Many arbitrary holidays litter our calendars (ahem, Tin Can Day), but World Password Day is one fully supported by the PCWorld staff. We’re all for ditching weak passwords — especially when strengthening your security takes only a little effort.
Follow these four easy suggestions and you’ll thank yourself for years to come. Not only will data breaches and hackers stop being immediate threats, but you won’t have to scramble to remember a collection of user name and passwords. That’s especially true if you opt for a newer form of account protection that’s simpler to use than passwords.
Trust us, you want to safeguard yourself. Data breaches are common these days, and as Bitwarden’s latest survey results indicate, a concerning number of people still reuse passwords (31 percent in the U.S. do so for 11 to 20+ sites!). And with so many data leaks, it’s getting easier and easier for hackers to not just know your passwords, but figure out the personal info you might use in a password — another prevailing bad habit (42 percent in the U.S.). Yikes.
Get a password manager
The best password manager
Dashlane
Read our review
Best Prices Today: $4.99 at Dashlane
Password managers make better account security so easy. You only have to memorize one strong password to safeguard nearly all your other login info. (Here’s how to come up with a good master password.)
You shouldn’t have an issue finding a password manager that suits you, either — it’s perfectly normal to have reservations about them, but there are so many options out there. Want something that integrates seamlessly with your phone or browser? Google, Apple, and Firefox’s password managers are basic but solid. Hate the idea of all your passwords sitting in the cloud? Try KeePass or one of its variants. Need support for advanced two-factor authentication methods, like a YubiKey? Many paid services include it. Password managers now also generally support passkeys, a simpler yet more secure method of account protection.
Paying for a good solution isn’t always necessary either, as you’ll see when going over our lists of the best paid password managers and the best free password managers. The kinds of features that unlock when paying for services are helpful indeed, especially if you’re using multiple devices or want to secure passwords for multiple people, but they’re not absolutely vital otherwise. That said, our go-to solution — Dashlane — makes managing passwords dead simple and only costs $33 per year, or $2.75 per month. It’s money well spent for the added security (and the extra polish).
And don’t worry if you try one service and don’t like it. Exporting and importing password databases is simple.
Use strong, unique passwords for everything
Companies like Terahash can combine several hundred GPUs to crack short passwords instantly. This chart shows how longer passwords can make the process impossibly long, even with such computing power on hand.
Companies like Terahash can combine several hundred GPUs to crack short passwords instantly. This chart shows how longer passwords can make the process impossibly long, even with such computing power on hand.
Terahash / Twitter
Companies like Terahash can combine several hundred GPUs to crack short passwords instantly. This chart shows how longer passwords can make the process impossibly long, even with such computing power on hand.
Terahash / Twitter
Terahash / Twitter
Even websites that barely register in your memory deserve a strong, unique password. If you’ve left behind traces of personal information — or financial information, like stored credit card info — unauthorized access to your account could lead to future headaches.
Normally, remembering a strong, random, and unique password for every place you visit on the internet would be a pain in the rear. Everything requires a login these days. But with a password manager (which of course you’ve just set up!), you no longer have that responsibility. So long as you have the browser extension (or app installed on your phone), you can let it choose a password for you. Just tell it how many characters in length and what mix of them. (Security experts currently recommend 24 characters in length, randomly generated with numbers, letters, and special characters; you can also opt for a similarly long passphrase for things you need to manually type.) The fun part is that because you don’t have to memorize each password yourself, long and complex strings aren’t a hassle.
If you want to really level up your login security, you can also use strong, unique user names, too. With a password manager tracking everything, being randominternetuser13960 on one site, ithurtstomove4582 on another, and pizzacoma2259 on a third is a cinch. Have to use an email address for your login? Gmail and some other email providers let you create aliases by adding a plus sign (+) and phrase after your account name. So for example, you could use emailaddress+likesbooks@gmail.com to distinguish that particular site. Or better yet, you can wholesale upgrade to email masks for true anonymity.
Enable two-factor authentication, too
Two-factor authentication adds a second layer of security while logging in.
Two-factor authentication adds a second layer of security while logging in.
Apple
Two-factor authentication adds a second layer of security while logging in.
Apple
Apple
We hate to say it, but these days, strong passwords alone aren’t enough to ward off threats. Data breaches happen, and so do moments of being caught off-guard by phishing attempts.
Two-factor authentication adds another layer to your login process. Instead of having immediate access to your account upon entering your user name and password, you’ll have to pass another security check before access is granted. (You can read more about how 2FA works in our explainer, which also gives more details on the common forms available.)
Like using a password manager, two-factor authentication doesn’t have to be a cumbersome addition to your login process. Apps like Authy, Aegis, and Ravio make accessing your 2FA codes on multiple devices simple, and support easy security measures like biometric authentication to protect those codes from prying eyes.
We of course recommend enabling two-factor authentication on as many accounts as possible, but at minimum, do it for major accounts like email and financial services — places with info that could wreak havoc on your life if someone else got unauthorized access. Also consider protecting your Amazon, social media, Steam, and work accounts (and their info ripe for use in social engineering) in this way, too.
For sites that don’t have two-factor authentication — which sadly includes a large number of e-commerce sites — you can help limit damage from unauthorized account access by not leaving your credit card information and address on file.
Use a passkey
Most people will probably use a phone for their passkey storage, but they work with Windows PCs, Apple hardware, and security keys, too.
Most people will probably use a phone for their passkey storage, but they work with Windows PCs, Apple hardware, and security keys, too.
Google
Most people will probably use a phone for their passkey storage, but they work with Windows PCs, Apple hardware, and security keys, too.
Google
Google
This newer form of account authentication has been spreading steadily since last year, and just in time, too. Passkeys cut out a lot of the hassle of using passwords while also providing strong security out the gate — a quality of life upgrade sorely needed as online security gets more complex.
You just need a device like a phone, tablet, or even your PC to serve as an authenticator. It’ll be registered to your account when you generate the passkey. Afterward, you’ll get prompts on the device to authorize logins, which you’ll approve using face identification, a fingerprint, or a PIN. It’s incredibly simple, and more importantly, passkeys are more resistant to the current effects of data breaches. Because they are an asymmetrical form of encryption, a hacker can’t guess at your passkey based on the compromised website’s encrypted login data. Only you have the other part of the puzzle, and it’s a different kind of piece than the part saved to your website account.
You can also use a password manager to store passkeys, though they’re currently a bit less secure than using a physical device.
You can read more about passkeys in our coverage of Google’s recent launch of passkey support for its accounts (as well as in Google’s own excellent overview of the topic), but basically, this is the cutting-edge of online security. A passkey eliminates the hassles of passwords, along with the pressing need for two-factor authentication, and should make protecting your accounts much easier. Good websites support both passwords and passkeys — so you can still have a password + 2FA combo as an alternate method to login (just in case you lose your device with stored passkeys), but use your passkey day-to-day with less hassle.
There’s more you can do, of course — and it’s also easy
seriously, dashlane rocks
Dashlane
Read our review
Best Prices Today: $4.99 at Dashlane
All set up with your password manager and two-factor authentication, and feeling primed to go even further? Learning more of the ins and outs of your password manager will help integrate it into your life even more seamlessly. Installing your service’s companion smartphone app and browser extension is just a starting point — check out our guide on how to make most of your password manager for more tips. You can also have a look at our story about 5 easy tasks that supercharge your security. If you’ve followed this article’s advice, you’re already more than halfway there!
Security Software and Services
Follow these four easy suggestions and you’ll thank yourself for years to come. Not only will data breaches and hackers stop being immediate threats, but you won’t have to scramble to remember a collection of user name and passwords. That’s especially true if you opt for a newer form of account protection that’s simpler to use than passwords.
Trust us, you want to safeguard yourself. Data breaches are common these days, and as Bitwarden’s latest survey results indicate, a concerning number of people still reuse passwords (31 percent in the U.S. do so for 11 to 20+ sites!). And with so many data leaks, it’s getting easier and easier for hackers to not just know your passwords, but figure out the personal info you might use in a password — another prevailing bad habit (42 percent in the U.S.). Yikes.
Get a password manager
The best password manager
Dashlane
Read our review
Best Prices Today: $4.99 at Dashlane
Password managers make better account security so easy. You only have to memorize one strong password to safeguard nearly all your other login info. (Here’s how to come up with a good master password.)
You shouldn’t have an issue finding a password manager that suits you, either — it’s perfectly normal to have reservations about them, but there are so many options out there. Want something that integrates seamlessly with your phone or browser? Google, Apple, and Firefox’s password managers are basic but solid. Hate the idea of all your passwords sitting in the cloud? Try KeePass or one of its variants. Need support for advanced two-factor authentication methods, like a YubiKey? Many paid services include it. Password managers now also generally support passkeys, a simpler yet more secure method of account protection.
Paying for a good solution isn’t always necessary either, as you’ll see when going over our lists of the best paid password managers and the best free password managers. The kinds of features that unlock when paying for services are helpful indeed, especially if you’re using multiple devices or want to secure passwords for multiple people, but they’re not absolutely vital otherwise. That said, our go-to solution — Dashlane — makes managing passwords dead simple and only costs $33 per year, or $2.75 per month. It’s money well spent for the added security (and the extra polish).
And don’t worry if you try one service and don’t like it. Exporting and importing password databases is simple.
Use strong, unique passwords for everything
Companies like Terahash can combine several hundred GPUs to crack short passwords instantly. This chart shows how longer passwords can make the process impossibly long, even with such computing power on hand.
Companies like Terahash can combine several hundred GPUs to crack short passwords instantly. This chart shows how longer passwords can make the process impossibly long, even with such computing power on hand.
Terahash / Twitter
Companies like Terahash can combine several hundred GPUs to crack short passwords instantly. This chart shows how longer passwords can make the process impossibly long, even with such computing power on hand.
Terahash / Twitter
Terahash / Twitter
Even websites that barely register in your memory deserve a strong, unique password. If you’ve left behind traces of personal information — or financial information, like stored credit card info — unauthorized access to your account could lead to future headaches.
Normally, remembering a strong, random, and unique password for every place you visit on the internet would be a pain in the rear. Everything requires a login these days. But with a password manager (which of course you’ve just set up!), you no longer have that responsibility. So long as you have the browser extension (or app installed on your phone), you can let it choose a password for you. Just tell it how many characters in length and what mix of them. (Security experts currently recommend 24 characters in length, randomly generated with numbers, letters, and special characters; you can also opt for a similarly long passphrase for things you need to manually type.) The fun part is that because you don’t have to memorize each password yourself, long and complex strings aren’t a hassle.
If you want to really level up your login security, you can also use strong, unique user names, too. With a password manager tracking everything, being randominternetuser13960 on one site, ithurtstomove4582 on another, and pizzacoma2259 on a third is a cinch. Have to use an email address for your login? Gmail and some other email providers let you create aliases by adding a plus sign (+) and phrase after your account name. So for example, you could use emailaddress+likesbooks@gmail.com to distinguish that particular site. Or better yet, you can wholesale upgrade to email masks for true anonymity.
Enable two-factor authentication, too
Two-factor authentication adds a second layer of security while logging in.
Two-factor authentication adds a second layer of security while logging in.
Apple
Two-factor authentication adds a second layer of security while logging in.
Apple
Apple
We hate to say it, but these days, strong passwords alone aren’t enough to ward off threats. Data breaches happen, and so do moments of being caught off-guard by phishing attempts.
Two-factor authentication adds another layer to your login process. Instead of having immediate access to your account upon entering your user name and password, you’ll have to pass another security check before access is granted. (You can read more about how 2FA works in our explainer, which also gives more details on the common forms available.)
Like using a password manager, two-factor authentication doesn’t have to be a cumbersome addition to your login process. Apps like Authy, Aegis, and Ravio make accessing your 2FA codes on multiple devices simple, and support easy security measures like biometric authentication to protect those codes from prying eyes.
We of course recommend enabling two-factor authentication on as many accounts as possible, but at minimum, do it for major accounts like email and financial services — places with info that could wreak havoc on your life if someone else got unauthorized access. Also consider protecting your Amazon, social media, Steam, and work accounts (and their info ripe for use in social engineering) in this way, too.
For sites that don’t have two-factor authentication — which sadly includes a large number of e-commerce sites — you can help limit damage from unauthorized account access by not leaving your credit card information and address on file.
Use a passkey
Most people will probably use a phone for their passkey storage, but they work with Windows PCs, Apple hardware, and security keys, too.
Most people will probably use a phone for their passkey storage, but they work with Windows PCs, Apple hardware, and security keys, too.
Most people will probably use a phone for their passkey storage, but they work with Windows PCs, Apple hardware, and security keys, too.
This newer form of account authentication has been spreading steadily since last year, and just in time, too. Passkeys cut out a lot of the hassle of using passwords while also providing strong security out the gate — a quality of life upgrade sorely needed as online security gets more complex.
You just need a device like a phone, tablet, or even your PC to serve as an authenticator. It’ll be registered to your account when you generate the passkey. Afterward, you’ll get prompts on the device to authorize logins, which you’ll approve using face identification, a fingerprint, or a PIN. It’s incredibly simple, and more importantly, passkeys are more resistant to the current effects of data breaches. Because they are an asymmetrical form of encryption, a hacker can’t guess at your passkey based on the compromised website’s encrypted login data. Only you have the other part of the puzzle, and it’s a different kind of piece than the part saved to your website account.
You can also use a password manager to store passkeys, though they’re currently a bit less secure than using a physical device.
You can read more about passkeys in our coverage of Google’s recent launch of passkey support for its accounts (as well as in Google’s own excellent overview of the topic), but basically, this is the cutting-edge of online security. A passkey eliminates the hassles of passwords, along with the pressing need for two-factor authentication, and should make protecting your accounts much easier. Good websites support both passwords and passkeys — so you can still have a password + 2FA combo as an alternate method to login (just in case you lose your device with stored passkeys), but use your passkey day-to-day with less hassle.
There’s more you can do, of course — and it’s also easy
seriously, dashlane rocks
Dashlane
Read our review
Best Prices Today: $4.99 at Dashlane
All set up with your password manager and two-factor authentication, and feeling primed to go even further? Learning more of the ins and outs of your password manager will help integrate it into your life even more seamlessly. Installing your service’s companion smartphone app and browser extension is just a starting point — check out our guide on how to make most of your password manager for more tips. You can also have a look at our story about 5 easy tasks that supercharge your security. If you’ve followed this article’s advice, you’re already more than halfway there!
Security Software and Services
