Many arbitrary holidays exist (Tin Can Day, anyone?) but World Password Day is one that the PCWorld Staff fully supports. We’re all for ditching weak passwords—especially when shoring up your security takes only a little effort.
Follow these three easy suggestions and you’ll thank yourself for years to come. Not only will data breaches and hackers stop being immediate threats, but you won’t have to scramble to remember a collection of user name and passwords.
You shouldn’t have an issue finding a password manager that suits you, either. Want something that integrates seamlessly with your phone or browser? Google, Apple, and Firefox’s password managers are basic but solid. Hate the idea of all your passwords sitting in the cloud? Try KeePass or one of its variants. Need support for advanced two-factor authentication methods, like a YubiKey? Many paid services include it.
Paying for a good solution isn’t always necessary, however, as you’ll see when going over our lists of the best paid password managers and the best free password managers. The kinds of features that unlock when paying for services are helpful indeed, especially if you’re using multiple devices or want to secure the passwords of multiple people, but they don’t tend to be absolutely vital otherwise. That said, our go-to solution—LastPass—makes managing passwords dead simple and only costs $36 per year, or about $3 per month. It’s money well spent for the added security (and the extra polish).
And don’t worry if you try one service and don’t like it. Exporting and importing password databases is simple.
Use strong, unique passwords for everything
Terahash / Twitter
Even websites that barely register in your memory deserve a strong, unique password. If you’ve left behind traces of personal information—or financial information, like stored credit card info—unauthorized access to your account could lead to future headaches.
Normally, remembering a strong, random, and unique password for every place you visit on the internet would be a pain in the rear. These days, it seems like everything requires a login. But with a password manager (which of course you’ve just set up!), you no longer have that responsibility. So long as you have the browser extension or app installed on your phone, you can let it choose a password for you. Just tell it how many characters in length and what mix of them. (Security experts currently recommend 24 characters in length, randomly generated with numbers, letters, and special characters.) The fun part is that because you don’t have to memorize each password yourself, long and complex strings aren’t a hassle.
If you want to really level up your login security, you can also use strong, unique user names, too. With a password manager tracking everything, being randominternetuser13960 on one site, ithurtstomove4582 on another, and pizzadaze2259 on a third is a cinch. Have to use an email address for your login? Gmail and some other email providers let you create aliases by adding a plus sign (+) and phrase after your account name. So for example, you could use email@example.com to distinguish that particular site.
Enable two-factor authentication, too
We hate to say it, but these days, strong passwords alone aren’t enough to ward off threats. Data breaches happen, and so do moments of being caught off-guard by phishing attempts.
Two-factor authentication adds another layer to your login process. Instead of having immediate access to your account upon entering your user name and password, you’ll have to input more information and pass another security check before access is granted. (You can read more about how 2FA works in our explainer, which also gives more details on the common forms available.)
Like using a password manager, two-factor authentication doesn’t have to be a cumbersome addition to your login process. Apps like Authy and Aegis make accessing your 2FA codes on multiple devices simple, and support easy security measures like biometric authentication to protect those codes from prying eyes.
We of course recommend enabling two-factor authentication on as many accounts as possible, but at minimum, do it for major accounts like email and financial services—places with info that could wreak havoc on your life if someone else got unauthorized access. Also consider protecting your Amazon, social media, Steam, and work accounts (and their info ripe for use in social engineering) in this way, too.
For sites that don’t have two-factor authentication—which sadly includes a large number of e-commerce sites—you can help limit damage from unauthorized account access by not leaving your credit card information or address on file.
There’s more you can do, of course—and it’s also easy
All set up with your password manager and two-factor authentication, and feeling primed to go even further? Learning more of the ins and outs of your password manager will help integrate it into your life even more seamlessly. Installing your service’s companion smartphone app and browser extension is just a starting point—check out our guide on how to make most of your password manager for more tips. You can also have a look at our story about 5 easy tasks that supercharge your security. If you’ve followed this article’s advice, you’re already more than halfway there!