How to change your iMore, iTunes, Facebook, Gmail, and other passwords and make 'em strong!

How to change your iMore, iTunes, Facebook, Gmail, and other passwords and make 'em strong!

Seems like we can't go a week anymore without hearing about some major security breach at LinkedIn or Yahoo! or some other website, where user accounts were compromised and data potentially stolen. While there's a lot the sites themselves need to do to make it harder to steal our info, there's also something we need to do -- use strong, unique passwords for each and every site.

Whether it's iCloud, iTunes, Gmail, Facebook, Twitter, Amazon, Dropbox, or any site that has access to our credit card information or personal data, it should be locked down for our protection. Even sites like iMore should be secure so no one can use our account but us.

Here's how to set up strong, unique passwords and keep your data safe.

Get a password manager

Seriously. Once you start employing strong, unique passwords, it will be impossible to remember them all yourself, and if you write them down you destroy any strength they have. That means you'll need a password manager.

Good password managers typically aren't free or cheap but don't look at the cost -- look at the value. Spending a few bucks up front is way less expensive -- in terms of both time and money -- than having your data stolen and having to deal with the repercussions later. Just like you buy a lock or alarm for your house, car, even gym locker, buy a lock for your data.

The way a password manager works is that it can generate strong, unique passwords for you, save them securely, and auto-fill them when you need to login to a website..

Here are some of the ones we've reviewed and that have good cross-platform support. (It's important to pick one that runs on all the devices you use.)

  • 1Password - works on iOS, Android, Mac, and Windows
  • DataVault - works on iOS, Android, BlackBerry, Mac, and Windows
  • RoboForm - works on iOS, Android, BlackBerry, Mac, and Windows

Realistically, you'll still have to remember a few passwords and passcodes -- the one that unlocks your password manager, of course, and also the ones that unlock your iPhone, iPod touch, and iPad, or logs you into your desktop computer before the password manager can run. There may also be websites you may need to access from someone else's computer, like iCloud or Gmail, if you don't have any data access on your phone while traveling.

How to choose an easy-to-remember but still strong-ish password

For the password to login to your Mac or Windows PC, or to unlock your password manager, you still want something strong but you need something you can remember. If it's not strong, someone can break in, and all your other passwords suddenly become worthless. If it's not easy to remember, you won't be able to use it, or you'll write it down, which either locks you out or, again, makes all your other passwords vulnerable.

Here are some dos and don'ts when it comes to making a strong-enough password that you can still remember.

Password Don't

  1. Don't use the word "password" as your password, or your username, or your email address, or real name, or anything equally lame or obvious. You want your password to be as unguessable as possible
  2. Don't use anything found in the dictionary as you password. Simple, short, really easy to remember words also means really easy to guess or to hack using a dictionary attack.

Password Do

  1. Use a mix of lower case and upper case, numbers and letters, symbols and punctuation. Mixing languages doesn't hurt.
  2. Make it as long as you can. 10 characters should be enough if you're not guarding SHIELD-level secrets. Make it a phrase so it's easy to remember but still hard to guess. Here are some examples: !M0r3-R()CK$! or Un3,1M0re,(ho$e...
  3. Add some variation for each device or site for which you need a memorable password. You can keep it relative if you have to. For example, you could add the first 2 characters of the domain name to the beginning or or end of your password, like im!M0r3-R()CK$! or Un3,1M0re,(ho$

How to change your passwords to something strong and unique

Now that you have a password manager that can generate strong, unique passwords, and you know how to come up with you own fairly strong, fairly unique ones for the few sites you absolutely have to keep in your own memory, you need to go change your old broken for the new hotness.

Typically this involves typing in your old password to authorize the change, and typing in your new password twice to make sure it's accurate. Some sites might also use a CAPTCHA system and make you copy some words or characters that appear in a box. (That's to try and make sure you're not a "robot" program attempting to hack the account.)

How to change your password to something strong and unique

A good place to practice changing your password is right here on iMore.

Note: Because iOS doesn't allow browser extensions, you'll have to use the embedded browser within your password manager if you want to generate and save your new passwords while mobile.

  1. Click on Welcome, [your username] at the very top right hand corner of the page.
  2. Click on the Edit tab
  3. Enter your old password to authorize
  4. With your new password manager, generate a new password and copy it to the clipboard -- mine gave me c7^^9tRjJF
  5. Paste your new password into both the Password and Confirm password fields.
  6. Click Save at the very bottom.
  7. If your password manager asks you if it should remember the new password for you, click Yes

How to change your Apple, Google, Facebook, Twitter, Dropbox and other passwords to something strong and unique

The process for changing and strengthening your passwords for other sites, like iTunes, iCloud, Gmail, Facebook, Twitter, etc. are very similar to the above. Here are links to the account or password change pages for them:


Security is in constant conflict with convenience. Using strong, unique passwords can be a hassle to remember and chore to input, especially on mobile devices. But having your password and data stolen is a far, far bigger hassle. A great password manager app can help bring harmony your security.

So pick a password manager, set aside some time, and make all your passwords strong and unique. Then, next time you read a headline about some website being compromised, you'll be glad you did.

And if anyone else has any ideas on how to make passwords strong, unique, and still keep life as user friendly as possible, add them to the comments.

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

Monday Brief: Editors-in-Chief best of season 1

Next up →

50% off OtterBox Impact Series Case for iPhone 4S and iPhone 4 -- only $9.95 [Daily deal]

Reader comments

How to change your iMore, iTunes, Facebook, Gmail, and other passwords and make 'em strong!


I noticed that LastPass doesn't get a lot of love around here whenever Password Managers are discussed. LastPass is a very capable and popular password manager that is also cross-platform across the major platforms. I use it all the time and it's WAY less expensive than using 1Password if you want to use it across all the major platforms. There is a $12/annual fee if you want to use LastPass on mobile devices but I thought it was worth it. Look it up.

I agree. This is a much-needed article with tips that no one should ignore, but lastpass deserves top marks for me. The current iteration of its iPhone app is currently not the best thing about it, but I'm sure they will update it soon. It's an amazing secure timesaver.

I have no connection with lastpass. But I want to say something that many people know. Roboform as a history of ripping off its customers. I'll just leave it at that, and anyone can do the research if they like.

This is a great article. It really does seem like these kind of information leaks are happening more and more often. Personally Im looking into adopting a password manager because it really does seem like the best compromise between security and convenience. That being said I do keep a very low level, almost through away password for sites that make you form a user account but don't contain any of my personal info. For instance one cooking site made me form an account to email a recipe to myself for offline reference. That kind of setup gets my spam gmail account and a password my 2 year old can guess.

I noticed that SecureSafe gets no love either. It's free for the first 50 passwords, has web accessibility, and it's awesome! I can even upload documents for secure storage They have pay subscriptions too that allow for increased size for secure document storage and unlimited password storage.

I've been using KeePassX on my Mac. I love it, but it is a manual process to sync the DB file with my iPhone / iPad.

Gibson Research has a great little online toy explain the effects of mixed characters and length on a password's effectiveness....great feedback on how many minutes/hours/years it would take to crack the sample you supply.

He also explains why the first of the two following passwords is stronger even though it appears simpler....



Great article and so needed!
I'd like to add another recommendation, that of PasswordWallet by S3. It is incredibly full-featured and has been around since MacOS 7 days (I used it on my Palm way back when also). It runs on just about everything and has sync. My only complaints are that the UI looks a bit dated and that the sync wizard is a bit complicated for some things, like WebDAV (actually, I kind of hate wizards in general, just give me a nice settings panel).

I suppose that is true if someone gets that password, physical access to your machine, and/or the password manager file. But then you're pretty screwed anyway. And what is the alternative? Not having a different strong unique password for EVERY site or service? I'll take my chances with the password manager.

I think a more practical solution would be to memorize important passwords, like the one's to access online banking, PayPal, email, etc. And use a password manager for other inconsequential sites like this one.

If you can memorize them, they probably aren't as good as they should be. That's the noted downside of the password manager (as you have to have something easy enough to memorize)... but you can control physical access to it for the most part, which you can't with your online banking account, etc.

Could we get a little editorial explanation as to why you never talk about LastPass? It's widely adopted and widely praised by other sites. If you have a specific reason that you think we should avoid it, please tell us!