• You have 3 passwords that you randomly choose between for every site you log into.
  • You haven’t updated your passwords in over 5 years.
  • Your password has your pet’s name or your birthday in it.
  • Your password has been on a leaked list but you still haven’t changed it.
  • You accidentally tweeted out your password.

Sean Spicer twitter screen grab tweet reads: n9y25ah7

Sound familiar? You know your password sucks, but you’re busy, who has time to deal with managing passwords? No one. I sure don’t. Even talking about passwords is boring. I know. I’ll try to make this quick and painless. You should use a password manager.

Password Managers

I started using a password manager a few years ago, and I’m here to tell you that it’s easy, convenient and you should start using one. I use LastPass, but there are other ones out there that are just as good. I know a number of people who use 1password.

A password manager is a program that runs on all your devices and creates and stores passwords for you. I have no idea what my passwords are. They all look something like this:

Lastpass screen. Password: d&B%x0Mxs6Kz52Rm

Are password managers safe?

Lifehacker has a good article on this. TLDR: Yes. Lastpass is encrypted, it has a running list of any sites that are hacked and will prompt you to change those passwords right away, and if you use 2 factor authentication a hacker still wouldn’t be able to access your account if they somehow stole your master password. But what if Lastpass is hacked? Lastpass has actually been hacked twice already. Here’s what happened last time it was hacked.  It says something that after reading about them being hacked, I actually feel safer using it.

Lifehacker has a good run down of other password managers, if you want to shop around.

If you’re thinking you’re fine because you’re using correcthorsebatterystaple, sorry friend, you’re not.

screenshot of xkcd comic - full comic in link
xkcd on password strength

You need a different password for every site. I don’t believe you can memorize so many random words and remember which site they’re for. Go download a password manager.

This is the second post in a monthly series about online security.

Last month I told you how to encrypt everything.
Next month I’ll be talking about 2 factor authentication.