Andy Newman

Passwords, passwords, passwords. Right now you're probably thinking, "Please don't tell me to make all my passwords unique, or to change them every three months!" We know it can be a pain, but it's very important. A lot of people really are still [using passwords like password or 123456](http://www.usatoday.com/story/tech/2015/01/20/worst-passwords/22056847/), and we want to change that.

So we're here to tell you, again: Password security matters. And it doesn't have to be a major headache to manage.

### Why this matters

Weak passwords are one of the most common entry points for malicious people on the internet. What’s worse, when people gain access to your email, they can do things like search your message history to see where you have accounts. With that knowledge in hand, they can access nearly everything using the password reset tool on most sites.

If that’s not enough to convince you this matters, you should know that [some entry points are out of your control](http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/). Don’t stress too much yet - this just means you should take precautions to strengthen your security in the places you can control.

### Best practices

![two-factor authentication](//images.contentful.com/zu7c0c50e24k/1acDUUWZukSS6Ey0suGokS/1634eecba68393d3ebe01615a76be0a2/two-factor.jpg)

There are [many ways to have a secure password](http://krebsonsecurity.com/password-dos-and-donts/). We suggest you find what works for you, but here are a few tips: 

- **Don't use passwords that are easy to guess.** Yep, this includes the name of a partner, child, or pet. If you post pictures of your dog Skip all day, and your password is Skip123, it's not too hard to crack.
- **Use a passphrase instead of a password.** A short phrase can be easier to remember and a lot more secure than a random word and collection of characters. Come up with some unique misspellings and substitute characters or numbers for letters for increased security. Better yet, you can develop a phrase you can remember, and slightly alter for each service you use. For example, _i-lov3-wtchng-F00tbll!_ is way more secure than _football2017_.
- **When an option, use two-factor authentication.** This requires you to use special one-time-only codes _and_ your password to log in to your account, so only a person with access to your password and your phone (or private codes that you have stored somewhere safe) can get to your information.
- **Use a password manager.** This makes using complex passwords a breeze.

### How to make it easier

![password vault](//images.contentful.com/zu7c0c50e24k/dTUPutRSwwYuqqQo6W0Yu/97b5107d1a907012a8676ddeb849f5ab/vault.jpg)

Install a password manager like [1Password](https://agilebits.com/onepassword), [LastPass](https://lastpass.com), or [Dashlane](https://www.dashlane.com) on all your devices, and make it part of your daily routine.

Using a password manager means you only have to remember one “master password” - a super strong password that logs you into your “vault” of passwords - and from there you leave the heavy lifting up to the app. Because it lives digitally on your computer and mobile devices, you have instant access to all your passwords no matter where you are.

Did we mention that it's also infinitely better than a password written on a yellow sticky note?

### Do your best

The bad news is that high profile information breaches aren’t going away. When sneaky people want information they aren’t supposed to have, they’ll eventually find a way to get it.

But there is good news! Once you get past a few initial hurdles, like setting up a password manager and getting in the habit of using complex passwords, you can rest easy knowing that a break-in on one site doesn’t have to spell disaster for you. Being secure means that if a company has a security breach tomorrow, you don’t have to rush to your computer to change passwords on every single service you use.

Take a deep breath, and do your best. A few small steps today towards a more secure online presence will go a long way.

Four Best Practices to Keep Your Password Secure