Spending any time online requires the use of passwords. Passwords are outdated and problematic and their days are numbered. The future is passwordless, but today we are still using them so let’s talk about some best practices when creating and using passwords.

Why are passwords bad?

Passwords are bad because people have bad habits.

  • We created passwords that we can remember based on names, dates and places, etc.
  • We use the same password on multiple sites and services.
  • When we are forced to change passwords, we only change a small suffix or a number.
  • Many sites encourage bad passwords with outdated password requirements and lengths.
Password vs. Passphrase

  • password: usually between 8-10 characters
  • passphrase: can be up to 128 characters in length and include spaces.

Password Best Practices

Use a passphrase anytime that option is available. You will need to try it out when creating a password as most web sites do not tell you if passphrases are supported. If the passphrase is rejected, then you can fallback to a shorter password.

Use the following guidelines for creating strong passwords:

  • Never re-use the same password on multiple websites. Websites are commonly hacked and passwords are compromised. Hackers will attempt the compromised credentials on hundreds of other websites in attempts to steal identity, take over bank accounts, extort, etc.
    • You can check your email address against a known list of compromised accounts here:
  • Create STRONG passwords.
    • Passphrases
      • Use a full sentence including capitalization, spaces, and punctuation.
      • Use something you can remember like a quote from a song, book, or movie.
    • Passwords
      • Try and make them between 15-20 characters when allowed.
      • Add in numbers, capital letters and symbols.
  • Use a pasword manager

Password Managers

Password managers act as a secure vault to store website credentials and other sensitive information. Your password vault is secured by a strong passphrase and optionally a secondary form of authentication.

When using a password manager, it is easy to create strong and unique passwords for every site you visit.

Password managers can be used in a web browser and on a mobile device to store and retrieve passwords when they are needed.

Read More: multifactor authentication

Name Web Site Cost Description
Bitwarden $ Inexpensive and featured for power users.
Dashlane $$$ Polished and expensive. Best features available.
Lastpass $$ The most popular. Easy to use.
1Password $$ Best choice if you are using an Apple computer.