Summary: Use your browser or the password manager included with your antivirus (if it has one); use a password manager such as LastPass, Passpack or 1Password; generate passwords that contain numbers, uppercase and lowercase letters, and symbols using your password manager; activate two-factor or fingerprint authentication whenever possible.
I'll let you in on a little secret: I do not know (most of) my passwords. This might seem contrary to common sense, but I feel safer this way and I also know that it would be impossible for me to know them all by heart. Years ago, I used to have the same password (or a variation of it) for all my accounts.
When I started working on websites (or, more specifically, when I built El Jardín Vegano's website) I realized how important it was for me to have a unique and hard-to-guess password, I'll tell you why: Once my website showed up on the first page of Google's search results (yay!), it started receiving attacks directed to the backend or administration page. The hackers tried to access my site using the most common (and default) username "admin" and variations thereof. Even if I don't know specifically which passwords they tried, I assume they were also the most common ones. They tried for a long time but, fortunately, they were never able to access the backend of my site.
If your website allows your clients to register, it is extremely important that you do not have an easy-to-guess password.
Image what would have happened if I had used a common password and the default username. Not only would they have gained access to my site and my information, but they would have also gotten access to my clients' information! Clients who had trusted me and had created an account on my website to buy their products. This is the reason I decided to create this blog post because I also want you to have secure, strong passwords and I want you to be able to manage them easily for both your and your users' sake.
This does not mean that having a unique and hard-to-guess password will let you off the hook and that you will never be hacked because this obviously depends on how sophisticated the methods the hacker is using are and how experienced the hacker is, but at least it will be harder to achieve.
So which methods do I recommend? In short, they are:
Passwords such as "12345678" or "qwerty" are super-popular and people generally use the same password in many or all of their accounts (including their bank's!). What would happen if a hacker (or someone else) gains access to this password? They would immediately gain access to very important information about your personal life and even try to steal your identity.
So what can you do to avoid this? Well, for starters, you can create a completely random password for each one of your accounts. This password needs to be as unique and long as possible. Some strong password examples are:
Hey! Please don't use the passwords above. This is just to give you an idea of how to create a strong password.
Note that there are websites that restrict the number of characters or don't allow special characters. Try to always use the maximum number of characters possible (or at least 16) and mix uppercase and lowercase letters, numbers, and special characters to create a really strong password.
But how on Earth will you remember all of them? It's very easy! And no, my advice is not "write them on a notebook". There are a lot of programs available that can help you with this, whether you prefer to save them on the cloud or in your device.
If you're using an antivirus, it's possible that it includes a password management service and, if it doesn't, there are other programs you can download or add to your browser which can help you generate and store these passwords safely. Besides, if you use a browser such as Chrome, it can save your passwords to your Google account. The disadvantage is that this method only works if you're using your browser, but it doesn't work in apps on your phone or programs on your computer (unless you copy-paste the password).
This is probably the best way to keep passwords safe. Some of the most popular password managers are LastPass, Passpack, and 1Password. In this post, I'll focus on LastPass since it's the one I use to manage my passwords.
LastPass is a very popular password manager, that stores your encrypted passwords on the cloud. To see or use your passwords, all you have to do is remember one single password, called "master password". Their Android and iOS apps and their modern browser extensions allow you to have your passwords up-to-date, no matter the device.
With LastPass, you can also store your credit card information, your Wi-Fi password, addresses, safe notes, etc. and they will be equally stored under strict security measures.
Besides, if you struggle to create original, secure, and hard-to-guess passwords, LastPass includes a complex password generator that you can use to stop worrying about whether your passwords are good enough and it allows you to share your passwords securely with your contacts.
In case of an emergency where for any reason someone needs to know your passwords and you are unable to share them, LastPass allows you to add emergency contacts that will have access to your account if necessary (you can revoke access at any time and they can only access your account after a certain waiting period).
LastPass also has a security challenge feature, where it analyzes all your passwords and gives you a rating based on how complex they are, if they're used on multiple sites, etc. To give an incentive to security experts, LastPass has a bug hunter program that rewards those who find vulnerabilities in their software and report them to LastPass.
LastPass has a free plan and some premium plans, including one for families and another one for businesses. Right now, I'm using the free plan because it has basically everything I need.
Whenever possible, activate two-factor authentication or 2FA. You will then receive a notification on your phone (through an app or SMS) with a code that you'll have to enter on the login page of the account you want to access. I really recommend this option, since even if a hacker got access to one of your passwords, it would be unusable unless the hacker also has your phone.
But what if you don't have access to your phone and need to use a website where you've enabled two-factor authentication? No need to panic! Usually, websites that allow this type of authentication also allow you to download a file with authentication codes in case you lose access to your phone or don't have any Internet. Just make sure you don't give it a very obvious name when saving it like "pleaselookatmypasswords.txt".
Also, if your device allows fingerprint authentication, make sure you use it. It is easy to set up and can save you some hassle. The best way to keep your accounts safe is to use a combination of the above methods.