There are far too many places that we all have accounts for now, each one needing a password. Many people give up trying to remember passwords and pick one and use it, or some simple variation of it, for all the places they need one. This is a terrible and unsafe practice but very understandable.
I’ve seen so many cases of people having their accounts taken over, or broken into because one service they’ve used has been breached and the password they’ve used there exposed and then used to log in to another one of their accounts. I used to think that it really wasn’t a big deal, no one is going to try to hack me or get into my accounts. That’s not how it works though.
There are targeted attacks on people, but more common is someone will get their hands on a list of exposed passwords and then use automated tools to try the list of passwords and common variations on the password to log into different accounts. They don’t care who is on the other end.
If you want to get a bit freaked out put your email address into the free site Have I Been Pwned. It keeps track of breached services and will tell you if your email has been seen in any of them.
My best advice is to use a password manager. This is a program or service that will help you keep track of all your accounts and passwords for them. For most of my accounts my passwords look like this Q@pUkJ!NPgZ4wGwU38-cNP@TG2MXkBRy I don’t remember any of them though. There are only a few passwords I need to remember. Ones to get into my devices, and the one for my password manager. From there it will get me access to all my passwords and auto fill them when I need to log in somewhere.
For the passwords I do need to remember I don’t use a typical password, I use a pass phrase. This XKCD comic is one I come back to. Instead of a password you can take random words and create a phrase out of them. It turns out that is much harder for a computer to crack then most passwords.
The other thing to do is to use two factor authentication for any service that offers it. This typically involves another app or a text message sent to you with an extra code you need to enter to gain access. It can seem like a pain sometimes, but the added security is worth it.
One of the exciting things that is becoming more popular as support grows is passkeys. These have a lot of advantages in security and ease of use once set up. It involves private and public key cryptography. You keep a private key stored on your device and a public key on the service you are signing into. There are protocols in place to send checks back and forth between your device and service using the keys to encrypt and decrypt and verify it’s you. You don’t have to remember a password typically if you are on a device that takes fingerprint or face ID you have to verify yourself that way before logging into a service.
To manage all these things, strong random passwords different for each account, two factor authentication, and passkey’s I use the 1Password password manager. My work will pay for it, but I pay for it myself to get a family plan so we can all be a bit more secure. I really like it for passkeys because I don’t have to set up a passkey for each device I use to log in somewhere I set it up and store it in 1Password and then can use it from my phone, or computer.
It’s a bit of work to get set up and get used to using it, but it’s really worth it for the added security and not having to try to remember a bunch of passwords anymore.
Sandy McFadden 