Let's get right down to it: Your password probably sucks.
"Okay, smart guy. Which one?" you're probably asking, smugly thinking to yourself that you have more than one password, so what does this jerk know anyway? All of them. They all suck. Even if you have more than a small handful of passwords, chances are you've gone for convenience over better security, leading to passwords that are both easier to remember and easier for someone else to guess or crack.
Here's the thing: We've all done it. We all have or have had bad passwords and weak security practices at one point or another. But if you really care about your digital security, you first have to recognize that there is a problem.
But it's okay. I'm going to tell you what's wrong with the passwords you've got, along with how to make better ones.
What's wrong with your passwords?
It's a decent bet that you — or at least a lot of people you know — have made a password with an easy-to-remember item inside of it. A kid's name. A pet's name. A birthday. These might be tough or surprising, yes. But they're also fairly easy to figure out for someone dedicated enough to the task.
Let's say you use your dog's name as a password for one of your accounts. Do you use Facebook? Chances are that you do. Have you ever made a post about your dog on Facebook? You probably have. Now, the real question: on how many of your accounts is your dog's name a password? Is it more than one?
The reason this is a problem is that now, anyone who has a mind to try it has a way to compromise at least one of your accounts. Maybe you don't think anyone will try to get into your accounts. Unfortunately, if you think that, you're naive: Password-cracking and social engineering hacks happen to thousands of people every day, and the only thing stopping your account from being compromised is your password security.
What you can do about it
First things first: Create better passwords. Stronger passwords. Passwords that aren't the name of anyone you know or any pet you've had. If you can, stay away from single words. Use special characters. Numbers. The longer the password is, the harder it is to guess. If you want something that's easier to remember but still secure, use unrelated words combined with special characters to form something like "atypical-muskoxen-game-crockery-water" (thanks, 1Password).
Secondly: change your passwords regularly. It might sound like a pain, but it's a fairly simple step to make your life more secure. And when changing your passwords, remember the first set of rules. Complication. Special characters.
Finally, and maybe most frustratingly, you're going to want to use a different password for each of your accounts, to the degree that it's possible. While yes, it will be a pain, at the end of the day it will help prevent someone who might have compromised one of your accounts from getting into anything else.
If all of this sounds overwhelming (which is understandable, given how many things we need to log in to these days), I'm about to talk about a tool that will simplify this a great deal: the password manager.
Why you should use a password manager
With a password manager, you don't have any excuse for bad passwords. A password manager lets you set up a vault with a master password, then add login items for pretty much anything. Enter your usernames, passwords, and other login information for a variety of sites and accounts, software you own, or even credit and debit card information. And all of it's securely stored so you don't have to worry about someone getting their hands on everything.
But a key component of many password managers is password generation. You set certain parameters, such as what type of password it should be, how many characters it should have, and more, and your password manager will offer up a secure suggestion. You don't need to worry about memorizing it, because whether through the app itself or an extension into your browser of choice, your password manager will let you quickly copy your password so you can paste in the relevant password field.
Password managers will also often sync your items between devices, so you're never without everything you need to access your most important websites, services, and accounts. Do be aware, though, that you'll often need to pay for syncing.
Here are some of our favorite password managers, each with apps for iPhone, iPad, and Mac, as well as extensions for the major web browsers.
- 1Password - Free - Mac (opens in new tab); iPhone and iPad (opens in new tab)
- Dashlane - Free - Mac (opens in new tab); iPhone and iPad (opens in new tab)
- LastPass - Free - Mac (opens in new tab); iPhone and iPad (opens in new tab)
- Enpass - Free - Mac (opens in new tab); iPhone and iPad (opens in new tab)
Why I use 1Password
There are several password managers out there, but 1Password has been the only one that's I've used and stuck with. It's easy to setup and use, with options for buying a standalone license or a subscription. If you're just storing login information for a few sites, that's fine. Like other managers, it can also generate new, secure passwords. You can even set up 1Password to receive the one-time passcodes used in two-factor authentication (more on that in a minute) within each login item so you don't have to rely on a separate app like Authy.
But what I really love about 1Password are the massive number of options you have. You can store bank information, frequently-used identity information, your driver's license, a software license, even the info for your wireless router. On each individual login item, You've got standard fields for username and password and the website that those credentials go to, but then there's also room for one-time passwords, notes, tags, when login items should be displayed, and even custom fields.
You can use 1Password in a number of different ways. You can elect to pay a one-time fee to unlock all of the features in each version of the app. You could also create a 1Password account and sign up for a subscription, which starts at $2.99 per month for individual users. If you sign up for a Families or Teams plan, you can coordinate the use of 1Password across your family or professional team, with shared and private vaults for everyone, and all of the versions of 1Password available as part of the subscription.
As important as they are to get right, no password is bulletproof. That's why we have two-factor authentication. In addition to your password, you can set up your various accounts to also generate a one-time code that you'll find in an authorized app or a device. These codes become useless after a short period of time.
For instance, if you enable two-factor authentication for your iCloud account, when you enter your email address and password, Apple will ping the various devices connected to that iCloud account, asking if a login attempt is authentic. If you say yes, then on the specific device that you answered the request on, you'll receive a pop-up with a code. Enter the code as prompted in your browser or on your device, and you're all set.
You can so much more about two-factor authentication, including how to set it up with your favorite sites and services, in our handy guide.
How are your passwords?
What are the things you do to keep your accounts secure? Let us know in the comments.
Get the best of iMore in in your inbox, every day!
Joseph Keller is the former Editor in Chief of iMore. An Apple user for almost 20 years, he spends his time learning the ins and outs of iOS and macOS, always finding ways of getting the most out of his iPhone, iPad, Apple Watch, and Mac.
These are not bad tips ,but there's simply no reason to regularly change one's password, unless it's been known to be compromised. NIST updated guidance "Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator." https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret
But my dog's name is snuffleupagus!!
Good tips, but more than anything, this reads like an ad for 1PW. None of the competing paid or o/s-integrated p/w managers are reviewed. My suggestion to every iOS user is to start with the iCloud Keychain p/w manager and only go paid if you need extreme functionality. iCloud Keychain does most of what most folks need from a p/w manager in that it creates, stores, loads p/w. If a person only used this feature, they would already be among the best practitioners out there.
Thank you for signing up to iMore. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.