Seems like we can't go a week anymore without hearing about some major security breach at LinkedIn or Yahoo! or some other website, where user accounts were compromised and data potentially stolen. While there's a lot the sites themselves need to do to make it harder to steal our info, there's also something we need to do -- use strong, unique passwords for each and every site.
Whether it's iCloud, iTunes, Gmail, Facebook, Twitter, Amazon, Dropbox, or any site that has access to our credit card information or personal data, it should be locked down for our protection. Even sites like iMore should be secure so no one can use our account but us.
Here's how to set up strong, unique passwords and keep your data safe.
Get a password manager
Seriously. Once you start employing strong, unique passwords, it will be impossible to remember them all yourself, and if you write them down you destroy any strength they have. That means you'll need a password manager.
Good password managers typically aren't free or cheap but don't look at the cost -- look at the value. Spending a few bucks up front is way less expensive -- in terms of both time and money -- than having your data stolen and having to deal with the repercussions later. Just like you buy a lock or alarm for your house, car, even gym locker, buy a lock for your data.
The way a password manager works is that it can generate strong, unique passwords for you, save them securely, and auto-fill them when you need to login to a website..
Here are some of the ones we've reviewed and that have good cross-platform support. (It's important to pick one that runs on all the devices you use.)
- 1Password - works on iOS, Android, Mac, and Windows
- DataVault - works on iOS, Android, BlackBerry, Mac, and Windows
- RoboForm - works on iOS, Android, BlackBerry, Mac, and Windows
Realistically, you'll still have to remember a few passwords and passcodes -- the one that unlocks your password manager, of course, and also the ones that unlock your iPhone, iPod touch, and iPad, or logs you into your desktop computer before the password manager can run. There may also be websites you may need to access from someone else's computer, like iCloud or Gmail, if you don't have any data access on your phone while traveling.
How to choose an easy-to-remember but still strong-ish password
For the password to login to your Mac or Windows PC, or to unlock your password manager, you still want something strong but you need something you can remember. If it's not strong, someone can break in, and all your other passwords suddenly become worthless. If it's not easy to remember, you won't be able to use it, or you'll write it down, which either locks you out or, again, makes all your other passwords vulnerable.
Here are some dos and don'ts when it comes to making a strong-enough password that you can still remember.
- Don't use the word "password" as your password, or your username, or your email address, or real name, or anything equally lame or obvious. You want your password to be as unguessable as possible
- Don't use anything found in the dictionary as you password. Simple, short, really easy to remember words also means really easy to guess or to hack using a dictionary attack.
- Use a mix of lower case and upper case, numbers and letters, symbols and punctuation. Mixing languages doesn't hurt.
- Make it as long as you can. 10 characters should be enough if you're not guarding SHIELD-level secrets. Make it a phrase so it's easy to remember but still hard to guess. Here are some examples: !M0r3-R()CK$! or Un3,1M0re,(ho$e...
- Add some variation for each device or site for which you need a memorable password. You can keep it relative if you have to. For example, you could add the first 2 characters of the domain name to the beginning or or end of your password, like im!M0r3-R()CK$! or Un3,1M0re,(ho$e...ac
How to change your passwords to something strong and unique
Now that you have a password manager that can generate strong, unique passwords, and you know how to come up with you own fairly strong, fairly unique ones for the few sites you absolutely have to keep in your own memory, you need to go change your old broken for the new hotness.
Typically this involves typing in your old password to authorize the change, and typing in your new password twice to make sure it's accurate. Some sites might also use a CAPTCHA system and make you copy some words or characters that appear in a box. (That's to try and make sure you're not a "robot" program attempting to hack the account.)
How to change your iMore.com password to something strong and unique
A good place to practice changing your password is right here on iMore.
Note: Because iOS doesn't allow browser extensions, you'll have to use the embedded browser within your password manager if you want to generate and save your new passwords while mobile.
- Click on Welcome, [your username] at the very top right hand corner of the page.
- Click on the Edit tab
- Enter your old password to authorize
- With your new password manager, generate a new password and copy it to the clipboard -- mine gave me c7^^9tRjJF
- Paste your new password into both the Password and Confirm password fields.
- Click Save at the very bottom.
- If your password manager asks you if it should remember the new password for you, click Yes
How to change your Apple, Google, Facebook, Twitter, Dropbox and other passwords to something strong and unique
The process for changing and strengthening your passwords for other sites, like iTunes, iCloud, Gmail, Facebook, Twitter, etc. are very similar to the above. Here are links to the account or password change pages for them:
- iCloud and iTunes (or any Apple ID account)
- Gmail (or any Google account)
Security is in constant conflict with convenience. Using strong, unique passwords can be a hassle to remember and chore to input, especially on mobile devices. But having your password and data stolen is a far, far bigger hassle. A great password manager app can help bring harmony your security.
So pick a password manager, set aside some time, and make all your passwords strong and unique. Then, next time you read a headline about some website being compromised, you'll be glad you did.
And if anyone else has any ideas on how to make passwords strong, unique, and still keep life as user friendly as possible, add them to the comments.