We can probably all agree that the password system, as it stands today, just isn't working. With the constant security breaches in the headlines, we're told regularly to beef up our passwords. But even if we know how to make strong passwords, it's a pain to keep track of them all between every bank account, retailer and app demanding its own unique log-in.
So how can you escape password hell? Or at least snap out of your apathy before a hacker steals your information? We've ranked your options from the most low-maintenance to the most rigorous -- for people who want to go the extra mile.
None of the following suggestions are perfect, by any means -- just tips for staying sane in a crazy system. But it turns out that there are some surprisingly easy solutions for this very modern problem. And whatever you do, remember: Anything is safer than using the same password over and over again. Even if it's a really good one.
Easy (aka, lazy) methods
1. Write them down.
Alright. This might sound crazy right off the bat. But one really easy way to keep track of your passwords is to write them down -- on paper. Yes, conventional wisdom has said for years that that's a bad idea, and you're in huge trouble if you lose your list. But with so many accounts to juggle nowadays, chances are that you'll be tempted to reuse your passwords if you can't remember all of them. So, writing them down isn't so nutty.
Ideally, you should memorize your most important passwords. But even security expert Bruce Schneier has recommended writing down passwords and treating that list like you would any other valuable document, which is to say with a high degree of security -- no sticky notes on your monitor that say "conglomeratebank.com: jdoe/password123."
As illustrated above, there are definitely bad ways to do this. Getting into an account normally means having to know three things: the location of the account, a username and a password. If you can manage it, don't put all three of these pieces of information in the same place. Similarly, don't do silly things like keeping your bank account password next to a credit or debit card that has your bank's name on it.
What if you want to write everything on a spreadsheet stored on your computer? The same rules and risks apply. And if you want to put that file in the cloud, the stakes are even higher. A cloud spreadsheet is not the place for your most sensitive accounts. If you must do this, confine your cloud spreadsheet to the accounts you would be reasonably okay with getting hacked. And at a minimum, name the file something other than "Passwords."
2. Rely on a major company such as Facebook, Twitter or Google to log-in.
Another easy option is to place your faith in a company like Google, Facebook or Twitter and use their networks to log in to other sites whenever possible. You know those "Log in with Facebook" buttons?
That's what we're talking about here. It won't work for every site, but social network log-in is widespread enough that it could definitely cut down the amount of passwords you have. If you do opt for this method, though, make sure that the password you use for your social network of choice is rock-solid.
3. Reset your password -- every time.
And finally, one simple -- admittedly inconvenient -- method is to go through the "Forgot your password?" spiel each time you log into some sites. That's too much of a pain for sites you use frequently, such as your e-mail or your bank. But it's not a bad fallback strategy for those services you use less often and are most likely to forget anyway -- such as the account you made at a retailer's Web site to get free shipping that one time.
1. Password managers
There are a number of services that will help you manage your passwords, such as 1Password, LastPass or Dashlane, though you'll have to pay a fee for some features. These services all differ slightly but work on the same basic principle: Each is an online storage locker of your passwords, all hidden behind a single password that only you know (meaning you can't recover your master password from anywhere but your brain). Password managers also offer other perks, such as a place to store secure notes, credit card numbers or information for filling in Web sites. You just have to install the programs into your Web browsers to record your login information as you surf.
Password managers are convenient, and will even randomly generate strong passwords, such as "eG7nIs0daud3Taw," for your accounts and then remember those crazy things for you in their vaults. To access your various passwords as you surf, all you have to do is click on a handy button on your browser and choose which account you need to fill in your information.
Each has its strengths and weaknesses. Dashlane is probably the easiest to use and the prettiest to look at. LastPass is compatible with a wide range of devices. And 1Password is comprehensive but expensive.
How much do they cost? 1Password has a one-time $50 cost for Mac or Windows, $18 for iOS and $10 for a full version of the app on Android devices. LastPass and Dashlane are free, but if you want to sync across multiple devices -- say your cellphone and your computer -- you'll need to upgrade to the premium versions. LastPass costs $12 a year; Dashlane costs $30 a year.
The two main downsides to password managers are that one, yes, you're still storing everything in one place and depending heavily on that service's security. And second, you're helpless if you don't have access to your locker for some reason -- for example, if your employer doesn't let you download software onto your work computer.
2. Isolate your information.
Not that into paying? Another option is to create an e-mail account that's linked to just your most sensitive online accounts -- financial accounts, namely -- and don't use it for anything else. The fewer ways that criminals can link your various accounts to build a profile of you, the better. Having a separate e-mail account makes it harder for criminals to connect the dots they need to crack security questions, like those that ask for your maiden name or your pets' name. So maybe they won't figure out that the Judy Smith whose banking password they just obtained is the same as the Judy Smith who lists her maiden name and pets' names in her Facebook profile.
Got a tip to share? Have a tech problem and need advice? Drop me a line at firstname.lastname@example.org