Take Control of Your Passwords

Our passwords are the keys to our lives in the 21^st century. We use them to access our email accounts, online banking, fantasy football, and much more. With passwords piling up for so many sites and each site having slightly different requirements, it gets tough to remember them all.

So what do most of us do? We use the same password for multiple websites, maybe adding a number or changing a letter here or there. And that basic password often is pretty simple, like the name of a pet or favorite sports team.

This creates two problems. First, short or simple passwords are very easy for hackers to guess. Hackers use automated programs that quickly guess millions of common English words, phrases, and generic passwords like ‘abcd1234’.  Second, if you use the same password on multiple sites, a hacker you also make it easy for them to break into multiple sites once they break into one.

So how do you make your passwords better?  Start by creating a unique password for every site. Then make sure those passwords are all complex (*_23nMK03t5#) and/or very long (mydeskchairisbigandred). This nerdy comic from the website xkcd.com does a great job of explaining why long passwords are a good idea.

So stronger, unique passwords increase your security significantly. But now there’s a new wrinkle – how do you remember them all? There are three simple ways to get around this conundrum.

• Write all of your passwords down on paper and keep them in a safe place. This is a good option if you don’t use many websites and usually log in from home. It’s not as convenient if you browse on mobile devices – or, if you’re like me, you have terrible handwriting and can’t tell if that last character is a zero or a capital O.
• Store all of your passwords in a password-protected document on your computer or phone. This works only if you the file with you. If your hard drive dies without a backup, or if your device is stolen, you lose all of your passwords.
• Use a password manager like LastPass or Dashlane. This is the best way to go if you have a lot of passwords and connect from many devices.

What is a password manager?

A password manager is an app that stores your passwords in a secure file and retrieves them automatically. It will even type them for you. All you need to do is enter your username and master password. That’s right – all you have to do is remember one password. They also have tools that help generate strong passwords for you whenever you set up a new account. If you have a weak or duplicate password, they will let you know.

Another nice thing about password managers is that you can securely store all sorts of sensitive information beyond passwords. Everything from answers to security questions to banking information and more.

What are the drawbacks of a password manager?

Like anything involving computers and the Internet, there are some tradeoffs, though they are pretty small in this case. If someone finds out your master password, they can access all of your other passwords. For this reason, most password managers employ multi-factor authentication such as texting a code or scanning your fingerprint. The other risk is that a hacker will breach the password manager’s central system. The most popular services are very good about encrypting all user data.

You’ve convinced me. Now what?

Great! It’s now time to choose a password manager. There are a ton of different services out there, each with its own pros and cons. For me, it ultimately comes down to a balance of features and cost. Several offer great free versions. CNET has put together this great list of their favorite password managers to help you compare them. I encourage you to read it before making a decision. LastPass (free with a $24 paid version) and Dashlane ($39.99) are two that are frequently recommended and work on all sorts of devices.

Want even more information? This article from Consumer Reports has tons of information about password managers, their security, the risks, how to choose a service, and how to set them up.