You may have read the advice about strong & unique passwords and be thinking ‘Yeah, yeah… I’ve heard this all before. But how will I remember all of these passwords? And won’t it take ages to input complicated ones?’

The answer is that you don’t need to remember them or input them manually – you can just use a password manager. These apps can securely store all of your passwords, and automatically fill them into websites for you. They’ll even generate super secure passwords for you, and automatically detect and update passwords when you change them. Much easier and more secure than noting them down on pieces of paper, or in a book.

Password managers work by requiring you to enter a single ‘master’ password to access your other passwords, and will prompt you to authenticate any new device you on which you use one.

Which password manager should you use?

I usually recommend Dashlane or 1Password. If you happen to only use Apple devices and the Safari browser, then Apple’s inbuilt Keychain is a good password manager too. It also has the bonus of being included in the cost. The advantage of a third-party service like Dashlane is that it works cross-platform on Windows, Android, iOS, and macOS, as well as on different web browsers. 

Either option enables you to group passwords, as well as share them with other users, which is useful if you work with a team.

People often have saved passwords scattered around in different web browsers, e.g., Google Chrome and Microsoft Edge, or in a spreadsheet. It’s best to unify these in a single digital place, and it’s easy to import them into your password manager. However, you’ll still need to manually input any other passwords which you’ve committed to memory or paper.

Getting all of your passwords into a password manager takes a bit of effort, but you’ll be glad you did it. Once they’re there, you can export and import them into any password manager you like. So even if you don’t like Dashlane, for example, you could easily migrate to another one.

Just remember to disable password management in your web browser, to prevent it from fighting with your password manager when you try to log in to a website.

Outside of management’s remit

Of course, there will be a couple of passwords which you’ll need remember yourself. For example, your computer login, phone passcode, and master password for your password manager. 

In these cases, you need passwords that are easy to remember but still strong. To do this, I’ve created a memorable password tool on my website, which you can use. It generates passwords that are easy for humans to remember, but still very difficult to crack.

Consider our example of a password using a dictionary word. What if, instead of changing the characters within a word, it was composed of four different words in a row, such as “TerriblePasswordIdeaDestroyer”? Even if there are only 500,000 words from which to choose, and the bad actor knows the format of your password, there’s still roughly 1023 different possibilities, i.e., about 3 million years of cracking to do.

And if we insert a random non-alphanumeric character into each space between the words, such as in “Terrible$Password7Idea&Destroyer”, the cracking time becomes astronomically long. (To the point where I can’t even be bothered to do the maths.)

Human used amnesia
 it’s not very effective

To commit the password to memory, it helps to construct an absurd concept or narrative which links the words together in the correct order.

For example, “Giant0Fist^Motorway2Dog” could be remembered as a giant disembodied fist chasing a dog along the motorway. Then you only need to remember the mental image and the three separating characters.

If you follow the recommendations in this article, you’ll have super strong and unique passwords for everything. However, what if – despite best practices – your password is somehow compromised? That’s where a second verification method comes in