How many passwords do you have? 20? 80? 200? 300? If you have a unique password for each account, as you should, that number climbs quickly. How can a person possibly create and manage that many passwords? Even if you find a way to handle passwords at home or work, what do you do when you’re away from those places?
Fortunately, there are password managers that answer these questions. I’ve been using the LastPass password manager for years, and I highly recommend it. Let me give you a few tips for creating and managing strong passwords with
Note: This page contains affiliate links. As an Amazon Associate, I earn from qualifying purchases. Please see Affiliate Disclosure.
Passwords are still extremely common, despite some progress towards replacing passwords with biometrics and other authentication methods.
1. Short Passwords
When people think they need to remember all their passwords, they create short passwords that are easier to remember. The shorter a password, the easier and faster it is to crack using password-cracking software. That’s because the fewer the characters in the password, the fewer combinations the software needs to try.
2. Simple Passwords
Another thing people do when they think they need to remember all their passwords is to use passwords that are made up of common words you’d find in a dictionary (such as monkey), or memorable letter or number sequences (such as 123456 or qwerty). Such simple passwords are easy to crack using password-cracking software, which looks for common words and sequences.
3. Duplicate Passwords
Another thing people do when they think they need to remember all their passwords is to reuse the same password(s) across multiple accounts. According to Marc Goodman in Future Crimes, 75% of people use the same password for multiple websites, and 30% use the same login info for all their online activities.
- Amazon Kindle Edition
- Goodman, Marc (Author)
- English (Publication Language)
- 563 Pages - 02/24/2015 (Publication Date) - Anchor (Publisher)
Think of the physical keys you use. What if you used the same key for your house, car, safe, workplace, etc.? If you lost that key, and someone found it, they would immediately be able to access not just one property but several, or all. The same principle applies to passwords, which are digital keys. If you use the same password for multiple accounts, and someone gets that password, then they immediately have the ability to access many of your accounts.
4. Insecurely Storing Passwords
When people decide that they shouldn’t use the same password for everything, they realize they’re going to need to record their multiple passwords. I’ve seen people use Post-It notes on their monitors, a text file on their computer, a Google Doc, a draft email, and other methods that aren’t secure. These containers have few barriers to prevent people from finding the passwords they contain.
5. Not Changing Passwords After Breaches
No matter how careful you are about your personal cybersecurity, it’s inevitable that organizations will suffer data breaches, and your passwords will be leaked. We hope that every organization is encrypting and otherwise protecting passwords, but sadly, that’s not true. And even when passwords are encrypted, there’s always the chance that they can be decrypted.
If you don’t change your password for an account after a breach affects that account, it’s only a matter of time before someone uses your password to access your account. This is especially dangerous if you use that same password for multiple accounts, because hackers will try using that password all over the Internet.
6. Insecurely Sharing Passwords
Although it’s always best to have your own credentials for an account, sometimes that’s not an option, and you need to share an account. For example, most of the websites for my utility companies don’t let me create multiple users, so I need to share those accounts with my wife. If you send passwords through email or another insecure messaging system, you run the risk of those passwords falling into the wrong hands.
7. Entering Passwords into Phishing Sites
A phishing site is a website that’s designed to look like a legitimate site, so that you feel comfortable logging into it. For example, you receive an email or text with a link to your bank’s website. You click the link, recognize the bank’s website, and log in. However, you didn’t realize that it was a phishing email or text, and a phishing website. Now you’ve given up your username and password.
LastPass Review: How to Increase Your Security
Fortunately, there’s one tool that can greatly alleviate all these problems! It’s called a password manager. There are many options. I’ve been using LastPass for years, and I highly recommend it.
Keeper is a top-rated password manager for protecting you, your family, and your business from password-related data breaches and cybersecurity threats.
1Password remembers all your passwords, so you can easily log in to sites with a single click.
Dashlane fills all your passwords, payments, and personal details wherever you need them, across the web, on any device.
I’ll show you how to
Here’s a brief overview of how
LastPasslets you create and manage passwords from your computer, phone, and/or tablet, and securely syncs your passwords to their servers.
- There are browser extensions for several browsers and apps for mobile operating systems.
- You need to enter your master password to unlock your password “vault.”
- Because your vault is encrypted on your device before it’s synced to
LastPass‘ servers, neither LastPassnor anyone else who were to gain access to your vault would be able to get your passwords out of it.
There’s a lot more to know about
1. Longer Passwords
You can use
2. More Complex Passwords
3. Unique Passwords
This is where
4. Securely Storing Passwords
As I mentioned earlier,
We’ve implemented AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud.
Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from
LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers, and are never accessible by LastPass. LastPass
To open your vault, you must enter your master password.
You can manually log out of the
You can set individual passwords (and notes) to prompt for your master password again, even if you’re already logged in. I recommend doing this for sensitive accounts (financial, medical, etc.).
5. Breach Alerts
6. Securely Sharing Passwords
7. Doesn’t Autofill Phishing Websites
What You Should Do
- Research password managers. I recommend LastPass, and it will probably work well for you, but it wouldn’t hurt for you to research the alternatives.
- Sign up for a password manager, which could be free or paid.
- Install the password manager on any devices where you’ll need it.
- Configure the password manager’s settings for the maximum level of security and privacy you can for your situation.
- Move all your passwords into your password manager, then destroy any insecure copies of those passwords.