Passwords can be a tricky part of using electronic devices and keeping connected on the internet. Whether you like to explore different services on the internet or just visit a few websites, it can be difficult to keep track of login details. And it’s sometimes hard to remember how to create good passwords and keep them secure.
It’s extremely important to maintain good habits when it comes to passwords. If an account is compromised—if someone gains access to your email, social media, or any other service—they might be able to get a glimpse of a lot of different data.
Naturally, if someone gets into your email account or Facebook, they’ll hit the jackpot through your posts. But even smaller websites can cause trouble. Credit card info and addresses saved on various different store websites, phone numbers, work information—depending on how active you’ve been online, all kinds of different information could be spread across many different websites.
How can passwords be compromised?
Passwords can be stolen through various different means. Here are just a few ways they might be taken:
- Phishing—scammers trick people into entering their account information in a fraudulent website or through other communication
- Dictionary attacks—hackers use a program that creates possible passwords by using a dictionary and trying out common words and combinations
- Keylogging—people might place a keylogger on a device to track what is being typed
- Password sniffing—someone might use software to record sensitive data being transmitted by a device
These techniques are all good reasons to keep up to date on virus and malware protection, as well as to always be careful about which websites you visit and who you give your data to. However, these techniques are just part of the problem. Many people don’t realize that their password habits might be making it easier for people to get into their accounts
What are some typical user errors?
Putting aside the techniques mentioned above, accounts can be breached if users don’t practice good password habits. Here are some of the bad practices that are sometimes used:
- Using the same password everywhere
- Using extremely basic passwords (including the popular “123456”)
- Freely offering their passwords to people they know
- Using easily obtained information in passwords (like a child’s name or a birthdate)
- Using the same password for years
- Emailing a password or storing passwords in a document
All of these practices make it easier for a password to be guessed or stolen.
How to create and use passwords safely
There are some ways to make passwords stronger. Ultimately, the hacker or scammer is at fault for whatever harm they cause, but using strong passwords can prevent a lot of hassle and damage. Here are just some ways you can start creating stronger passwords and building good habits:
- Use a mix of upper- and lower-case letters
- Include numbers (but not easily guessed numbers, like a birth year)
- Include special characters if possible (exclamation points, question marks, and underscores are often allowed)
- Use difficult to guess phrases
- Replace some letters with numbers (like 0 instead of o, 1 instead of i, 4 instead of a, et cetera)
- Create a long password (around 11 or 12 characters)
- Change your password regularly (at least once a year)
- Use a different password in every account (seriously!)
- Avoid storing passwords in files saved to your device or in emails
How to remember passwords
Depending on how many devices and online accounts you have, you might need quite a few different passwords. And since you really should come up with a different password for each account and then change those passwords regularly, you might be thinking about how hard it will be to remember all of them.
Unfortunately, this can be a real problem, but there are some ways to make things easier. These are some ways you can remember your passwords:
Think of something personal
Try making your password relate to something personal and private. It could be a favorite menu item at a local restaurant or a saying you like. Just make sure it doesn’t only use “dictionary words” and that it follows the guidelines above. This is especially effective if you choose something that others don’t generally know about or relate to you.
Think of a theme
It might be easier to remember your passwords if you come up with a theme. You should still follow the guidelines above, though, and make sure you don’t use an obvious theme, like “the names of my family members.” For instance, if you have a favorite book or show, try making your passwords include a fictional location, important page number, or words from a fictional language. This way you can use best practices but still be able to jog your memory by thinking about the theme you chose.
Leave clues for yourself
You should avoid writing your passwords out on paper or typing them up into a Word document if you can, but you could write down some clues that can help you remember the password. If you’ve got a decent memory, it might be enough to just write down what the account is and the first letter of the password. If that’s not quite enough, you can leave yourself a private, secretive reminder.
For instance, if your password includes a fictional land from a favorite book, you could write down a few words about what the land looks like. If your password has a phrase your friend says all the time, you could write down your friend’s name. Little clues like this would likely be difficult for a random person to decipher but be enough to help you remember what password you chose.
Consider a password manager
A password manager is a tool that lets users store all of their passwords in an encrypted and highly secure account. Users can then enter just one password to gain access to their numerous other passwords. These password managers have a lot of security measures in place to try to keep passwords from being stolen.
Of course, some people might be wary of using a password manager. It feels wrong somehow to store every password in one place. If you are worried about it, that’s a good sign that you’re careful about your information. And you should certainly never trust a password manager without doing careful research on it.
However, there are some password managers that are highly regarded and well trusted. If it has good reviews and credible, trustworthy sites recommend it, you should think about saving yourself some serious trouble and getting a password manager.
There are a few password managers that are typically considered the safest, most well-established options. Here are just some of them:
Dashlane received an “outstanding” score (5 out of 5) earlier this month on PCMAG’s website. Dashlane is a password manager that has a limited free version (you can only use it on one device and have fewer special features). It also has paid levels—Premium for $39.99 a year or Business for $48 a year per user. Depending on which account you get, you can store unlimited passwords, generate passwords, and backup your account so nothing gets lost.
LastPass 4.0‘s Premium offering also has an “outstanding” (5 out of 5) score on PCMAG’s website. LastPass is a well-known password manager that many users choose. It has been in the news for some security issues in the past, but it seems as though these issues have been addressed. LastPass, like Dashlane, has multiple plans. LastPass has a free option that allows one user to have access. No matter which plan you use, you get access to your account across devices. It also can generate passwords. There are Premium and Family plans, and there are two options for Business plans.
LogMeOnce is another well-known password manager. The LogMeOnce Password Management Suite Ultimate 5.2 (a paid version of the service) has an “excellent” rating on PCMAG (4.5 out of 5). It has a free version (called Premium) that lets you sync your information across devices and generate passwords. Paid versions include account backup and extra support. There are also business plans available.
Sticky Password is a password manager that, like the other managers, has paid and free levels. The paid version, Sticky Password Premium, has an “excellent” rating (4.5 out of 5) on PCMAG’s website. The free version lets users log in with a fingerprint, and it also works on “all major platforms.” The paid version also lets you sync across devices and back up your information. It appears to have fewer features than some other password managers, but it offers what is likely most important, and the Premium account is only $29.99 a year.