The good news is that Apple, Google and Microsoft are all actively working on solutions that actually work with each other for a change using open standards and not trying to keep users tied into their ecosystems. This should accelerate things a bit, but it'll still take quite a while before password hell will be a repressed memory for most of us.

As information gets more valuable, and everything moves into the digital world, the importance of keeping your information safe from unauthorised access in both personal and business capacities is becoming increasingly important but also getting more difficult. Attackers are getting smarter, tools and technology to break passwords are getting better, the value of information is increasing, and the lucrative, low-risk nature of cyber-crime makes staying secure extremely hard and adds more load to our already overly busy and stressful lives.

This article is aimed at helping with your personal password habits more than our corporate standard which I'm sure you're tired of hearing about. The same basic principles apply though. 

All your passwords must:

1. Be Long. There is no denying that the longer the password, the harder it is to crack. Length beats complexity too. A password like "thisisareallyreallylongpasswordandyoullneverguessit" is far more secure than something like "C0mPl3x!" despite the fact that it has no numbers, capitals or special characters. Obviously, using a long AND complex password is best, but length is the most important factor!

2. Be Unique. This is the most critical bit. Even the longest most secure passwords are pointless if they are known by an attacker. The most common way passwords are compromised is by phishing, where you actually type your super long and secure password that you're very proud of into a malicious site pretending to be Facebook, Twitter, your bank or some other site you need to login to, or a site gets hacked, and the username and password database stolen. The bad guys will then use this username and password combination on other sites to see if perhaps you've used the same password elsewhere, and they often get lucky.

Having long and unique passwords for every site you use is very difficult to do. No one can remember 100s of different passwords. There are 2 main solutions to this which people use to address this problem. One not really recommended (but better than using the same password everywhere), and the other highly recommended!

Obviously, the Master Password which unlocks your vault needs to be your most secure and preciously guarded secret. If this password gets stolen, all your passwords are at risk, so make sure you never, ever use this one anywhere else and make it long and strong. This should be the only password you should be able to remember, so a tip here is to use a phrase you know and can remember and then pad it on the front and the end with multiple special characters like two slashes "//" or three brackets ")))" or something similar. This adds length and complexity which is always a good thing without making it too hard to remember. Also make sure you use multi-factor authentication on your password manager and other critical sites like email, banking etc.

When choosing a Password Manager, you definitely want one that can synchronise your passwords across multiple devices so you can safely login to sites on your laptop and phone / tablet. Some password managers are free but charge you if you want to sync across devices or use other advanced features. 

Some of the best password managers are Bitwarden (free and excellent), LastPass (free tier, but you pay for some of the advanced features if you need them like syncing), 1Password (not free) and Dashlane (similar to LastPass, you pay for syncing). There are other too. Just make sure it's a well-known and reputable service before you trust your most important access credentials to it. Bitwarden is certainly the recommended option because while there is a paid version, the free one is adequate for most people. All Password Managers listed here have a paid option which include emergency access by another user should something happen to you which is useful. I've been that guy trying to find account details for someone who passed away. If you don't use this feature, make sure your master password is available securely to a trusted family member should something happen. It really does make things a lot easier for them. Bitwarden is also open source which means anyone can review the code and help find bugs, which makes it more secure.

Some password managers support storing of MFA tokens with the passwords which while more convenient, breaks the point of Multi-Factor authentication which is not recommended. Rather use a separate MFA App like Microsoft or Google Authenticator, Authy, etc.

Stay Safe Out There!

I hope this article help you implement better password security on your personal accounts. Always remember that your personal email account is probably your most critical one and should be protected the best. These accounts are the most commonly phished and are the ones tied to your other accounts for when you "forget" your password. If a bad guy has access to your personal email account, he can often change the passwords of all your other accounts too. ALWAYS use Multi-Factor Authentication on your personal email accounts and be extremely vigilant and watch out for phishing attacks. The best advice to protect yourself here is to always go to your email site (such as Gmail or outlook.com) by typing in the address in a new tab and never type in your credentials if prompted unless

you went to the site yourself.