Stop me if you’ve heard this before: You have to use a different password for every account you have, and each of those passwords should be an extraordinarily long and complex string of characters that are easy for you to remember, but hard for others to remember. to remember. Guess.
Sadly, that’s solid advice and just as sadly, it’s hacking season. And even more unfortunate: the hacking season never ends.
However, there are two rather lazy but secure methods to ensure that you use sufficiently strong passwords. There they are:
The easiest way: use a password manager
With a password manager, you really only need to remember one password. That password unlocks your password manager — the vault of your passwords, so to speak — and your password manager does all the heavy lifting for you.
Every time you create a new account online, you can ask your password manager to create a complex password for you. It will do this by creating one that is complete gibberish and then storing it in the vault for you.
The next time you log into your account, the password manager will automatically fill in your username and password for you so you don’t have to remember them.
Now there are many password managers. Some are free, but most are not, and the big difference between free and paid is the number of devices you can use the password manager on.
This is important! Why? Because if you use a free password manager that only works on one device, say your desktop computer, and you go to an account on your phone, you have to sit in front of your desktop to access your password vault and then often manually type in your password. your phone.
This, of course, defeats the purpose from a simplicity standpoint. So be prepared to make a few bucks a month for a premium password manager or check out the very excellent and open source Bitwarden password manager, which has a free personal version that can be used on any number of devices.
The other great thing about password managers is that they are very good at countering phishing and related scams that try to have you enter your usernames and passwords on fake sites. The password manager will only auto-fill on sites it recognizes, so if you’re asked to log into a site called Fast-Company.com that looks like the real FastCompany.com, the password manager won’t provide your actual login information.
The still kinda easy, manual way
OK, so maybe you don’t trust password managers or don’t want to hang around syncing your credentials across devices. And let’s say that despite all the sensible advice you have little interest in using a separate password for each account.
This is something of a compromise, but it will do in no time. On a very basic level, the longer and more complex a password is, the harder it is to crack.
Of course, we are humans, remembering long and complex things is not really our forte. But what if you just had to remember one extremely long and complicated thing and then add some context to that thing for each account?
You can use a site like PasswordMonster.com to see how long it takes to crack one of your passwords. You will notice that the more you type, the longer it will take to crack your password.
So pick something super long that only you will remember and that ideally contains a mix of letters, numbers, symbols, uppercase, lowercase and punctuation.
In my case, I would choose a basic password like the following:
That’s long, it’s complex, it contains a mix of gibberish, and I’ll always remember my first job was at Best Buy, making $5.15 an hour. According to PasswordMonster, that alone would take a million trillion years to crack. Ideally, I’ll be long dead by then.
Then for my londonbusinessblog.com account I would add something like [email protected]@ny and then a hyphen at the beginning of my super password:
That little bit extra extends the rupture time to 862 trillion trillion years.
Now there are two catches here. First, you have to manually type a bunch of stuff into your password field every time you log in.
Second, if you use a password like this on a poorly managed website that doesn’t protect its passwords properly and that site gets hacked, a hacker could most likely deduce that you’re using this super password for every site and just add the site name and a hyphen on the front.
Why not both?
So, the absolute best course of action? Use a password manager and create your master password protecting your password vault as something extremely long and complex. That way, if the password manager gets compromised in some way, all you need to do is reset your master password.
And no password manager on the planet should store passwords incorrectly, so you have at least a million trillion years to get things right.