Passwords are a necessary inconvenience. Yes, they’re a pain to create and manage, but vital for keeping your accounts and devices secure. It might seem we’re approaching the death of the password with the rise of biometric authentication and other such tech; but no single security method is foolproof. For the foreseeable future, expect to rely on a combination of techniques, including passwords.
And, really, passwords don’t have to be a pain. In fact, managing your passwords can be downright easy, or at least easier than you think.
Create strong passwords
There are a number of suggestions for how to create passwords, but the basic idea is that it be hard to guess. To be clear, we’re not trying to keep your neighbor from guessing it, but a computer running through dictionaries of common passwords.
That means no common words or phrases, and passwords that use a mixture of letters, numbers, and symbols are most desirable. Some services don’t allow the use of symbols, so be on the lookout for those restrictions. As for length, the standard suggestion is eight characters minimum, but 10 or more is even better.
The easiest way to create strong, randomized passwords is to use a password manager such as 1Password, LastPass, or Dashlane. All three of these services can create new passwords for you of varying length and complexity. Plus, a computer program is much better at remembering all of your complex passwords than you could ever be.
Whatever you do, don’t use any of the passwords listed here.
You’re probably wondering what’s so easy about creating a variety of random passwords that are hard to remember, but this is the first step. When you have hard-to-guess passwords (combined with the next step), things get a lot simpler since you can be reasonably confident your passwords are secure.
Stop changing your passwords so frequently
Common wisdom these days is that changing your passwords regularly can do more harm than good. That’s largely because people tend to pick poor replacement passwords that are easy to guess.
Plus there are only so many times you can stand changing your account passwords before you throw your hands up in frustration. Most of us have so many online accounts that switching the passwords for all of them seems like an overwhelming task. So don’t do it so often. As long as you’ve got a good, random password of 10 or more characters in length, you should be good to go for a long time—especially if you’re using two-factor verification on top of that. Every six months to a year is probably sufficient and even then only necessary for your high-impact accounts, lower-impact accounts can go much longer.
Of course, there are times when you must immediately change your password, such as when your service has a major breach or you have reason to suspect someone else knows your password.
When you do change your password automate it
Both LastPass and Dashlane have a really nice feature (that’s free) to help automate or semi-automate password changes for major online services. Dashlane’s feature is the more automated of the two, but both simplify the process by not requiring you to go hunting for the password page on your online accounts.
These are just the basics of online password management, but they can go a long way to keeping your accounts secure.