When it came to protecting your private information, security professionals used to focus on the complexity of your password. Make a password harder to guess and for hacking programs to break, and you would be safe.
That advice is still valid. But with the massive security breaches at tech companies like Adobe and LinkedIn exposing hundreds of millions of user names and passwords (and who knows how many breaches we haven't even heard about), simply creating a complex password isn't enough. The only way to minimize the impact of stolen log-in credentials is to use a different password for every site.
For most of us that's a daunting challenge. Who can remember 50 different passwords? The answer is a password manager that lets you create as many complex passwords as you need and store them all in an encrypted database under one master password for easy reference and auto-filling. Once you have your password manager running, it fills in your user ID and password for you whenever you visit a website.
When creating your strong passwords, go for at least 8 characters (the longer the better), with a mixture of upper and lower-case letters, numbers and, if the site or service allows, special characters, such as “!,” “#” and “?.” It should be something you can remember easily. A long sentence works well when you take the first letter of each word and then substitute the vowels for numbers or symbols.
For example: The quick brown fox jumped inside the orange box and slept = Tqbfj1t0b&s
However, it's also been proven that really long passwords work just as well. Numbers, capitalization and special characters are all bonuses, but a short password that uses all of these tricks may still be easier to crack than a long password with real words, such as "iliketobakecookies"
All of the major browsers have password managers built-in. Sometimes you'll find it under "auto-fill," since the browser automatically fills in your password. Only the free Mozilla Firefox Web browser for PCs and Macs has lets you protect your password list with a master password. Google’s Chrome browser requires you to log in to save or use saved password, so logging out will protect you. Apple’s Safari browser on Macs stores your password in the iCloud Keychain, which means your passwords will auto-fill if you're logged in. However you'll need your iCloud Keychain passcode to view the stored passwords. Internet Explorer will auto-fill any passwords stored and show you the passwords.
Fortunately, all browsers will only auto-fill if you’re logged in to your computer profile, so remember to log out when you’re done. And set your computer to sleep after a few minutes of inactivity and require your password to come out of sleep so no one can use your computer when you step away.
- On Windows PCs, you’ll find this under “Control Panel” then “Appearance and Personalization” and then in the “Personalization” section you’ll find “Change screen saver.”
- On Macs, go to “System Preferences” then “Security and Privacy” and you’ll find it under the “General” tab.
A better option is to use a stand-alone password manager. The best let you sync your passwords across Windows PCs and Macs, as well as Android and iOS devices, plus help you generate unique strong passwords for sites and securely store your credit card info. Two of my favorites are RoboForm (free for 10 logins, premium with unlimited logins $9.95 the first year, $19.95 thereafter at roboform.com) and LastPass (free for desktop app, or $12 per year for a premium account with access to mobile apps on lastpass.com).
For a free option, I like Norton Identity Safe, which works on Windows PCs, Macs, iOS and Android devices and stores credit card info. It doesn’t have the password generator, but it works.