Over the past two days we’ve generated a secure, memorable passphrase and
installed a password manager. We’ll store most of our other passwords within the password manager. Since
we have quick, secure access to our passwords whenever we need them, they don’t need to be memorable. So let’s start
using passwords like “t4Nr&A6yr9pWX2k3o$l6J5Rs
”!
Your password manager can generate new passwords like this. Random passwords have obvious security benefits, but there’s more. They also remove the cognitive load of remembering individual site passwords. It’s easy to replace your passwords when you haven’t committed them to memory in the first place!
Along with your passwords, it’s a good idea to redo your “Security questions”. These are things like “What street did you grow up on?”, “What is your pet’s name?”, or “What is your favorite band?”. Answers to these questions are notoriously easy to guess or infer from social profiles. Once we’re done today, we want things to look like this:
What street did you grow up on?
e8*4qWn45&mbx8Y^O&i!cn6V
What is your pet’s name?
L2pOY0@@C^WaR#B$YC!ffC$u
What is your favorite band?
0*66$20$%65%##8*$3$80^^8
If a site supports it, you’ll want to set up “Two-Factor Authentication” using your mobile device. This protects you if someone manages to gain access to your password or passphrase.
Pick four websites that hold important information or privileges. For example:
For each of these sites, log in using your existing password. Use your password manager to generate a new password. If you’re using Lastpass, it’s under “Generate Secure Password”. Make sure to save the new password in your password manager.
Next, replace any security questions using the same steps above. Many password managers allow you to store secure notes along with a login entry. Store the answers to your security questions here.
Finally, look around for a “Two-factor auth” or “2FA” option. If it exists, set it up using the authenticator app that you downloaded yesterday or your mobile phone number.
Before we finish, sign up for Have I Been Pwned. It’s a free service that emails you if your account turns up in a hack.