It’s 2020 and as usual, the list of the worst passwords of the previous year (2019) is released. The top 10 on the list are always the same: #1: 123456, #2: 123456789, #3: qwerty, #4: “password” (my personal favorite), #5: 1234567, #6: 12345678, #7: 12345, #8: iloveyou, #9: 111111, #10: 123123.
The trend you might detect from above is that they are all very basic and very easy to remember. They made the top 10 of the list for a reason; everyone knows them! They are the least secure passwords of all time. Using these and the rest on the list is like not using a password at all. I’m actually glad that most sites now require that you create passwords of a certain minimal length, include upper and lower case characters, at least one number and at least one symbol. This means that you’ll have to put a little more effort into the password you create and it may not be as easy to remember, but at least it will be a lot less guessable.
Someone guessing your password is only part of the problem
Honestly, in 2020 I imagine that most of you are creating passwords that aren’t as easily guessed as back in the day because the site requires you to add a few more characters and symbols. However, the bigger problem is that even if people use a complicated password, they tend to use the same one over and over again.
Big-name companies and sites get hacked every day! This means that firstname.lastname@example.org using the password “simple%Cat&liver1286” everywhere makes it easy for the hacker that broke into one site and got access to the password that no one would ever guess, to now try that password everywhere. They’ll try it with every banking site, every social media platform, every major shopping site, etc. If Jane used that password in more than one place, now her information is compromised on every site she used it on even if those other sites were never actually breached by a hack.
You can create better passwords that are easy to remember
For the most part, I don’t try to remember the vast majority of the passwords I use (you’ll see why in the next paragraph down). However, if I do need to create a password that I can remember the goal is to create one that I can remember that no one else would ever be able to guess. Here’s a tip: Pick two random words that have nothing to do with each other. For example, Cement and Salmon. Now add some numbers and symbols: Cement*Sa1m0n86. That’s a password that I can remember and no one would ever guess. While you may be tempted to just change the number and use that password, again and again, there’s a better way!
You need a password manager
No one expects you to create a unique password on every site you log into AND commit all those passwords to memory. That’s kind of impossible for most people. Many of you have realized this and decided to keep a list in a physical notebook or unsecured spreadsheet. Don’t do it! This is where a password manager comes in. Instead of having to remember every password, you only have to remember one. The one to get into the password manager.
My password manager of choice is 1Password. I’ve used 1Password for over a decade (no affiliation and no sponsorship, I just love the app). 1Password not only helped me manage my passwords, it actually helped me by creating random complicated passwords for every new login that I created since I first started using it.
1Password is an app for Mac OS, Windows, iOS, and Android. On Mac OS and iOS/iPadOS, it takes advantage of TouchID and FaceID for easier logins. It’s a subscription service that includes cloud syncing of all your passwords and login information. This way if you create a password on one device, that password is available to you on all devices. I couldn’t imagine life without it.
1Password is more than just a password manager
1Password does an amazing job of managing my passwords, but it’s so much more than that. It also manages my software serial numbers, credit cards, bank accounts, email accounts, secure notes, identities, passports, and more. It has browser extensions for all the popular web browsers so that when you get to a site that you need to log into (or create a password for) you can popup 1Password right within the browser. Families can create shared Vaults for passwords, etc. that you want to share across family members (the Netflix password comes to mind).
The Watchtower feature helps you by showing you which sites have been compromised, weak passwords, sites that offer 2FA (two-factor-authentication) that you could be using.
1Password is also a 2FA code generator
Another way to be more secure is to use Two Factor Authentication (2FA) whenever you can. This means that in addition to your user name and password, you’ll also need a temporary code to log in. Many sites will offer to text that code to your phone and it expires after a short time. That’s cool, but if you’re on a plane or somewhere where getting a text message isn’t convenient, then having an app that can generate the code is even better. Google makes an Authentication App, but 1Password is also one. If the site you want to use 2FA on also accepts a Generator app, then you’ll likely be able to use 1Password to give you those codes too.
Is it secure?
In a word yes. Your 1Password data is end-to-end encrypted to keep it safe at rest and in transit. Their security recipe starts with AES 256-bit encryption. To the best of my knowledge, they’ve never been breached and even if they were breached tomorrow the encryption keys are with you, not stored on their servers.
How much is it and are their free alternatives?
1Password for individuals starts are $2.99 a month. Families of five can get it for $4.99 a month, which is a steal. Family members can have their own private vaults as well as shared vaults. There are savings if you pay annually for the year.
However, if you want to go with a solution that doesn’t have a monthly subscription, they exist. While I LOVE 1Password, the point of this post is to get you to start using a password manager. If you’re on iOS you can try “Valt Password Manager” Valt is free and comes highly rated on the App Store. I haven’t used it personally, but it looks really good.
The Bottom Line
Stop using the same password everywhere. Don’t use passwords that are easily guessed. Don’t write your passwords down in a notebook next to your computer. Don’t put your passwords in an unsecured spreadsheet. Use a password manager so that you can have a different, complicated password for each login you use. 1Password is well worth the price of admission and my top recommendation. Check out 1Password here.