What: Stop kidding yourself that you only re-use passwords on accounts that don’t matter, or that you have an unbreakable password scheme that no one else can guess. Every single thing with a password needs to have a unique password, shared with nothing else.
Why: Services get hacked, with entire databases of passwords published in the open. People get “phished”, tricked into entering their passwords into shady imitations of the sites they intended to visit. If this happens, you want to limit the damage, ensuring that only one site gets breached.
How: Unless you absolutely categorically have a reason not to…
2. Use a password manager
What: Software like LastPass (free) or 1Password ($2.99/month or $49), which will store your passwords, generate secure random ones for you, and sync them across multiple devices.
Why: If you can memorise all your passwords, you can almost guarantee that they aren’t varied enough to be secure. A password manager may feel like putting all your eggs in one basket, but it’s a padded secure basket kept up-to-date by the best minds in the basket business, and what you’re doing right now is more like juggling the eggs above your head while blindfolded.
How: Download the password manager, install it on your desktop (you can do mobile later), and start running it. You don’t even have to change your passwords all at once: the manager will notice when you log in, and ask you whether you want to save the new password. That should be your cue to create a new one.
Continue reading at The Guardian...