Gone are the blissful days when you only have to remember the four-digit PIN or alarm code. Now that we live increasingly digitally, everything needs a password – and a complex one at that. Whether you’re trying to order groceries for delivery or schedule a medical appointment through an online portal, a password protects your personal information and keeps you securely connected to the online world.
As important as passwords are, password memory loss is a near-universal condition. “I’ve forgotten a lot of passwords because different applications have different password conditions,” says 68-year-old Texas resident Bruce Krutt. After forgetting passwords for financial accounts more than once, Krutt looked for a secure way to manage his login credentials. He also honed his skills with a technology course at The Senior Source in Dallas, where password management best practices are part of the curriculum.
We consulted Jean Aponte, one of the technology instructors at The Senior Source, about what makes passwords strong and how to keep them secure.
Start with strong passwords
A strong password is your first line of defense when it comes to navigating online. First and foremost: never use the same password twice. Then there is the content of your password. It may be tempting to use names, dates of birth, or other easy-to-remember details, but this is risky. “I advise [students] not use personal information, birthdays, the names of their relatives or anniversaries, things they can remember [are] very easy to guess,” says Aponte. If it’s something that hackers can guess – or deduce from other sources, like your posts on Facebook – your accounts are much more likely to be compromised. Instead, Aponte recommends a random word and a combination of upper and lower case letters, symbols and numbers.
A 16-character password provides a high level of strength, but length is not the only factor in password security; the combination of characters is also important. Make sure the characters you string together are random and do not contain repeating patterns, phrases, or words.
Of course, long, random passwords are not easy to remember. But as you might imagine, there’s an app for that.
Keep your passwords secure
While it may seem like a good idea to write down your passwords on a piece of paper, it can be easy to lose your list. Instead, Aponte recommends two methods: a password manager or a secure note saved to your smartphone.
A password manager is a digital tool that securely stores usernames and passwords for your accounts. The advantage of this tool is that you only need to remember one master password to unlock an index of all your other passwords. Aponte’s technology class uses the 1Password platform as an example, but there are others such as Bitwarden, Keeper and many more.
In addition to securely storing all your passwords in a digital space, a password manager may have an autofill feature that allows the secure password to populate a login page with your username and password. This means that you do not have to manually enter your login details every time; the password manager will do it for you. Some password managers also offer a username and password generator to help you come up with long, unique, and hard-to-guess login credentials.
Even with a password manager, you need to remember your master password. If you forget, there are some things you can do to recover your account and you may have to start over by resetting all your passwords on other sites. Some managers, including 1Password, offer a feature that allows other users within a family to help recover a forgotten master password, so consider a shared plan.
If you’re using an iPhone and prefer a written list of passwords, Aponte says you can use the lock feature of your Notes app. You’ll still need to remember a master password to unlock the note where you save your list, but this may be more accessible for someone who wants to improve their password security without learning a new application or system. (If you’re an Android user, check to see if your phone’s note-taking program offers similar protection.)
Some browsers and devices come with integrated systems, such as iCloud Keychain or Google Password Manager, that store your login information and auto-fill login fields. While these systems are useful on one device or in one browser, keep in mind that a dedicated password manager will be consistent across multiple devices (for example, your smartphone and your laptop) and provide additional layers of security.
Use two-factor authentication and other security measures
Two-factor authentication – which requires you to use both a password and a second key, typically sent to you via text message, over the phone, or via an authentication app – provides an extra layer of security. While two-factor authentication may not be available for every online account, you should have the option for email, online banking, social media, and other important accounts. You can usually enable this when setting up your account, or if you want to add it to an existing account, check your security settings to see if it’s offered.
In addition, Aponte advises internet users to think before creating an account on various websites. Check out online reviews, look for “https” before a URL (the “s” indicates “safe”), and even read the “About” page to determine if the site is credible. When browsing the Internet, look for deals that are too good to be true or errors that could indicate a scam (for example, phishing emails often contain misspelled words). Don’t create an account or enter personal information on a site that looks suspicious.
