Coming up with new, complicated passwords for online accounts can be a real chore. You often need the correct mixture of upper- and lowercase letters, numbers and special characters, and remembering them all can seem an impossible task.
Here, we’ll share some top tips for how to manage all your passwords, as well as some techniques for generating varied and secure passwords for your accounts.
1. Don’t use the same one on everything
It’s obvious, but it bears repeating. You’d be surprised how many people have just one password and use it for all their accounts. While this certainly makes it easy to remember, it also means if you get hacked on any account, you’ve essentially been hacked on all of them if you also use the same email address or username.
As tempting as reusing passwords might be, it’s important make sure you have a varied collection of passwords to make it difficult for hackers.
This can be too daunting for many people, as keeping track of so many passwords is just too inconvenient. This leads to unsafe behaviour, as reported by Naveed Islam, Chief Information Security Officer at payment service provider Dojo.
“Passwords are the digital keys for just about everything on the Web, from checking emails to online banking. The surge in online services has resulted in a proliferation of password usage. This has resulted in password fatigue – the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine. To cope with password fatigue, people reuse the same password across multiple websites, using simple and predictable password creation strategies. Attackers exploit these well-known coping strategies, leaving individuals vulnerable.”
Security and convenience are not easy things to align, but hopefully if you can adhere to some of the suggestions below you can at least mitigate the risks.
2. Don’t use information that’s easy to guess
A common way to remember passwords is to using birthdays, pet names, your mother’s maiden name and – most often – a combination of those.
This might seem clever, but for anyone serious about breaking into your account, these are some of the first things they will try. Also, these tend to be the kind of questions you’re asked when filling out forms or even taking silly quizzes on Facebook and other platforms. So while you think only you know this information, there’s a good chance it’s available out there on the wider internet.
The trick with passwords is to be as random as you can make them, so associating them with information that directly relates to us isn’t a good idea.
3. Don’t use any of these common passwords
Each year various researchers post the most used (and usually hacked) passwords people think are keeping their data protected. Sadly, the same ones do tend to pop up quite regularly. Here’s the list of most common used password in the US in 2022, as reported by Dashlane, and it really beggars belief that anyone is still picking these.
It won’t be long before this list changes, as many of these poor efforts won’t cut it as websites demand special characters, numbers and other things. The point is, if you’re using any of these passwords, change them immediately.
4. Avoid themes
As mentioned above, you’ll want to make the things you use for the basis of your password as neutral as possible, as this helps avoid personal information slipping in or using obvious patterns of letters and numbers.
A recent report by Dojo outlined the most commonly hacked passwords worldwide and the top themes into which they fell. Here are the top 10:
Pet names/terms of endearment
So, if you want to create better, more secure passwords, avoid using these as your inspiration.
5. Use two-factor authentication
Most major sites and apps now offer support for two-factor authentication when logging in from a new device. This usually involves you having to get a verification code texted to your phone or the use of a verification app.
The idea is that the hacker needs to have your physical device to be able to gain access to your account, which is much rarer than a simple software hack. It’s a slight hassle, but absolutely essential if you want to protect yourself from potentially weak passwords.
6. Good rules for a strong password
The more you mix up capitals and lowercase letters, special characters (such as $%^&) and numbers the better. Start your password with a number, too.
You’ll find a variety of suggestions for creating a password you can remember, such as the first letters from a common phrase, music lyric or whatever else you can remember.
And replacing letters with numbers is another tactic. For example, use 0 instead of o, 1 instead of I, 4 instead of A, 3 instead of E and special characters such as @ instead of o or a.
For example, bigbrowndog becomes b1gbr0wnd@g.
That’s not too hard to remember, or type. And you should capitalise the first b, too, or even each individual word for an even stronger password.
Short passwords are best avoided, as they take less work to hack. Also avoid combinations, such as the initials of yourself or your family or company, as patterns are things that can be hacked quicker than random elements.
Nicknames, terms of endearment, brand names, and even your star-sign can give you away, so avoid them if possible.
This can be very hard for normal people to create, as our memories are trained to remember things, which usually involves some kind of pattern or association. Thankfully you don’t have to put in all the work yourself as there are tools available that can do the job easily and probably more securely.
7. Use a password generator
The quickest way to come up with a long, strong password is to use a generators. These apps (which can also be found on websites) will automatically generate randomised passwords that can include whatever mixture or length and characters you require. Usually these are free and very easy to get to grips with.
Here’s the generator that’s part of the free Bitwarden password manager:
We think the best way to deal with the increasing need for more and complex passwords is to use a password manager. These will act as a central hub for all your log-in details, automatically generate random new passwords for your accounts, and auto-fill login fields on apps or websites on your behalf.
The best part is that you only have to remember a single password to the service itself, then the password manager does everything else.
You can also let you web browser save logins for you, or your phone. But neither of those is truly universal, and won’t enter logins on all your devices and in all apps. That’s why a password manager is the better option.
Martyn has been involved with tech ever since the arrival of his ZX Spectrum back in the early 80s. He covers iOS, Android, Windows and macOS, writing tutorials, buying guides and reviews for Macworld and its sister site Tech Advisor.