Passwords are an awful reality of using computers these days. Many phones, and even some computers like Apple's new Macbook Pro, have fingerprint scanners now. But passwords are going to be something we have to deal with for a long time. Unfortunately they're also the weakest point in everyone's personal security.
Multiple accounts means multiple passwords
The big problem is that most of us have a ton of accounts all over the place, so to reduce the risk of being unable to login, many people resort to reusing the same password for every account. Some people might be thinking "Well I have a good password, so what's wrong with reusing it?" The problem is that while even if your password was 100% impossible to crack (it isn't) it becomes completely useless if it gets out. This means that once someone has your password for one account, they've got the password for all of them, and you're not the only keeper of your password, the sites you use that password on also have a responsibility to keep it safe, and there are many incidents where sites have stored these irresponsibly and the passwords have gotten out. The most secure way to protect your accounts is by using a different password on every site you use.
The only secure password is the one you can't remember
If you can remember it, it's likely not a very secure password. Computers are very good at repeating patterns, and humans are very bad at remembering things that don't have patterns. This means that your passwords need to have as much randomness or "entropy" as possible. It should also be as long as possible. The longer the password is, the harder it is for a computer to crack by guessing every possible combination of characters a keyboard can type.
Another factor keeps you in control
Most websites today offer an extra layer of account security often called Two Factor Authentication, Two Step Authentication, or Multi-factor Authentication. What this means is that not only do you need your password to log into your account, but a second code that can be obtained in a variety of ways. Most of the time you can receive a text to a registered phone number, sometimes they will deliver the code over an audio phone call, and most offer the ability to use an app like Authy to generate the code on your smartphone. Using Two Factor Authentication means that not only does somebody have to steal your account credentials, but also your phone in order to login.
Using a different, strong password on every site would be hard or maybe even impossible for you to remember. This is why I highly recommend using a password manager app. They store all of your account credentials, generate strong passwords, and even type them in for you at sites you've been to before. There are also many options on the market. I haven't used them all, since there are many, but I'd like to go over the services I am familiar with so you can at least see some of the options out there.
iCloud Keychain (Free)
Apple offers a decent password management tool for free with iCloud. It securely stores passwords for you and syncs them across each Apple device you've logged into with your iCloud account. It will generate strong passwords for you automatically and type them in for you while using safari. It will also remember things like credit cards and form information and type them for you as well. Pretty standard stuff for a password manager. The big downsides are that it doesn't work with Windows, Linux, or Android, and only supports the Safari web browser. This means that if you regularly use a device other than an iPhone, iPad, or Mac it can be hard t access your accounts.
- Free with iCloud
- Part of iOS & macOS Setup Assistant, making it easy to setup and use.
- Doesn't support Windows, Linux, or Android devices
- Doesn't support 3rd part web browsers
LastPass (Free, $1/mo)
LastPass is a fully cloud based password manager. It stores all your account securely online so that you can access them from any device so long as you have your Master Password. It also stores notes and form information that supports attachments so you can save pictures of important documents online securely. It comes in at the low price of free that includes syncing to unlimited devices. It supports Windows, macOS, and Linux, as well as iOS and Android. It also supports all the major web browsers on each platform. It's very easy to use, and has become a lot more attractive in the last several years. LastPass also offers a great 2FA iOS app that has a notification when you need a code, and some sites will let it type in the code for you.
- Low barrier to entry
- Good cross-platform support
- TouchID support on iOS
- Quick syncing
- Not the prettiest interface (See 1Password)
I've actually been using 1Password for several years. It's got a great iOS and Mac app that sync in their new subscription service. 1Password recently switched from a license-based software purchase to a subscription service that includes the software for free. This is a great option, and the license is still available if you ask for it, but it's on the pricier end of the password manager spectrum. They also have Android and Windows apps that can be synced with as well. While I can't speak to the Android app, the Windows version is a lot clumsier than the iOS and Mac versions. It gets the job done, but still has a long way to go. 1Password definitely has the most attractive interface. It's very sleek and has a ton of different categories to use and has a great tagging system that I don't take advantage of, unfortunately.
- Really nice interface
- TouchID on iOS (and soon macOS)
- Great support
- Tons of organization options
- More expensive than alternatives
- Windows app not as good as Mac and iOS versions
- Slow syncing in my experience
The most important thing here isn't which option you pick, but that you start using a password manager. Create a good master password; the below Jonathan Mann song has some great tips on doing this. Then go around and change all of your passwords to something generated by your password manager. While you're there, check if that service offers Two Factor Authentication and turn that on. If you'd like a free month of LastPass premium click here.