Skip the background and go straight to the recommendations
Confession: I spend more time than I’d like helping people retrieve their website passwords. For, let’s say, 15 years, I’ve probably received 2-3 “Heeyyyy, sorry to bug you, but I can’t log into my website” emails per month. If we go with 2/month, that’s 360 of ’em.
The dreaded Forgotten Password often leads to a firewall lockout when people think “Oh wait, I bet it’s THIS” one too many times. I’m sure people would rather not wait for me to notice their email/text/voicemail, log onto their site, unblock their computer from the firewall control panel, reset their password, and so forth—when they just want to get down to the business of processing an order or updating their website content.
The point I’m trying to make: everyone wins when we work together to solve the forgotten password problem once and for all!
Most of us know that it’s a bad idea to reuse the same password on multiple websites or applications. Doing that makes it easy to remember your password, but it also means that if one site gets hacked (and lists of thousands or millions of passwords posted on the Dark Web) your universal password is out there, and anyone can now get into all of your accounts. This is suboptimal.
The obvious conclusion is that you really ought to use different passwords everywhere, or at least every site where you have sensitive information of any kind. The problem is obvious: nobody’s going to remember dozens or hundreds of different passwords, so you have to figure out a way to record them. In the early days of the Internet, I used a Moleskine address book to alphabetize all my accounts. I still have it in my desk drawer, and all the antique websites—Hotmail, JavaNet, Orkut, and the like—are fun to look at for a little 90s web nostalgia!
Later on, most people started to record their logins in a file, often a spreadsheet, with columns for “site, username, password” or some such scheme. When cloud-based services like Google Sheets entered the picture, the savvy often pasted their Excel docs into an online worksheet, so they’d have a master document accessible from anywhere. In 2020, this approach still isn’t a terrible idea, but it’s way more cumbersome than. . .
A password manager is a handy application that runs in the background of your operating system and fills in usernames/passwords so you don’t have to remember them. There are many such services, some paid and some free, and all of the good ones have apps for Mac OS, Windows, Android, iOS, and all the major operating systems. This means that once you set them up, you can install them on all your devices, and you’ll have every single one of your passwords at your fingertips anywhere you go. AWESOME!
This means you have the universality of the old-school cloud-based spreadsheet, but there are many more benefits:
- completely insane security and encryption. these companies know that their services are worthless (harmful, even) if they get hacked, so they all invest heavily in security geniuses to make sure it doesn’t happen.
- auto-generation of random 20-30 character passwords that are impossible to memorize and type. you go to a new site, auto-generate a password, save it, and it’s now instantly available on all your devices. I’ve never even seen most of my passwords, and there’s no way I could memorize one without an agonizing amount of effort. naturally, this makes them unhackable unless you’re being investigated by the NSA, in which case, good luck with that.
- when you revisit one of these login screens, you can use a keystroke on your computer, or the fingerprint/face recognition on your phone, to enter the password instantly.
There are as many password management apps as there are antivirus programs, cloud based storage services, and every other useful online doodad in our electronic age. It’s beyond the scope of this article to help you choose the one that’s right for you, but if you Google “password manager” you’ll see names like (as of April 2020) 1Password, Dashlane, LastPass, and many more. All have similar features and payment plans, but there are subtle differences, and you’re the best person to judge the right balance of cost, features, ease of use, and all the other variables. Honestly, the cost and features of most of the major players are so similar that if you just choose one of the 2-3 most popular apps, you probably won’t go wrong.
If I were a money-grubbing hoser, here’s where I’d provide a bunch of affiliate links, so I’d get $0.0825 every time someone clicks to check out a particular service. Instead, here are the steps:
- go to Google and type “password manager” or whatever
- skim the results and pick two or three that seem promising, then type “compare [first application] [second application] [third application]” to read a snappily written article, probably including a feature matrix and some helpful pro tips
- pick one, sign up, walk through the setup steps
- sign with relief and be liberated from password angst for the rest of your days on Earth
I hear you: it sounds like a pain in the neck to figure out which password manager you want to use, install it, pay the $3/month, set everything up, put all those passwords into the database, etc.
In truth, it kind of is, I won’t lie to you. But you know what? If it takes you an hour to do all that, and then you:
- never have to worry about lost passwords again
- never have to bother your beloved website consultant to get unlocked from WordPress ;)
- have peace of mind that your logins are as uncrackable as they can reasonably be in an inherently risky online world
- can save several seconds every time you no longer have to type a password
- can save several minutes or hours every time you don’t have to wait for a password reset email to come in, then go to the site and type a new one (with number and letters and &#@% characters, oh and by the way, you used that one last year so you can’t use it again)
- can save several hours or days every time you get locked out of WordPress and can’t find the unlock email in your spam folder
You get the idea. It’s well worth doing, and once you bite the bullet and get it over with, you’ll be glad you did forever. I feel a small inward smile of satisfaction more often than you’d think when I stick my thumb on my iPhone’s home button, see an absurdly long row of asterisk or bullet characters appear in the password field, and am instantly logged in.
You know you’re going to want to put this off. You shouldn’t. It’ll save you lots of time, provide unhackable security for your websites if you do it right, and make your online life better in lots of ways you’ll notice once it’s up and running smoothly.