (that I do remember) for the app, but it remembers all of my passwords. It also remembers my login username for websites and apps on my phone.

When I need to log into a website, the password manager “sees” the username and password fields and automatically fills them in. This works on my computer and phone. As long as I remember the master access code, I don't need to remember anything else.

passwordsThe other benefit to the password manager is that it generates long, complex passwords for me, based on the guidelines I give it. When I'm creating a new account, for example, I just click a button near the password field. The password manager generates a good password, adds it to the field, and then stores it in its database.


Password Managers

I have no affiliation with any software companies and don't want to endorse any particular password manager. There are several good ones out there (see list below) with both free and paid versions.

Personally, I've used LastPass for many years after it was thoroughly vetted by security researchers. I've got over 3,000 usernames and passwords in LastPass and I don't know a single one of them!

Password Managers to Try

LastPass

1Password

BitWarden

Dashlane

Nordpass

What about my web browser — won't it create and save passwords?Yes, but browser software doesn't update its password management component very often.And there are ways for hackers to see your browser data and possibly steal passwords stored there.See our article about saving passwords in your browser.


Alternative Method

If you don't want to use a password manager, an alternative method is to come up with a pattern that provides a complex password but in a way that's easy for you to remember.

For example, you could take the main part of a website address (like “amazon”), add the name of your favorite teacher, and throw in a some numbers and a few special characters.

You'd end up with something like “amazon##mrsgoodman$$2468” or “youtube##mrsgoodman$$2468”. The pattern stays the same, but you still end up with unique passwords that are harder for hackers to guess.


Important Things to Remember About Your Passwords

  Never use short, obvious, or easy to guess passwords

  Never use the same one in more than one place

  Never share your password with anyone

  Never give your password to anyone over the phone or via email

  Never write them down (if you really must, at least hide the paper really well!)

 

  Always use long and complex passwords

  Always use a different password for every location

  Always use a password manager (and secure it with a good password)


Summary

Using good passwords everywhere is critical for your online safety. You can use a password manager to create and store long and complex passwords, or you can come up with a pattern of your own to create good passwords.

Your behavior regarding passwords can be the difference between protecting yourself and having your information and/or identity stolen.


  Your Action Items

  Use this site to test some of your passwords, and tell me how long they'd take to crack.

  Try one of the passwords managers listed above and let me know what you think.

  Start updating your passwords with good ones at critical / sensitive websites like email, finance, and eCommerce.

Hopefully this article was helpful. If you have any questions about password creation and management, please get in touch...

Want More Info Like This?

Get our Free Newsletter

 

1 - Biometrics and artificial intelligence will use unique features (fingerprint, iris pattern, facial movements) and behaviors (cursor movement, typing cadence) to identify and authenticate use without requiring us to submit information such as text-based passwords.   (Back to article)