You may have read the advice about strong & unique passwords and be thinking âYeah, yeah… I’ve heard this all before. But how will I remember all of these passwords? And wonât it take ages to input complicated ones?â
The answer is that you donât need to remember them or input them manually â you can just use a password manager. These apps can securely store all of your passwords, and automatically fill them into websites for you. Theyâll even generate super secure passwords for you, and automatically detect and update passwords when you change them. Much easier and more secure than noting them down on pieces of paper, or in a book.
Password managers work by requiring you to enter a single âmasterâ password to access your other passwords, and will prompt you to authenticate any new device you on which you use one.
Which password manager should you use?
I usually recommend Dashlane or 1Password. If you happen to only use Apple devices and the Safari browser, then Appleâs inbuilt Keychain is a good password manager too. It also has the bonus of being included in the cost. The advantage of a third-party service like Dashlane is that it works cross-platform on Windows, Android, iOS, and macOS, as well as on different web browsers.
Either option enables you to group passwords, as well as share them with other users, which is useful if you work with a team.
People often have saved passwords scattered around in different web browsers, e.g., Google Chrome and Microsoft Edge, or in a spreadsheet. Itâs best to unify these in a single digital place, and itâs easy to import them into your password manager. However, youâll still need to manually input any other passwords which youâve committed to memory or paper.
Getting all of your passwords into a password manager takes a bit of effort, but youâll be glad you did it. Once theyâre there, you can export and import them into any password manager you like. So even if you donât like Dashlane, for example, you could easily migrate to another one.
Just remember to disable password management in your web browser, to prevent it from fighting with your password manager when you try to log in to a website.
Outside of managementâs remit
Of course, there will be a couple of passwords which you’ll need remember yourself. For example, your computer login, phone passcode, and master password for your password manager.
In these cases, you need passwords that are easy to remember but still strong. To do this, Iâve created a memorable password tool on my website, which you can use. It generates passwords that are easy for humans to remember, but still very difficult to crack.
Consider our example of a password using a dictionary word. What if, instead of changing the characters within a word, it was composed of four different words in a row, such as âTerriblePasswordIdeaDestroyerâ? Even if there are only 500,000 words from which to choose, and the bad actor knows the format of your password, thereâs still roughly 1023 different possibilities, i.e., about 3 million years of cracking to do.
And if we insert a random non-alphanumeric character into each space between the words, such as in âTerrible$Password7Idea&Destroyerâ, the cracking time becomes astronomically long. (To the point where I canât even be bothered to do the maths.)
Human used amnesia⊠itâs not very effective
To commit the password to memory, it helps to construct an absurd concept or narrative which links the words together in the correct order.
For example, âGiant0Fist^Motorway2Dogâ could be remembered as a giant disembodied fist chasing a dog along the motorway. Then you only need to remember the mental image and the three separating characters.
If you follow the recommendations in this article, you’ll have super strong and unique passwords for everything. However, what if â despite best practices â your password is somehow compromised? Thatâs where a second verification method comes inâŠ