Let’s be honest, you’re either using the password your parents set for you when you were 12 for your Roblox account, or you’re creating them based on those same archaic rules. If that sounds like you, it’s time to level up your password game. Here are some tips to make sure your passwords, and their associated accounts, are as secure as possible.

1. Use a Password Manager

If you’re not using a password manager, you likely find yourself in either of two camps: you use the same password for every account (potentially with some minor variations), or you use a different password for every account, but you can’t remember any of them. Both of these scenarios are problematic. The former is a security risk, and the latter is a usability nightmare. A password manager solves both of these problems.

What is a Password Manager?

Alright, before I ✨force✨ my favorite password manager down your throat, let’s talk about what a password manager is.

Have you ever used your dad’s not passwords notebook to sign up on Club Penguin with his email? Well, that’s a password manager, although not a very good one, considering you had about 10 puffles and a membership some weeks later.

At its core, a password manager is a medium that stores all your passwords in one place. However, unlike your dad’s notebook, the password managers we’re talking about are secure, encrypted, and accessible across all your devices.

The Zoomers’ “Not Passwords” Notebook

Don’t be like your dad. Use a password manager. Here’s why:

• Security: Password managers use encryption to store your passwords, making them much more secure than your dad’s notebook.
• Convenience: You only need to remember one password to access all your other passwords.
• Cross-Device Access: You can access your passwords from any device, anywhere, not just your dad’s desk drawer.
• Password Generation: Most password managers can generate strong, unique passwords for you, so you don’t have to think of them yourself.
• Auto-Fill: Password managers can auto-fill your passwords for you, so you don’t have to remember them or type them out.
• Password Sharing: You can share passwords with other people securely, without having to send them in plain text; making it just that much easier to share your N**flix account with your friends and family.
• and more!

A Password Manager to Rule Them All

I hear you, there are a lot of password managers out there, and it can be overwhelming to choose one. Unfortunately, I have only used one password manager that I can recommend, but I’ll list a few others that are recognized in the industry.

Bitwarden

Bitwarden is a free and open-source password manager that sets the standard for what a password manager should be. It’s secure, easy to use, and has all the features you need. On top of that, they have some of the best security practices I have witnessed from any company in the world. They also have a premium plan that’s only $10 US a year, which is a steal for the features you get. If you’d rather get their family plan, it’s only $40 US a year, and you can share it with up to 6 people (that’s much less than 6 N**flix subscriptions). I use Bitwarden, and I have a very hard time recommending anything else.

Bitwarden’s Unique features

• Open Source: You can see the code that runs Bitwarden, so you can vet them yourself.
• Authenticator: Bitwarden has a built-in authenticator, so you can use it for multi-factor authentication as well.
• Audited: Bitwarden has been audited by third-party security firms, and they’ve passed with flying colors¹.
• Self-Hosted: You can host Bitwarden on your own server if you’re a tech-savvy person.

ProtonPass

Like Bitwarden, ProtonPass is an open-source password manager from the same company that brought you ProtonMail (a topic for another day). It has all the features you need, and seemlessly integrates with the rest of the Proton suite. They also have a premium plan that’s only $23.88 US a year. I haven’t used ProtonPass, but I trust ProtonMail and the people behind it.

ProtonPass’ Unique features

• Open Source: You can see the code that runs ProtonPass, so you know it’s secure.
• Hide-my-Email Aliases: You can create aliases for your email address, so you don’t have to give out your real email address to sign up for things.
• Authenticator: ProtonPass has a built-in authenticator, so you can use it for two-factor authentication as well.
• Vault Sharing: You can share your vault with up to 3 people (10 on the premium plan), so you can share your N**flix account with your friends and family.

1Password

1Password is a well-known password manager that’s been around for a long time. It’s developed by a Canadian company (🍁🍁🍁CANADA MENTIONED🍁🍁🍁), and their latest commercials features Tommy Wiseau (make of that what you will). They don’t have a free plan; their pricing starts at $35.88 US. For those interested in a family plan, the cost rises to $59.88 US.

1Password’s Unique features

• Security Score: 1Password gives you a security score, so you can see how secure your passwords are, and stay aware of breaches that affect the sites you use.
• Sharing: You can share passwords with other people securely, without having to send them in plain text.
• Longevity: 1Password has been around for a long time, and they have a good reputation in the industry.

Done? Good

You should be all set to choose a password manager now. If you’re not, I’m sorry, but I can’t help you. I’ve given you all the information I have, and I’m not going to hold your hand through this (although, maybe, if you don’t mind, I could (*ﾉωﾉ)).

>me trying to find my Roblox password

2. Unique Password for Each Account

I hope you didn’t think that simply using a password manager was enough. If you did, I’m sorry, but you’re wrong.

You also need to use a unique password for each account. If you’re using the same password for every account, you’re putting yourself at risk. If one of your accounts is compromised, all of your accounts are compromised.

Thankfully, a password manager makes this easy. You don’t have to remember all your passwords, so you can make them as complex and unique as you want. Password managers can auto-fill your credentials for you by storing the specific authentication URL of the site you’re using, your username, security questions, and any other information you need to log in.

3. Unlearn the Old Rules

Well, we’ve all been forced to do it, but it’s time to unlearn the archaic rules perpetrated by out-of-touch IT departments and security experts. You know the ones I’m talking about:

The Old Rules

• Change your password every 90 days: This is a terrible rule. It’s been proven to be a terrible rule. It’s a terrible rule. Stop doing it.
• Use special characters: You don’t need to use special characters. You don’t need to use numbers. You don’t need to use uppercase letters. You don’t need to use lowercase letters. You don’t need to use any of these things. You need to use a long password. That’s it. That’s all you need to do. Stop making your passwords hard to remember. Start making them long.
• Maximum password length: Properly, what the heck kind of rule is this? Maximum 8, 12, 20 characters? Genuinely, wtf is wrong with you people (shame on you Government Services)?

With these rules, you’re more likely to use a weak password, that won’t even be memorable. Think of it this way: between a genuinely random 8 character password (like k6!y*4A5), and a genuninely random 4 word passphrase (like Wistful-Revolt-Manhood-September), which is harder to memorize? You can think of that question for a little bit, but I’ll tell you which one is easier to crack: the 8 character password.

Here’s a great comic from xkcd that explains this concept perfectly:

The New Rules

If not those rules, then what? Well, here are the new password commandments:

• Use a long password: The longer the better. 12 characters is a good start, but 16 is better, and 20 is even better. If you can put it into your password manager, just generate a max length password of random characters, and you’re set. If you can’t, then use a passphrase. A passphrase is a sentence that you can remember, but no one else can guess. For example, Taco-Dolphins-Evaporate is a good passphrase. It’s long, randomly generated (this is important as, I-Love-Pizza isn’t a good password despite being 12 characters long), and it’s easy to remember (just imagine tacos jumping through the sea as if they were dolphins, while their friends are evaporating).
• Reset only when necessary: If you think your password has been compromised, then reset it. If you’re not sure, then don’t. If you’re forced to reset your password too often, then you’re more likely to use a weak password, and you’re more likely to write it down.

Hopefully, you’re starting to see the pattern here. The new rules are simple, and to follow. They’re also more secure, and easier to remember. It’s a win all around.

4. Enable Multi-Factor Authentication

So you have a based unique, long, and secure password for every account. That’s great, but it’s not perfect. As you will quickly come to learn, nothing in cybersecurity is perfect. That’s why you should enable multi-factor authentication (MFA) on every account that supports it.

Thankfully for you, since I know for a fact that you chose Bitwarden as your password manager (right? you chose Bitwarden, yes? hope you’re not letting me down here), you can store your Temporary One-Time Passwords (TOTP) in Bitwarden (or most other password managers to be honest). This means that you can use Bitwarden as your authenticator, allowing for a seamless authentication flow.

For particularly sensitive accounts, you should also consider using a hardware security key, like a YubiKey. This is the most secure form of MFA, and it’s the most secure way to protect your accounts.

5. Stay Aware of Data Breaches

Unless you live under a rock, you’ve probably heard of at least 1 major data breach just in the last year. If you haven’t, then I’m sorry to be the one to tell you, but you’re probably part of a major data breach. It’s not your fault, it’s just the way things are. The best thing you can do is to stay aware of data breaches, and take action when they happen.

Have I Been Pwned?

There are many breaches, but how do you know if you’re part of one? Well, you can use a service like Have I Been Pwned’s “Notify Me”. This service will notify you if your email address is part of a data breach. If you’re part of a breach, then you should look into what information has been compromised, and take actions to secure your accounts. Changing your password is a good start.

Conclusion

Hopefully, you’ve learned something from this article. Now it’s time for you to spread your wings and fly. Go out there and secure your accounts. Use a password manager, use unique passwords, unlearn the old rules, enable multi-factor authentication, and stay aware of data breaches. If you do all of these things, then you might just have what it takes kid.

Footnotes

1. Bitwarden Security Audit ↩