Take a moment and think about how important your passwords are, and how little effort you are really willing to put into this part of your life. How much of your day do you waste looking at crap online? I bet a lot of those platforms use an account system. What if you couldn’t get into your account anymore?
WHAT WOULD YOU DO KILL YOURSELF I BET!
If you aren’t using a password manager then we both know that you are doing a bad job. Honestly.
You have one word and one number, maybe two, and the word you sometimes capitalize when required. Maybe you replace the “s” with a “$”. Very clever. Unless you have a photographic memory, or some serious notebook skills and spare time, you are not doing a good job managing your passwords. You may think your browser is handling that just fine, thank you, but you are wrong. Browser password managers are not very secure.
In a perfect world, where everyone enjoyed perfect #infosec by default, you would not need passwords. It is a stupid, annoying system. But it is the “best” we’ve come up with so far. Yes, there are biometric systems available, but those require additional hardware, and they have not gained widespread popularity. There is also the inherent problem of stolen thumbs for “forging” thumbprints, or the fact that you can now point a phone at a guy and unlock it with his face, even though that face may be saying “No! Don’t unlock my phone!”
I’m not going to compare all the different password managers. Plenty of better-researched articles out there. Here is one, if you are interested. I use LastPass. It works and it is free. It is a browser extension and a phone app that syncs between all my machines. I haven’t read of any huge vulnerabilities with it yet. I tried Dashlane for awhile but some of the features were only available with a paid account and I thought the interface was a little annoying. But I am a discerning and lazy customer. I just want to say how much this password management has changed my life. Seriously.
At this stage it probably matters less to your security which password manager you use than the fact that you do actually start using one. I don’t know a more important step you could take to secure your digital life, other than going offline completely. Which may not be the worst idea.
I got my first email account in, geez, 1997, maybe? I used the same couple of passwords (maybe with a number at the end or a capital letter) until about 2010. Then I started having to take things a little more seriously, partly because the password requirements on a lot of sites were becoming more strict, and partly because I felt bad about being a loser. Some of my contacts got spammed from my Gmail account once because somehow a bot had cracked my ingenious password. (In my defense, I don’t think I had a “$” instead of an “s” in that one.)
It is absolutely impossible for you to remove your information from the internet, at this point. After the stunning-yet-regular breaches like Equifax, and the countless others we rarely hear about, your data is a freely traded commodity on many markets, black, gray or otherwise. You will never be able to extricate or obfuscate that data, and if your identity is stolen the last thing you should be is surprised. Angry? Sure. But at this point you can safely assume your card numbers are out there, sitting in some file, waiting to be sold on the dark web. So is your Social Security number, your driver’s license info, medical records, mother’s maiden name, favorite pet’s first car, you name it.
If everything is out there, and we are all vulnerable, then the absolute least you can do for yourself is create strong, secure passwords that machines will have a hard time guessing. Use a password manager so you don’t have to write them down. Lastpass even has a cool auto-login feature so that when I got to, say, “amazon.com” it just inputs my username and password and signs me in. I don’t have to type. Sweet.
Honestly, it has changed my life. It is not 100% secure. It will surely come to reveal vulnerabilities. However, IT IS ONE LESS THING TO WORRY ABOUT! The older I get the more I appreciate small, stupid concerns being alleviated or dispensed with entirely. This is an easy win. I don’t have to remember passwords! That said, when Lastpass is hacked beyond repair and everyone has to reset their passwords for every goddamned site they use I may change my tune.
But for now I am the least-worried-about-passwords-dude there is. For now.