Modern life is infested with passwords, and nearly anything that you might want to do requires one: buying tickets, paying bills, and even reading magazines. Long ago, it might have been acceptable to use a single password on most Web sites, perhaps with a slight modification for an important site. But things are different now. Thieves can steal millions of encrypted accounts at a time, employ sophisticated hardware that can try over 350 billion passwords per second on those accounts, and sell those decrypted passwords on the black market. If you have a weak password on a site whose accounts are stolen, every other site on which you use the same password is vulnerable. That could result in your email account being used to send spam, or even having your online bank accounts drained. It’s dangerous out there.
The solution to this problem is to use a different strong password for every site. What’s a strong password? Put simply, it’s one with enough random letters, numbers, and punctuation characters to foil cracking hardware. The zxcvbn tool can show you how long it will likely take for any given password to be cracked: “secret” is instant, “MYsecret-pass” could take up to 9 minutes, and “ZypJEVF3*8i9L3JsUer2K” will take centuries.
But nobody can remember “ZypJEVF3*8i9L3JsUer2K”—and nobody wants to type it. The solution? Get a Mac or iPhone to do the work with password management software! Passwords have moved from the realm of the human to that of the computer, and by far the best way to protect your online security in today’s world is with a password manager. A password manager can help you generate secure passwords, store them securely, and enter them automatically.
Apple provides a simple password manager, called iCloud Keychain, that’s available on the Mac (in System Preferences > iCloud > Keychain) and in iOS (in Settings > Your Name > iCloud > Keychain). It syncs usernames and passwords between Apple devices. iCloud Keychain can help you sign in to Web sites that you visit using Safari. It can also help with signing in to iOS apps. However, because it doesn’t work with Web browsers besides Safari, it’s not the right password manager for everyone.
Fortunately, excellent third-party password managers are available, and two that we recommend are 1Password and LastPass. In the screenshot of 1Password shown below, in the left-hand sidebar, notice the many data categories that the app can handle for you. In recent years, some password managers (including 1Password and LastPass) have added features for teams or families to share passwords securely, so you can share the login info for a vendor payment system or joint bank account.
Even with a password manager, you need a few passwords that you can remember and type by hand. Most obviously, there’s the password to your password manager! This password should be easy for you to memorize and type, but also long enough (at least 12 characters with letters, digits, and punctuation) and random enough (use 16 characters if you can’t be really random). Another password that you may need to type frequently is your Apple ID password, which is necessary for iCloud, the iTunes Store, the App Store, and more.
If you’d like to start using a password manager but want to read more about it first, we recommend the friendly and helpful ebook Take Control of Your Passwords, by Joe Kissell.
No matter how you generate and keep track of your passwords, make sure to use a different strong password for each of your Internet accounts—this will limit your exposure to theft and protect your privacy!