If you’re struggling to think up strong passwords you can remember for your online accounts, here’s a simple, secure solution — for you and the whole family.
You’ve heard the security advice: “Create a unique, strong password for each account”. But are you doing that for every login? And what about the Netflix account you share with others in your family, and all their individual accounts?
“Why would hackers target me?” your family might ask, and they’re probably right. Your credentials are much more likely to be lost in a data breach(new window). In the US alone, millions of people fall victim(new window) to data breaches every year.
If any of your login details are ever leaked (one source to find out is Have I Been Pwned(new window)), the personal and financial losses could be devastating. That’s why everyone needs to create strong passwords and find a way to remember or store them securely.
Here are five steps everyone in your family can use to secure their passwords.
1. Delete your old accounts
Before you start, revisit accounts you’ve had for a while and close any you no longer use(new window). They may contain weak or reused passwords, and the fewer active accounts you have, the less exposed you’ll be to data breaches:
- Go to the “Help” or “Support” pages on each company’s website and look for how to close or delete your account. As many sites make it far from easy to say goodbye for good, check JustDelete.me(new window) and AccountKiller(new window) for help.
- To reduce risk, try to remove any private or financial information, like payment card details, before closing. Companies may have to retain your data for some time for legal reasons. And whatever they tell you, you can’t be 100% sure they have deleted your details anyway.
2. Choose a good password manager
A password manager helps to keep all your passwords safe in one place, so you only have to remember one master password:
- Sign up for and download a good, end-to-end encrypted password manager. Here are three open-source password managers(new window) we recommend — for computers and mobile devices.
- You’ll need to think of a strong master password or consider using a passphrase(new window), which is easier to memorize.
3. Create and save strong passwords
Now you can make the passwords to all your active accounts as complex and secure as possible, as you only need to remember one master password:
- Log in to each online account and create a strong, unique password(new window) for each one, taking into account how long your passwords should be(new window).
- Better still, use the password generator in your password manager to give you strong password suggestions for each account.
4. Use two-factor authentication
If your passwords are ever leaked, two-factor authentication (2FA) gives you an extra layer of defense. With 2FA, after filling in your password, you enter a six-digit code from your phone or use a security fob, like YubiKey(new window), to gain access:
- Enable 2FA for your master password and all your online accounts, where available. Most now allow you to set up 2FA by simply scanning a QR code.
- Choose an authenticator app(new window) or use a security fob to verify your account. Avoid account verification by SMS, which is less secure.
5. Share password best practice
After you’ve set up your password manager and 2FA everywhere, you can help your nearest and dearest do the same:
- Talk your family members through steps 1 to 4 to set up an account with your password manager. With services like Bitwarden(new window) or Padloc(new window), you can also set up shared folders with access permissions — a great way to exercise parental control with kids or help a less tech-savvy family member manage their passwords.
- Once everyone is set up, family plans can help you share logins for streaming services and other family accounts.
But is using a password manager safe? If you forget your master password, or your password manager or device is ever compromised, you could lose access to all your accounts.
Yes, using a password manager is like putting all your eggs in one basket. That’s why it’s essential to create a unique, strong master password or passphrase that you’re sure you can remember. It’s also true that researchers have discovered password manager security flaws(new window) with some services on certain devices.
Still, there’s no such thing as 100% password security: It’s a balance of risks. And we believe that for most people, the benefits of using a good, end-to-end encrypted password manager with 2FA outweigh those risks.
Most password managers offer free accounts with some limited sharing options, so you can try them out. That may well be enough for you and individual family members.
For more advanced sharing for families, you’ll probably have to pay a small subscription. Yet any fee to help secure your passwords may be a small price to pay compared to the potential cost of landing in a data breach — for you and your family.