How To Choose And Manage Passwords

  
By Tim Chesonis •  Updated: 04/28/20 •  18 min read

It seems that passwords are required for everything these days. We need them to log into our computers, and we need them to order a pizza online. Given that passwords are required everywhere, how is one supposed to create a new password every time one is required, let alone remember it?

When creating a password, you should:

1. Always use a minimum of 12 characters.
2. Always include both UPPER cAsE and lower cAsE letters, numbers, and symbols.
3. Always ensure that you mix up the characters.
4. Never use stupid-simple words.

In this article we will dive deep into the subject of creating and managing passwords.  I will show you methods of creating password and show you several different ways to manage them for easy retrieval.

Why We Need A Password

People cheat and steal. If they didn’t, we wouldn’t need passwords. It’s that simple. For that reason, we need a password for nearly everything.

Just this morning, I needed to rent a U-Haul to move some furniture. Guess what they required? A password. A Password is required for everything from posting a comment in a forum, to opening a bank account.  In fact, I find it very difficult to think of anything that I don’t require a password for. That requirement seems to be everywhere.

People Generally Only Use Three Passwords

Because passwords are required for nearly everything we do, it can be very frustrating trying to come up with a new password every time one is required.  Am I wrong? In fact, would you be surprised to learn that people generally only ever use three passwords for everything? I doubt it, because you too, probably only ever use three passwords for everything that you do.

Stupid-Simple Password

My guess is that you probably use a super simple password for things like ordering a pizza, or submitting an online form to gain access to a specific website. It’s something very simple and you really don’t care if people guess what it is, because you are only using it to jump a hurdle, or to gain access to something that’s not really important to you.  You view the request for a password as more of an inconvenience than a security feature. For that reason, you make it stupid simple to remember.

I Think I’m Fooling Everyone with this Password

Because you use this password about 80% of the time, there’s a very high likelihood that hackers already have this password on file because you use it nearly everywhere.

Of the three passwords that you generally use all the time, your second password is probably a little bit more difficult to guess then your stupid-simple password, and you probably use this password about 80% of the time. I call this the “I think I’m fooling everyone with this password“, password. The reason that I call it this, is because you probably think it’s a “good enough”.

Let’s say that you have an account with Home Depot, or Walmart, for example. For the sake of argument, let’s say that Walmart got hacked and all of its customer data became compromised. Let’s further assume that you used your “I think I’m fooling everyone with this password“, password, to open the online Walmart account. Because you use this password 80% of the time, hackers can easily hack into 80% of your accounts.

Super Important Password

The third and final password that people generally use is their banking password. This is the password that they think that nobody could possibly guess because it is a combination of birthdays, anniversaries, meaningful words, and maybe an exclamation mark at the end. By the way such a password is not worthy of a banking password, but more on that later.

Your “Super Important Password” is thought of as being sacred, and you probably only ever use it on VERY important websites, . . . . like your other banking websites where you pay your home mortgage or car payment. Do you see the folly in this thinking? Once your banking password has been hacked, it will be used on every other account that the hacker thinks that you deem “very important”. There is an extremely high probability that hackers will easily gain access to those other accounts because they know that you are probably going to use the same “super important” password for everything that you deem super important.

Every time you use a password for ANY reason, it should be a one-of-a-kind password that is never used for any other account.

I know that you are probably thinking that this ridiculous and that there is no way that you could possibly come up with and remember a new password for EVERY account, let alone manage it. Not to worry, I will address these concerns of yours and answer them by the time you finish reading this article. Let’s start by talking about the passwords you should never use under any circumstances.

Rules to Follow When Creating a Password

There are certain things that you should and should not do when creating a password.  Let’s start by showing you what you should not do when considering a password for anything.

Do NOT Use These Passwords!

There are certain passwords that you should never use, and the reason for this is because everybody uses these passwords, (more often than you would think).  Stay away from the following passwords (or any variation of them), because these are the passwords that hackers will try using first in an attempt to hack into any of your accounts.

According to SecurityMagazine.com, the worst passwords of 2019 are as follows. These passwords are compared to the prior year, 2018, and reveal if they have move up or down compared to their ranking in 2018. If they are new to the list, they are identified as such.

  1. 123456 (rank unchanged from 2018)
  2. 123456789 (up 1)
  3. qwerty (Up 6)
  4. password (Down 2)
  5. 1234567 (Up 2)
  6. 12345678 (Down 2)
  7. 12345 (Down 2)
  8. iloveyou (Up 2)
  9. 111111 (Down 3)
  10. 123123 (Up 7)
  11. abc123 (Up 4)
  12. qwerty123 (Up 13)
  13. 1q2w3e4r (New)
  14. admin (Down 2)
  15. qwertyuiop (New)
  16. 654321 (Up 3)
  17. 555555 (New)
  18. lovely (New)
  19. 7777777 (New)
  20. welcome (Down 7)
  21. 888888 (New)
  22. princess (Down 11)
  23. dragon (New)
  24. password1 (Unchanged)
  25. 123qwe (New)

If you are using one of the passwords for anything, change it immediately, (OK, after reading this article).  Using a stupid simple password is like not using any password at all.

If you use any of these stupid-simple passwords to gain access to a website or for any other reason, hackers know that there is a high probability that you may have used the same password somewhere else, and that somewhere else may give them more information about you. That information can be pieced together in the hope of gaining access to other accounts.

Do Not Use a Password More than Once

Earlier, I stated, that you should never use a password more than once, for ANY reason. Each password should be a one-of-a-kind password that is never used for any other account. I’m going to go a step further.

Each password should be a one-of-a-kind password that is never used on more than one website.

If you are anything like me, you visit dozens of websites every day, many of which, require a password to gain access to content or perhaps to an account of some sort. Passwords are such a bother. Such a turn-off. I get it. But, just like you can’t live in New York City without locking your door, you can’t access accounts on the internet without a password.

Think of it this way. Using the same password more than once, is like having one key that will start your car, unlock the front door to your house, and the safety deposit box at your bank. If the thief can manage to steel the key to your car, he can fence all the items in your house and empty your safe deposit box too. This is why we have different keys that serve different purposes. The car key is different that the house key which is different than the safe deposit key. You should apply the same concept when it comes to passwords. A unique password for every door in your life, but that’s not typically what we put into practice.

Rest assured, I have a solution that I will show you, but you must be convinced that you should never use a password more than one time.

Don’t Use Movie Passwords or Song Lyrics

You may think that you are being creative by using a password from one of your favorite songs or movies, but this is highly not recommended. For example, using the word, “Pencil” (from the movie, “Ferris Bueller’s Day Off”) is not wise because millions of people have seen the movie, (not to mention that it’s a horrible password). 

Likewise, you don’t want to use the lyrics from a song for a password.  For example, using, “8765309” from the song, “Jenny” by Tommy Tutone, is also not a good idea to use as a password.  There is nothing unique about this password.  Everybody from the early 80’s knows this song and remembers the jingle, “8765309”.

How to Create a Password

Before I offer strategies that you can use to create a password, there are 4 Fundamental Rules that you should always employ when creating a password.



With this in mind, we can now look at each of the following strategies to create a password for anything you do that requires a password.  We will start with the least secure method and work our way up to the most secure method of generating a password.

Squish a Phrase

The first method is to simply to use a phrase and squish it together by removing the spaces from the sentence you create.  For example, “Hi! My name is Tim.  I’m 50 years old!”  Now if you were to remove all the spaces in that phrase and included all the punctuation, the password would be Hi!MynameisTim.I’m50yearsold!

Choose the first letter from a phrase

This second method is much better, because it is not easy to guess at all.  Follow these steps to create a password by using a phrase. To beging, pick a phrase that is easy to remember and be sure to use numbers and punctuation. 

For example, “Hi! My name is Tim.  I’m 50 years old and I love to blog, how about you?”  Now take the first letter of each word, and be sure to include numbers and punctuation.  In this case, it would be: “Hi! My name is Tim.  I’m 50 years old and I love to blog, how about you?”  The end result would be H!MniT.I50yoaIltb,hay?

Use a Password Generator

A password generator is an application that will automatically create a random string of number, letters and punctuation for you.  There are two types of password generators.

You could use a password generator by visiting a website such as, https://passwordsgenerator.net. This is an excellent site to generate a password for pretty much anything.  It has no way of helping you remember the password that it generates, but you do have a ton of options that are easy it implement by simply clicking a checkbox.  Once you are happy with the type of password you want it to generate, simply click GENERATE PASSWORD, and voila!  You now have a random password that meets the specifications you told the generator that you needed.

You could install a browser plugin such as “Strong Password Generator”.  I like this particular password generator because easy to use, and yet offers a lot of what can be found on the passwordgenerator.net website.  Additionally, I love how easy it is to access this extension.  This extension prevents me from having to open up a new browser tab and navigate to passwordgenerator.net to generate a password.  Once created, you can simply copy and paste it where needed.

You could install a password generator program, such as 1Password, Dashlane, or LastPass, to name of few of the more popular ones.  While these will help you create a password, they are primarily used to manage your passwords, which we will get to shortly.

Is Two Factor Authentication Really Necessary?

Two-factor authentication occurs when you enter a password onto a form on a website.  The system that you are logging into will then send you a code via text or e-mail.  Once you successfully enter that code or pin number in the form on the website, only then will you be granted access.

To be frank, you don’t have a choice when it comes to two-factor authentication.  If you want access, and are presented with two-factor authentication, the only way you will ever gain access is by entering the code they sent to you.  Both Microsoft and Apple use two-factor authentication extensively.  It has proven valuable, so is it really necessary?  Unfortunately, the answer is yes.  Inconvenient as it may be, it is very effective.

How to Manage Your Passwords

In this section, we are going to talk about how to manage your passwords.  I’m going to offer three solutions that have proven to be very efficient and effective.  My goal is to present options for you to choose from.

Password Managers

As I have already mentioned, there are Password Managers such as 1Password, DashLane, and LastPass that will help manage your passwords for you.  I’m only mentioning a few of the more popular ones here because the purpose of this article is not to review these password managers, but rather, to let you know that they are available to you should you decide to use them.

These password managers work well, provided that you install it on every device you own including your desktop, laptop, tablet, and cell phone.

I have used a few of these programs and my biggest complaint I have, is that they always felt like they were in my way.  For my liking, a password manager should not be in my face when entering a password.  It should function like a server at a very expensive restaurant, barely seen and never interrupting.

The one thing that I really do like about these password managers is that they are not limited to websites.  You can enter your login credentials for anything, including your credit cards, it they don’t limit you to passwords, you can actually enter any valuable account information for easy access when needed.

The primary turn-off for me in using these password managers is that I do not have any confidence that they will be around three, five, or even ten years from now.  Even if they provide a stellar service now, how can I be sure that they won’t suddenly go out of business and take all of my passwords with them?  Not that I think that they would steal or sell my passwords, but will they  be open for business so that I can access my passwords?  You see, all of these Password Generator programs use the Cloud to store all of your passwords.  If they suddenly go out of business, my access to my passwords dies with the company.  For me, that’s a huge gamble, but I believe I may have a better solution that I’ll get to in a minute, but first, let’s take a look at the Browser as a solution.

Manage Your Passwords Through Your Web Browser

The web-browsers of today all offer the ability to manage your passwords.  Each browser does require that you create an account so that the passwords can be stored in the Cloud for easy access on any other devices you have that utilize their respective browser. 

If you are a fan of Google Chrome, you can use that browser on your desktop, laptop, tablet or cell phone.  Firefox also is available on all of these devices as well.  However, there are other web-browsers that may be available on the Desktop, but may not be available on mobile devices.  Or, they may be available for the Desktop, but are only available on Android, but not IOS. The Vivaldi browser comes to mind.  If you choose this option, just be aware of the limitations, (if any), depending on the browser you choose.

Use a Mac

In order to use KeyChain, you must have an Apple device such as a Mac, iPad, iPhone, iPod Touch, or even an Apple Watch.

When it comes to managing passwords, there is no better solution available on the market today than using KeyChain.

The application “KeyChain” is only available on the Mac, however, on all other Apple devices, the functionality can be found under SETTINGS > PASSWORDS & ACCOUNTS > WEBSITE & APP PASSWORDS.  Here you will find all of the passwords for any and every website you have ever visited on your Apple device.  Additionally, all of the apps on your devices that require a password are listed here. 

For clarification, KeyChain is an application on the Mac, but it functions on IOS under “Passwords & Accounts.”  In either case, it is not something you need to download and install. If you have an Apple device, it is already built into the operating system and is ready for use.

If using the Mac, you can access the KeyChain by simply clicking the LaunchPad, and typing the word, “KeyChain” and hit the ENTER key.  This will open up the KeyChain app where you can then manage all of your passwords.

How does this work?  Let’s assume that you are browsing the internet using the Safari web-browser and come across a website that requires you to create a username and password.  If using Safari, it will automatically create a “Strong Password” for you.  It’s a random password comprised of capital letters, lower-case letters, numbers and symbols.  You have the option of creating your own also.  In either case, KeyChain will remember those login credentials for you and encrypt those login credentials for you.

Any time you revisit that website, or open up that application that requires a password, it will automatically populate for you, (provided that you have already unlocked your Apple device with your Apple ID password, (or FaceID).

There are 3 reasons why KeyChain is the ultimate solution for managing your passwords.

  1. KeyChain utilizes 256-bit encryption.  Even the FBI can’t hack this.
  2. Due to the Mac Ecosystem, the password is automatically available on all of your Apple devices without having to install any apps or do anything to make it work.
  3. It works, without fail, . . . every time.

There are those who will argue, “But you just said that you don’t know how long 1Password, DashLane, or LastPass will be around.”  That is correct, I did say that.  However, I am VERY confident that Apple will be around long after these password manager companies have long since died.  Furthermore, I personally find that the security offered by Apple is far more reliable and robust than these other companies.  For that reason, I’m going with KeyChain.

How Often Should I Change my Password?

If you use a very strong password, one that follows the rules found in the section above titled, “How to Create a Password”, you really don’t need to change your password that often, if at all. 


If you are concerned about it for any reason, change your password.


If you are using a Password Manager such as 1Password, DashLane, or LastPass, or even KeyChain, your password is encrypted and really does not need to be changed, ever. But again, if you are concerned about the integrity of your password for any reason, change it.

Closing Thoughts

Will passwords always be with us?  Probably, and here’s why.  Even if our society started using retina eye-scanners or fingerprint readers for identification purposes, there will always be some application or service that  requires a password, but does not allow for an eye-scanner or fingerprint reader.

This is why it is always a good practice to remember the fundamental Rules whenever creating a password:

Whatever solution works best for you is the solution that you should use and stick with.  You are either all in, or not in at all.  There is no in-between half-hearted approach when it comes to creating and managing your passwords.  My hope is that you will take what you have learned here and apply it, securing access to any website or application that requires you to enter your login credentials to gain access.

Tim Chesonis

Tim has been helping people with computers needs for several years, and he loves to help people succeed. He brings a wealth of wisdom and insight from an entrepreneur's perspective and enjoys freelance writing. In fact, when he's not writing an article, you might find him binge-watching Suits or formatting his computer . . . again, just for fun. To learn more about Tim, click here.