You’ve probably heard it before: “never write down your passwords. Use unique passwords for each website and memorize them.”
It’s great advice, but it’s not always easy. In 2022, the average person has between 70 and 80 passwords they need to keep track of! This can sometimes lead to people using easily-guessed passwords (like their birthday or pet names, things like that) or reusing passwords for multiple sites (if one site is hacked and the passwords stolen, hackers can see if the passwords work for other websites, too).
Fortunately, you have options for protecting your passwords and accounts. Here’s a few:
1. Use a password manager. A password manager is an app for your phone or computer that can securely store encrypted passwords so you don’t have to remember all of them. All you have to do is remember your password for the password manager, which you should make as strong as possible. This means you can use very strong and unique passwords for each website without having to remember each one.
2. Write them down. I know, right? You always here it- don’t write down your passwords. But this is where you need to decide which is safer for you. Remember that your online accounts can be attacked by anyone with an internet connection, but gaining access to a notebook or password sheet requires access to wherever it is placed. If you feel you can protect a sheet of paper and know you need to use strong and unique passwords, this might be an option.
3. Write them down, but know the secret. If you feel like writing down your password (and securing it) is an option for you, you can add an extra layer of security by changing the password from the actual one. For example, anyone looking at the password sheet wouldn’t know that you actually added an extra letter to the end. Or that you added 2 to all of the numbers in your password. By changing it, you can not only protect your accounts but you can also get an alert if someone tries to use it.
Whichever you choose, you should always turn on two-factor authentication. Two factor authentication (2fA) requires an additional measure to prove your identity prior to logging in. Sometimes, this can be an app, or it can even be a hardware token that must be present in order to log in. Using 2FA means that even if someone knows your username and password, they still can’t log in without you knowing.
Whatever password solution you choose, we recommend changing all your passwords at the same time if possible. This prevents anyone from leveraging their access to undo the work you’re doing to protect your accounts. And don’t forget to choose the option “log me out of other locations” whenever possible! If someone is in your account without permission, this will kick them out and make sure they can’t log in again.