Knowledge for the World

The only passwords you need to memorize

For most of your accounts, your password is the single line of defense against hackers. Some applications utilize two factor authentication, but most rely on the password alone. If you want to protect your accounts and your data, you must keep your passwords secure.

Most people use a single password for every account. This is wrong, and it will inevitably lead to one or more of your accounts getting hacked. You may have some accounts that you don't mind getting hacked, in this case feel free to use the shortest, easiest password you can remember. I recommend 'password' or '123456'. But for accounts you want to remain secure you need to use unique, secure passwords for each.

I contend that there are only two passwords you needs to remember - assuming you use the appropriate tools. This guide will show you how to secure your accounts and keep track of your passwords.

Password 1: Your device password

The first password you need to memorize is your device password. It may seem like a pain to enter your password every time you use your computer, but it is absolutely necessary. Password protecting your device protects you from theft. I've had many friends who've lost their computers and phones to theft. This is a real threat, and if it happens to you, you will be glad you password protected the device. A lot of your personal data can be gathered from an unprotected computer, but even more can be gathered from an unprotected phone. Most mobile applications assume that if you've been granted access to the operating system then you are authorized to use the app.

Different devices often have different rules for authentication. For instance, your phone will likely require a pin whereas your computer will require a password. For the sake of this guide, we will just assume that you are securing your computer. Pins are often four digits which mean they are easy to memorize and easy to hack. Although most mobile devices have a strict limit on how many failed attempts are allowed before the device is inaccessible. For that reason we will focus on passwords only.

Since we are securing your computer, you should use this computer to download a password manager. I recommend using 1Password. There are plenty of other great password managers as well - like LastPass. So after downloading your passowrd manager, go ahead and use it to generate a random password. For now, write this password down on a sheet of paper. Yes, I said a sheet of paper. It's wise to write down (and secure) these passwords because they are difficult to remember. After writing it down, change your user's password on your personal computer. You can save this password in your password manager as well, but unless your password manager is synced across multiple devices, you won't have access to it if you get locked out.

Password 2: Password Manager Password

As you go through the process of setting up your password manager, you will have the option to password protect your password manager. You should absolutely generate and set a secure password for your password manager. If someone gets a hold of your computer while you're away, or if you let someone borrow it, this will ensure won't be able to access any of your passwords. Also, some passwords let you set an expiration for your password manager session. Mine lasts 5 minutes which means that once I enter my password it won't prompt me again until after 5 minutes of inactivity. This is a good way to reduce the annoyance of entering your password, while still keeping them secure.

After generating this password, write it down with your device password. Now you should take the time to memorize these passwords, and then secure this paper.

You may be thinking that managing passwords is a hassle - even with a password manager. You are right. These tools do add a little bit of complexity, but they ensure a much higher level of security for your accounts. The tradeoff is worth it. Many password managers, like 1Password, have great browser plugins to allow you to quickly fill your passwords without ever having to look at them. In fact, I have plenty of accounts with passwords that I've never seen, nor will I ever need to see them. I simply log in to my password manager and then select the account whose password I need to retrieve.

Update existing passwords

Now, chances are most of your accounts are using the same password that is easy to crack. You should take the time to individually log in to each one and change the password. Your password manager will provide you the functionality required to generate the password and store it with the associated account. 1Password, for instance, provides a Chrome plugin that allows you to quickly generate and store passwords for each site you use. You can do this over time, but you should get in the habit of updating your habit every time you log in to a site using your same old, insecure password.

Since you are using a password manager, you won't need to memorize (or even see) any of these passwords. Simply keep them locked away in your password manager. Now the only way someone can access one of your accounts is if they have access to your password manager. Since both your device and your password manager are properly secured, you can consider your accounts secure.