Passwords blow. They do. Nobody likes them. They’re a pain in the ass. And because they are, people don’t use them correctly. But don’t be internet stupid.

In-security

I can’t tell you how many people I know personally that use the same password for all their services. I’ve been in secure facilities where users kept their passwords written down and stuck to their monitor or under a keyboard. I’ve been in multiple offices where everyone had the same password too (in one case the password was…wait for it….password)

And the thing is, I can totally understand – maybe not agree – but I get it. Passwords are hard.

Use a Password Manager!

I can NOT stress this enough. There are plenty of great options, Dashlane, Password Box, Lastpass, and several others – and the basic service is usually free. I’ve been using Lastpass for many years and have been totally happy with them but they all do the same thing for the most part. Best security practice tells us that you should have a different password for EVERY site and service you use. However you come up with the password, it should be as strong (difficult) as possible. However, unless you have a photographic memory, it’s impossible to remember that many passwords. I’ve been using the internet since I had my CompuServe account, so I’ve got hundreds of sites that I’ve registered at.

So what did I do about my passwords? Same thing most people do. I picked something reasonably complicated, but not too crazy and something vaguely easy to type. And then I used that password everywhere. It was easy not to think about the fact that if someone figured out my password for one site, they had access to every site I used.

Then my buddy told me about LastPass. I tried 1Password too and a couple others. I picked LastPass because it was the only one at the time that worked on all my devices, but most of them do that now. So once I got set up on LastPass I started the EXTREMELY laborious task of generating unique passwords for every site I use. Most managers will also generate a random password for you, based on criteria you select (length, uppper/lower case, special characters, etc.) I usually make each password as complicated as I can based on each site’s restrictions.

So the way most password managers work is that they create a secure, encrypted database that stores ALL your passwords for every site and service. Then when you visit a site, you can either manually or automatically have the password manager enter in your credentials. In order to access the password database you create one very strong password that you have to remember, but in theory that’s the only password you have to remember.

I’ll admit, password managers aren’t perfect and they don’t make security completely painless. But it’s mostly painless.

And they keep getting better. Most of the popular apps now support TouchID (so if you have a recent iOS device you don’t even have to punch in your primary password). And just this week, Dashlane and LastPass announced a new feature that, with a click of a button, will generate a new password and change it on the site for you. So you can easily change your Facebook or Amazon password for example. This new feature only works on a few sites right now (75 for both Dashlane and LastPass) but I imagine that will change. Also, unlike LastPass, Dashlane allows you to change ALL your passwords (for supported sites) at once! Also, when I tried, LastPass had a few issues changing passwords for sites where you’ve enabled 2-factor authentication (Facebook worked fine but Google didn’t).

Multifactor or 2-Factor Authentication

OK, that brings up another point. Multifactor or 2-factor authentication. Enable it for every service you use. Do it now. Now, many sites don’t support this yet, but most of the major companies do (Apple, Google, Yahoo, financial institutions, etc.) The way it works is that in addition to requiring your password to log in, the service will generate a random and unique code for each time you are trying to access your account. This code will be sent to you in a number of different ways (email, text, phone call, etc.) and you enter that code in addition to your password. That way if your password gets compromised you don’t have to worry because someone would need this second code in order to get into your account. Get it? It’s pretty cool.

Final Thoughts

Passwords aren’t going away anytime soon so they remain a necessary evil. With that in mind, your security should be taken seriously. Even if you think you don’t have anything to keep private, what about your friends and family? That’s right, you have information stored in your digital profiles that includes personal information about them too.

So make it hard for digital thieves to get your data. It’s just part of being a responsible citizen of the internet.