Managing Passwords

Okay, you’ve got your computer/tablet/phone backed up, and you’ve got all your photos and documents saved. The next big thing to deal with is your passwords.

Dealing with passwords can be a tricky thing. You want to make sure your passwords are unique, random, and at least 16 characters long. For example, “SfutKUj8wcVUsoPL2” is a good password, but it’s going to be VERY difficult to remember — and you want a completely different one for every single site/login! That can be hundreds of different, difficult to remember passwords. Not an easy task, especially when you’re under pressure.

That’s going to be too many to remember, so many people write them down, either on a scrap of paper (that you’ll never find again), or in a notebook (which could be stolen or destroyed in an accident), or in a text file on your computer. Provided your computer is properly backed up this is a slightly safer method, but still leaves the possibility that somebody could find the file and open it. A friend mentioned in passing a year or two ago that he was saving all his passwords in the “Contacts” app. I was horrified. That app isn’t secure at all.

Some people use one password for all their logins. You only have to worry about remembering one password, and you never have to wonder which one you used where. This is a terrifyingly bad idea. If any one of the places you’ve used it has a data breach, ALL your accounts are now open and available! Every site should have its own individual password. Do NOT reuse passwords.

If you think your email address has never been involved in a breach, guess again. A few years ago an Austrailian researcher (Troy Hunt) released a database of the information from several different individual data breaches. There were 772 million unique email addresses. He set up a website where you can check and see if your address has been compromised. You may be surprised. Have I Been Pwned

So we’re going to introduce you all to the wonders of a good password manager. It’s going to make your life better in a few ways:

First, it’s going to be easier. It’ll semi-automatically fill in your login and password information for you when you visit a site that needs it.

Second, you’ll no longer need to remember a whole bunch of different passwords. The only password you’ll need to remember is the one for your password manager, and on Apple devices most of the time you won’t even need that, you’ll just use Touch or Face ID!

Third, you won’t have to worry about people breaking into your accounts because you’ll have long, random, unbreakable passwords on all your accounts!

There are several good programs out there, including some free ones. If you’re on the Apple ecosystem, you can use iCloud Keychain.

iCloud Keychain can suggest strong passwords, store them as well as passkeys* and two factor codes (2FA), sync them between all your Apple devices, and autofills passwords in apps and Safari. It’s easy to use, and it’s already installed on all your devices.

Here’s a short tutorial: How to use Keychain

And here’s how to add a shortcut to it on your desktop or dock: Passwords shortcut

If you want to go with a more advanced approach, or if you’re on a platform other than Apple, the program I’m going to recommend is called 1Password. It’s the program I’ve been using for several years. Its got more features, but that means it’s a little more complicated too. It’s not free, but there’s a two week trial. https://1password.com

If you go with 1Password then you’ll need a master password, here’s a password generator you can use to get a secure one. Password generator

For most sites I recommend long random passwords, but for the master password use a pass phrase instead, you’ll need to be able to remember it. Same recommendation for any logins that you’ll need to type in using your tv remote. You won’t need to remember it, but typing in a long random password that way is a real pain.

1Password has partnered with haveibeenpwned.com so now 1password can tie into the data and automatically check all your info against the database and tell you what passwords need to be replaced because they were in a breach. It’ll also tell you which passwords are weak and need to be replaced regardless of whether they’ve been breached or not.

*Passkeys are a safer and easier replacement for passwords. With passkeys, users can sign in to apps and websites with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, freeing them from having to remember and manage passwords. Passkeys will eventually replace passwords and get rid of the problems we currently face. They’re faster, easier to use, they can’t be stolen, and you don’t need two factor authentication. If a site offers to set up a passkey for you, do it! And then save it to whichever program you’re using.

Welcome to an easier and more secure online life.