Your password is the first layer of defense when it comes to your accounts. Think of all the accounts you have created since you made your first email address. Can you remember all your logins?
It's simply not practical to have to remember tons of passwords, nor is it safe to use one password for everything. So how exactly do you properly manage all your digital credentials, usernames and passwords?
First, let's take a look at what NOT to do when it comes to your passwords (which a lot of you reading this are most likely guilty of doing):
DO NOT use the same password for everything.
DO NOT share your passwords or give access to anyone claiming to need it to help you in any scenario; no company or helpdesk will ever need your login information to access anything since they are the provider of the service to begin with.
DO NOT write your passwords on sticky notes, notebooks or digital documents that are not properly encrypted. If written passwords are lost or stolen your security is immediately compromised.
AVOID the answer to security questions being the actual answer; these answers may sometimes be public information so it is best to have a secondary strong unique password as the answer to security questions instead (ex. what was the name of your first dog? answer: 54ff##!!).
REMEMBER if you receive an email, text message or private message telling you to click on a link to secure your account, access your account, or provide a code, you should never entertain it and instead go directly to the source (ex. if Chase or Amazon calls, texts or emails you about a transaction you supposably did then you should go directly to the Chase or Amazon website yourself to verify if its true instead of entertaining any links or requests in the message they supposably sent you).
So, what is the best way to manage all that digital clutter?
A password manager.
A password manager can generate strong, unique, random passwords for all your accounts. Reputable password managers also helps manage these passwords in an encrypted vault, which is different then an Excel document sitting on your computer that you keep manually updating and painstakingly accessing. It is important to keep in mind that there are many password managers available, but there are ones that we recommend specifically.
For example, if you are using LastPass, we highly recommend immediately changing password managers along with changing all your credentials. LastPass has been involved in multiple data breaches in the past causing sensitive customer usernames and passwords to be leaked. This is another reason that in general we do not recommend saving seed phrases, private keys, or multi-factor backup codes in any digital format. There have been reports that users have had their assets drained and it may have been due to them storing their keys or backup codes among the data that was involved in the LastPass breach.
The password manager we recommend is BitWarden. It's free, open-source, and allows you to self-host your credentials as an option unlike LastPass. This way you are not relying on a third party to manage your data and the only variable that can compromise you is yourself. BitWarden is available for multiple operating systems and devices, making it easy to access your usernames and passwords when logging into your accounts.
A good way to transition from your current method of managing your passwords to a password manager like BitWarden is to take a day to sit down, think of all the accounts you have created over time, purge and delete any you no longer use, then for the ones you do use add them to the password manager and change your password to a random strong unique password for each account you add. This way moving forward you now have a default step whenever you create a new account; use your password manager to manage it for you. You will feel a lot better the next day knowing you have a secure first line of defense for all your accounts.
It is a common misconception that you have to change your passwords for all your accounts periodically. Think of how impractical that would be to do that for hundreds of accounts. Instead, with the methods we have already outlined above, you should at least change the password for what you consider a "primary account", like your main email addresses or main social profiles, at least once a year.
When you use any service such as an e-commerce website, social network, or anywhere you have provided your login information or data, it is important to remember you are putting a level of trust into the provider to keep your data safe. Unfortunately, these providers sometimes end up having security breaches. This has happened with most major companies in the past, including Apple, Microsoft, Amazon and Google.
Thankfully, there is a free tool called PenTester which allows you to see if your email address has been associated with any data leaks on the dark web. The information you will see may potentially be passwords you have used in the past (and are hopefully still not using), your phone number, address and potentially other data tied to you.
Keep in mind this data is available for others to see, so it is important to mitigate any leaks you were involved in, for example changing the password that you may have not changed yet that is exposed.
It should be clear that trying to remember all your passwords, using the same password or a rendition of it for every account then constantly having to reset it, or writing your passwords down is just not a practical or enjoyable process.
The solution of course is a password manager that is open-source and self-hostable, like BitWarden, which manages strong randomly generated passwords for all your accounts.
It is also important to stay vigilant by employing an additional layer of security to your accounts, like a 2-factor authenticator, and to occasionally check if you have been involved in any data breaches by using services like PenTester.
Following these recommendations will keep your credentials, usernames, and password management for your accounts easy and secure!