Passwords are one of the most important parts of staying safe on the web, and it is an area where most people are doing it wrong.
One: Use a Password Manager
You should not be using the same password on multiple sites, your passwords should be long, they should be random, and they should be updated at least a few times a year.
In order to do that, you are not keeping them all in your head (unless you really don’t use the internet much). The only way to handle this is using a password manager.
Password managers can be standalone applications or, as is more often the case in the mult-device world we live in, they offer some sort of sync solution to securely synchronize your passwords across your phone, tablet, laptop, etc. Key features include the ability to generate random passwords, alert you to weak or duplicate passwords, and show you how long it has been since you last updated a given password.
There are a number of password managers out there, some commercial, some open source. Most have clients on all the major Operating Systems / Devices. But do make sure it meets all of your device needs before choosing.
Two of the most popular solutions are:
Two: Use Two-Factor Authentication
Many will be familiar with two-factor authentication from their company’s vpn, or possibly from their bank. Basically, two-factor means adding something you have (a hardware token, or mobile phone) to the requirement of something you know (your password).
This makes it highly difficult for someone to hack your account. Even if the bad guys guess your password (or manage to steal it through some other means) they cannot access your account without the second factor (a code generated by a hardware or software token generator, or the device you registered to get a text message with a code.
Google provides free authenticator app which is compatible with many services including their own. 1Password also has built in support.
Some of the common services that support two factor authentication are:
Three: Be Careful Where You Type Your Password
Phishing (https://en.wikipedia.org/wiki/Phishing) attacks can be very convincing. To stay safe, don’t enter your password based on a link you clicked in an email or website.
If you get a notice from Facebook, log directly into facebook.com manually. The link in an email may take you to what looks like the given site, but actually be a carefully crafted forgery to capture your account.
Until a better solution comes along, your online world is secured by passwords. Make sure you take care of them.