Passwords are the bane of our modern existence. Nearly anything you want to do, it seems, calls for a password. As the Internet’s reach extends beyond computers and into phones, TVs, appliances, and even toys, we have to enter passwords with increasing frequency and in ever more annoying ways.
To make dealing with passwords easier and more secure, everyone should use a password manager like 1Password or LastPass. Such apps generate random long passwords like kD*SSDcCl7^6FN*F, store those passwords securely, and automatically enter them for you when you need to log in to a Web site. They are essential in today’s world.
You’ll still need a few passwords you can remember and type manually—for instance, the master password for your password manager and your Apple ID password. Make sure those passwords are at least 12 characters, and we recommend going to at least 16 characters.
If you’re unsure of the best way to create a strong password, try taking the first letter of each word in a sentence you can remember, and also change a few words to digits. Then “Now is the time for all good men to come to the aid of the party!” becomes a password along the lines of
Nitt4agm2c2ta0tp!. So that no eavesdroppers learn your password, avoid saying your sentence out loud whenever you enter it! Or, combine four or five unrelated dictionary words, like
correct-horse-battery-staple, that add up to at least 28 characters. (Don’t use the examples in this paragraph!)
When possible, take advantage of two-factor authentication on sites like Apple, Google, Dropbox, Facebook, Twitter, and more. Accounts protected by two-factor authentication essentially require that you enter a second, time-expiring password as part of the login process. You’ll get that second password via text message, authenticator app, or other notification method when you log in.
But what we really want to talk about today is what you should not do with passwords. Follow these tips to avoid making mistakes that can undermine even the security provided by a password manager.
We realize that it’s tempting to take the easy road and share a password with a friend via email or write a particularly gnarly one on a sticky note. But today’s easy road leads directly to identity theft and is paved with insecure password habits. You might think no one would pay attention to little old you, but times have changed. And organized crime is interested in any Internet account that can be cracked.