What's The Password?
I love answering questions about online safety and most commonly I am asked about passwords.
Download LastPass to use a password manager if you're just a singular person looking for the easiest free solution. Download the app on your mobile device(s) and the browser plugin. Use it for your passwords. It'll autofill in most apps and browsers. Lie on your security questions and store the answers in LastPass too. Then you can just open it up and copy and paste into the answer field for security questions.
I love answering questions about online safety and most commonly I am asked about passwords. How long do they have to be? Do they really need a special character? How can I write a good password? Can I use one password for everything? What's a password manager and do I need one? This is my big answer to all of the questions about passwords!
How long do they have to be? The short answer is, (without getting too deep into the math and technical reasoning) the longer the password the harder they are for a computer to guess (brute force). Your password could be the entirety of the English alphabet in lowercase and it would take longer for a computer to guess than a 8 character password with special characters and numbers.
When it comes to passwords, the goal is to make it more difficult for someone to run a program that attempts to guess your passwords. This is why you tend to get steered away from passwords that are common (such as Password123!) or have appeared in data breaches (look up dictionary attacks and rainbow table attacks for more on this if you're curious) before. Both of the passwords in the example above would probably get cracked pretty quickly because they're extremely common. If you're curious about whether or not your chosen password has appeared in a data breach, check out Have I Been Pwned.
Some sites have password length maximums, meaning your password can't exceed a certain character length. I personally think that's dumb, especially when the maximum length is too low. When this is the case, load up on the special characters and uppercase numbers. In the absence of length, complexity is your friend.
Do they really need a special character? "Need" is relative, but if the password is long and you want to mix in some special characters, all the better. Some sites will require you to use special characters and some sites will explicitly not allow it. If you're allowed to do it, I say add it. If not, make sure the password is long.
Picking a Password
There are a couple of ways to pick a password and none of them include using your name, your children's name, your birthday, the name of the service you're using plus '123', or any other easily guessable terms and phrases. While there are many methods to pick passwords, I'm going to cover two here.
Method 1: First Date Questions
The best advice I've seen to accomplish this is to use passphrases. Passphrases guarantee that your password will be long. A good trick might be to pick three or four "first date" questions and use the answers to form your password.
Let's try this now? What's your favorite color? What do you do for fun? Who is your favorite superhero?
This is an amazing password on it's own. Things you know and can remember and if you want to make it even stronger you can replace one or some of the letters with numbers. Below, I've replaced the letter 'a' with the number 4.
With the 'First Date' method, you'll remember your password as long as you remember your first date questions. Also, feel free to lie...just like one might on a first date. There's no reason to tell the truth here. It's a password, not a legal trial.
Side note: Same thing goes for security questions, by the way. You can and probably should lie for those too. There's absolutely no reason -----— needs to know which elementary school you actually attended.
Now you know how to build stronger passwords, but you still have the problem of how to store it. Best practice is to use different passwords for different sites. So do you create 20 different passwords and write them down? Do you store them in a Google Doc? Method 2 solves that problem.
Method 2: Use a Password Manager
I have no idea what most of my passwords are because I use a password manager. A password manager is a tool that generates and stores your passwords to various sites for you. The only password you need to know if the password to unlock your password manager.
I personally use two different password managers, so I'm going to focus on them because I have experience with them. There are, of course, others out there but I won't have much advice to give about them. I use 1Password and LastPass. When you're looking for a password manager, you probably only care about one main thing. How easy is it for me to just paste my password and log in? You don't want to have to click around a lot to get your password and you probably want that same ease of use no matter what device you're using; be it mobile or laptop. Right? You're in luck. LastPass and 1Password both meet those needs. The iPhone has integrations that will allow you to select your password from both password managers when logging into a site or app from your phone. Both password managers have browser plugins that will auto-fill your login information for you.
I'd say the only real deciding factor between the two for the average user is that one has a free tier and the other does not. For this reason, I highly suggest LastPass over 1Password for the average user. It allows sharing across multiple devices, generates and stores passwords, and autofills login pages for you. You can also add notes to password entries where you can lie about the answers to your security questions and store the answers with your login information.
Get started with LastPass. 1Password would be my suggestion for teams of people. It's features around vaults make it the better option for that, in my opinion. But I'm open to alternative perspectives! The goal here is to find what works for you and your lifestyle. Security should never be a hinderance for you as the user.
Wrap It Up, Girl.
This post is not comprehensive of everything you need to know about passwords. Not by a long shot. But it's a pretty good answer to the questions I usually get about passwords. My final suggestion to you would be to sign up (click Notify Me) with Have I Been Pwned to get notified any time your email address shows up in a breach. Look out for another post from me about what to do if this happens. Let me know if you end up trying LastPass. I'd love to hear your thoughts and whether or not it worked out for you.
Antoinette Stevens Newsletter
Join the newsletter to receive the latest updates in your inbox.