Passwords are annoying, let's face it: a necessary evil to keep us safe. None of us want to deal with these pesky little critters, but they are an inescapable part of online life. Things will change in the future – as a new, passwordless reality blossoms and password keys evolve. But for now, traditionally typed passwords remain widespread and need to be tamed.
There are simple ways to deal with passwords, some of which are terrible. Like having ridiculously simple passwords that are easy to guess. Or you can “remember” them by writing them all down in a notebook, where a curious person can find them and gain access to your online accounts, if they are of a nefarious nature.
Of course I don't do that – I abandon the very thought – I use mnemonics to make passwords complex enough, yet memorable, so that they don't have to be written down. But even that isn't an ideal way to deal with passwords, so I have some (admittedly boring) New Year's resolutions to vastly improve my relationship with passwords and my overall online security.
Take the plunge with a password manager
This is the mainstay of my reformed relationship with passwords – yes, getting someone else to do them. Or rather: get something otherwise to make them in the form of an application.
Password management software automatically generates passwords for all online accounts without me having to lift a finger. These are also incredibly secure passwords: long strings of nonsense that I would have no chance of remembering.
Taking the plunge with a password manager is something that has been on my computing to-do list for quite some time, and one of those things that I simply haven't gotten around to. Mainly because it seems easier to keep going, as I have been doing for a long time (I had a PC before the world wide web even existed). So 2024 is the year it's going to happen, and I'll be giving up my old system for an easier and more secure way of dealing with passwords.
Which password manager will I work with? After weighing the pros and cons of the different options available, I narrowed it down to Dashlane or NordPass – but ultimately the latter won out. Why? NordPass scored with its broad multi-platform support, regular updates – and plentiful features – not to mention the fact that it represents a great value proposition.
It's also the highest-ranked product in our roundup of the best password managers, so comes with the Ny Breaking seal of approval (and a deal to make it even more affordable, it should be noted). By the way, for those looking for the best freebie option, check out the best free password managers.
2FA achievement completed
3 tips to avoid the worst password pitfalls
1. Never use stupid, simple passwords
“Password” isn't a good password, just like a riot shield is kind of pointless if it's made of tissue paper. Choose a complex password with a good mix of characters and a mnemonic to help you remember it (or better yet, use a password manager).
2. Don't reuse passwords
Never use the same password for multiple online accounts. It may seem tempting to do this for easy recall, but if a hacker or anyone else gets their hands on that password, they could obviously gain access to more than one of your services.
3. Don't keep the same password forever
You don't need to change a particular password often, but it's worth doing so every now and then. Especially if a company you have an account with has a data breach, it's a good preventive move to simply change your password even before you're notified if you've been affected.
Of course, getting a password manager isn't necessarily bulletproof. What if that company or their systems are somehow compromised? It is very unlikely that this will happen with a reputable supplier, but it has happened in the past.
Either way, a robust approach to security doesn't rely on a single solution, and 2FA (two-factor authentication) is a seriously valuable addition as a second line of defense to back up passwords. This often takes the form of a code sent to your phone or emailed after you first log into an account.
My problem in this department is that I haven't enabled 2FA on all my online accounts yet. I do have it running on the major services, mind you, but I need to go through my range of different online accounts, check where it's supported (in theory, on most major sites and services) and implement it, if 2FA isn't. already active.
Much like migrating to a password manager, this is something I've been meaning to do for a while now – and it's been in the back of my mind all along as a task I really need to pay attention to. In most cases, it's simply a matter of going to my account > settings > security (or some variation of that process) and enabling two-factor authentication. So I'll get it done and check one more little thing off my 2024 password blues list.
Biometric bonus
As I work through password security issues, my ultimate solution is to actually leverage biometrics whenever possible. Until recently I used a hardware token to log into my online banking, but I have since switched to using the fingerprint sensor on my phone (via the bank's app). It's a much easier and more secure way to log in, and wherever there is the option to log in with a fingerprint, I decided to switch to that.
One more point on this topic: while I wasn't initially convinced by the technology, I now love the Windows Hello sign-in on my Surface Pro tablet – it has gotten better over time and now works pretty much flawlessly, even in different lighting conditions.
I'd strongly advise using facial recognition, fingerprints or other biometrics wherever you can enable them, which is usually a matter of exploring an app's settings for security options that can enable hardware like fingerprint sensors. None of this is really fun, but you'll enter 2024 feeling all the more secure and smug for it.