Coming up with new, complicated passwords for online accounts can be a real chore. You often need the right mix of upper and lower case letters, numbers and special characters, and remembering them all can seem like an impossible task.
Here we’ll share some top tips on how to manage all your passwords, as well as some techniques for generating varied and secure passwords for your accounts.
Table of Contents
1. Don’t use the same one for everything
It’s obvious, but it bears repeating. You’d be surprised how many people have just one password and use it for all their accounts. While this certainly makes it easy to remember, it also means that if you get hacked on one account, you’ve essentially been hacked on all of them if you also use the same email address or username.
As tempting as reusing passwords can be, it’s important to have a diverse collection of passwords to make it difficult for hackers.
This can be too intimidating for many people, as it is too inconvenient to keep track of so many passwords. This leads to unsafe behavior, as reported by Naveed Islam, Chief Information Security Officer at payment service provider Dojo.
“Passwords are the digital keys to just about everything online, from checking email to online banking. The increase in online services has resulted in a spread of password use. This has resulted in password fatigue – the feeling experienced by many people who have to remember an excessive number of passwords as part of their daily routine. To combat password fatigue, people reuse the same password across multiple sites, using simple and predictable password creation strategies. Attackers exploit these well-known coping strategies, leaving individuals vulnerable.”
Security and convenience are not easy things to adjust, but hopefully you can at least reduce your risk if you can follow some of the suggestions below.
2. Do not use information that is easy to guess
A common way to remember passwords is to use birthdays, pet names, mother’s maiden name and – most often – a combination of these.
This may seem smart, but for anyone serious about breaking into your account, these are some of the first things they’ll try. These also tend to be the kind of questions you get asked when filling out forms or even taking stupid quizzes on Facebook and other platforms. So even if you think you only know this information, there’s a good chance it’s out there on the wider internet.
The trick with passwords is to be as random as you can make them, so it’s not a good idea to associate them with information directly related to us.
3. Do not use any of these common passwords
Every year, different researchers post the most commonly used (and usually hacked) passwords people believe keep their data protected. Unfortunately, the same ones tend to appear quite regularly. Here’s the list of the most used passwords in the US in 2022, as reported by Dashlane, and it really beggars belief that someone is still choosing these.
It won’t be long before this list changes as many of these bad bets won’t cut it as sites require special characters, numbers and other things. The point is, if you use any of these passwords, change them immediately.
4. Avoid themes
As mentioned above, you want to make the things you use as a basis for your password as neutral as possible, as this helps avoid personal information slipping in or using obvious patterns of letters and numbers.
A recent report from Dojo outlined the most hacked passwords worldwide and the main themes they fell into. Here are the top 10:
Pet Names/Terms of Endearment
So if you want to create better, more secure passwords, avoid using these as inspiration.
5. Use two-factor authentication
Most major websites and apps now offer support for two-factor authentication when signing in from a new device. This usually involves getting a verification code sent to your phone or using a verification app.
The idea is that the hacker needs to have your physical device to be able to access your account, which is much rarer than a simple software hack. It’s a small problem, but absolutely essential if you want to protect yourself against potentially weak passwords.
6. Good rules for a strong password
The more you mix upper and lower case letters, special characters (like $%^&) and numbers, the better. Start your password with a number as well.
You will find a number of suggestions for creating a password you can remember, for example the first letters of a common phrase, music lyrics or anything else you can remember.
And replacing letters with numbers is another tactic. For example, use 0 instead of o, 1 instead of I, 4 instead of A, 3 instead of E and special characters like @ instead of o or a.
It is not that difficult to remember or write. And you should also use uppercase b, or even every single word for an even stronger password.
Short passwords are best avoided, as they require less effort to hack. Also avoid combinations, such as the initials of yourself or your family or business, as patterns are things that can be hacked faster than random elements.
Nicknames, terms of endearment, brand names and even your star sign can give you away, so avoid them if possible.
This can be very difficult for normal people to make, as our memories are trained to remember things, usually involving some sort of pattern or association. Fortunately, you don’t have to do all the work yourself as there are tools available that can make the job easier and probably safer.
The fastest way to come up with a long, strong password is to use a generator. These apps (which can also be found on websites) will automatically generate randomized passwords that can include whatever mix or length and characters you need. Usually these are free and very easy to get used to.
Here is the generator that is part of the free Bitwarden password manager:
Jim Martin / Foundry
You can find out more about how to use a password generator.
8. Use a password manager
We believe the best way to deal with the growing need for multiple and complex passwords is to use a password manager. These will act as a central hub for all your login details, automatically generate random new passwords for your accounts and auto-fill login fields on apps or websites on your behalf.
The best part is that you only need to remember a single password for the service itself, and the password manager does everything else.
Some of the most popular services include Dashlane and 1Password, but you can check out our current pick of the crop in our roundup of the best password managers.
You can also let the browser save logins for you or your phone. But none of these are truly universal, and won’t put logins on all your devices and in all apps. That’s why a password manager is the better option.