Passwords. Can’t live without ‘em, can’t remember more than a few. We’re all in the same boat, with numerous online accounts protected by passwords that must be entered repeatedly. Long ago, it might have been acceptable to have a single password that you augmented with a few numbers for your most important sites. Alas, that’s no longer even close to sufficient, now that the bad guys steal millions of passwords at a time, employ sophisticated hardware that can try over 350 billion passwords per second, and sell decrypted passwords on the black market. If you have a weak password on a site whose passwords are stolen, every other site on which you use the same password is vulnerable. That could result in your email account being used to send spam, or even having your online bank accounts drained. It’s dangerous out there.
The solution to this problem is that you must use a different strong password on every site. What’s a strong password? Put simply, it’s one that uses enough random letters, numbers, and punctuation characters to foil cracking hardware. The zxcvbn tool can show you how long it will take for any given password to be cracked: “password” is instant, “MYpass-word1” could take up to 5 hours, and “4I90dfsqO9GViD2D%@pvn” will take centuries.
But really, who could remember, or even type “4I90dfsqO9GViD2D%@pvn”? Your Mac or iPhone, that’s who! Passwords have moved from the realm of the human into that of the computer, and by far the best way to protect your online security in today’s world is to use a password manager. Apple provides a simple password manager called iCloud Keychain that’s available on the Mac (in System Preferences > iCloud) and iOS (in Settings > iCloud > Keychain) and syncs passwords between Apple devices. But iCloud Keychain works only in the Safari Web browser and has far fewer features than third-party apps, such as 1Password and LastPass.
Password managers offer three core features. They help you generate secure passwords, store them securely, and enter them automatically for you when you want to log in to a site. Instead of doing all that work manually, let an app do it for you in nearly all situations. Nearly all?
Even with a password manager, you need a few passwords that you can remember and type by hand. Most obviously, there’s the master password to your password manager itself: it’s the very definition of putting all your eggs in one basket! Then there’s your Apple ID password, which is necessary for iCloud, the iTunes Store, the App Store, Game Center, and more. Macs and iOS devices ask for your Apple ID password repeatedly, and it must be entered manually. For these passwords, go for a minimum of 12 characters—more if it’s not truly random—and try to reduce the number of keyboard switches for passwords that must be typed in iOS.
A lot more could be said on this topic, and much more has been said, so if you need more details, check out the ebook Take Control of Your Passwords. Regardless, please make sure you use different strong passwords for all your Internet accounts—the risk of identity or even financial theft is just too great these days.