- Use a password manager to generate and store unique passwords for every account - eliminates password reuse risks
- Enable two-factor authentication (2FA) on all important accounts, especially email, banking, and social media
- Create passwords with at least 12 characters using a mix of letters, numbers, and special characters
- Never reuse passwords across multiple sites - one breach can compromise all your accounts
- Check if your accounts have been compromised using Have I Been Pwned and update passwords immediately
After I was compromised along with 150 million other users in the Adobe Breach, I decided to completely overhaul my password security. Adobe was using weak encryption without salts, so by analyzing password patterns and hints, my password became visible to attackers worldwide. I was using a very insecure password at the time. While I wasn't hijacked, many others weren't so fortunate.
I'm using a password manager across all my devices—macOS, Linux, Android, and Windows. Password managers are essential for maintaining unique, strong passwords for every account without the mental burden of remembering them all.
Updated 2025 Password Manager Recommendations:
- 1Password: Best overall with excellent security and family sharing
- Bitwarden: Open-source and free, great for individuals and teams
- Dashlane: User-friendly with built-in VPN features
- KeePass: Free, offline password manager for privacy-focused users
Note: While I originally recommended LastPass, they've had several security breaches since 2015. I now recommend the alternatives above for better security.
After choosing a password manager, I spent several days changing all passwords I'd ever used, using the security audit features most managers provide. This helped identify duplicate passwords, weak passwords, and accounts potentially compromised in data breaches like Adobe, Sony, or LinkedIn.
For even more security, combine your password manager with secure internet access using a VPN to protect your login attempts from interception.
Modern password managers work seamlessly across all your devices. They run as browser extensions and mobile apps, automatically auto-filling your login credentials when you visit websites. Simply enter your master password once, and you have access to your entire password vault.
How password managers work:
- Auto-fill login forms in browsers and mobile apps
- Generate strong, unique passwords for every account
- Sync across all your devices securely
- Share passwords safely with family or team members
- Audit existing passwords and identify security issues
You can also copy passwords for desktop applications, terminal sessions, or other non-browser services. Most modern password managers can even change passwords automatically for supported sites.
Password managers eliminate the need to remember dozens of complex passwords or write them down insecurely. You only need to remember one strong master password to access your entire vault—which should be long, unique, and memorable to you alone.
Enable Two-Factor Authentication (2FA)
Beyond using a password manager, enable Two-Factor Authentication on all important accounts. 2FA requires both your password and a second factor (usually your phone) to log in. Even if someone steals your password, they can't access your account without your physical device.
Best 2FA methods:
- Authenticator apps: Google Authenticator, Authy, or 1Password's built-in 2FA
- Hardware keys: YubiKey or similar FIDO2-compatible devices
- SMS codes: Better than nothing, but less secure than apps
- Backup codes: Always save these in case you lose your phone
Critical accounts to protect with 2FA:
- Email accounts (Gmail, Outlook, etc.)
- Banking and financial services
- Social media accounts
- Password manager account
- Work and business accounts
For example
One of the most important services for me is my Google account so that is locked up separately using Two-Factor Authentication. Nobody can log in without also having your phone. If you happen to wipe your phone and can't use the Authenticator app you're still not completely locked out as you can send a backup code by SMS to your phone number or even use a backup code that you can print out and keep safely somewhere. My Google account has my e-mail that can be used for a password reset and it has my calendar, my google apps domain and whatever else.
A hijacker would have to log in using your generated password which looks something like this:
%Ss0Ay3pVF1^HGfOLF9Jgv18V8rcH@KA0^PvlzB#5ft0q@tj8@a857623A%^SM
This is virtually impossible to determine by brute force given the time that would take is longer than we're alive. Next thing they would need is your phone, so they would need your phone password to be able to access your encrypted phone and pass the 2FA.
Examples of bad passwords
Taken from from the Adobe Breach.
| # | Users | Hash | Password |
|---|---|---|---|
| 1. | 1911938 | EQ7fIpT7i/Q= | 123456 |
| 2. | 446162 | j9p+HwtWWT86aMjgZFLzYg== | 123456789 |
| 3. | 345834 | L8qbAD3jl3jioxG6CatHBw== | password |
| 4. | 211659 | BB4e6X+b2xLioxG6CatHBw== | adobe123 |
| 5. | 201580 | j9p+HwtWWT/ioxG6CatHBw== | 12345678 |
| 6. | 130832 | 5djv7ZCI2ws= | qwerty |
| 7. | 124253 | dQi0asWPYvQ= | 1234567 |
| 8. | 113884 | 7LqYzKVeq8I= | 111111 |
| 9. | 83411 | PMDTbP0LZxu03SwrFUvYGA== | photoshop |
| 10. | 82694 | e6MPXQ5G6a8= | 123123 |
You should check if you have been compromised in the past on https://haveibeenpwned.com/
How easy is it to crack my password?
Keep in mind that the longer your password is the harder it will be to crack. It doesn't matter what order your characters are in but how many characters and the different types of characters it has. Throwing some numbers and special characters in the mix increases the complexity exponentially. A phrase with only letters is usually good enough as long as you don't use it for other websites.
In general:
- numbers only up to 10 characters take 25 seconds to crack.
- words only up to 10 characters take 9 hours to crack.
- words and numbers up to 10 characters take 10 days to crack.
- words, numbers and special characters up to 10 characters take 22 years to crack.
- a phrase with 4 words takes 4 trillion years to crack.
- the random generated password above takes 43 trestrigintillion years (10102) to crack.
Complete Your Digital Security
Password security is just one layer of digital protection. Combine these practices with other security measures:
- Use a VPN: Protect your internet traffic with our Best VPN 2025 guide
- Secure browsing: Install privacy browser extensions like uBlock Origin and HTTPS Everywhere
- Stay informed: Check if your accounts have been breached at HaveIBeenPwned.com
- Regular audits: Review and update your passwords quarterly
For comprehensive internet security, read our guide on how to secure your internet access.
References:
- "...no one can hack my mind": Comparing Expert and Non-Expert Security Practices, July 2015 - USENIX
- Check your breach status: Have I Been Pwned
This article is part of our digital security series. Next: Secure Internet Access and Best VPN 2025.
WRITTEN BY:
Ilias is a former CTO turned SEO strategist who specializes in building scalable content systems that rank, convert, and compound. He's founded multiple ventures including LinkDR (AI-powered backlinks), MagicSpace SEO (CRO-focused agency), AISEOTracker (SEO monitoring), and GenPPT (AI presentations).
He's led SEO and content projects for 50+ brands, producing growth systems that drive 300%+ organic traffic increases through systematic conversion psychology and technical optimization.
Read more about IliasGet weekly insights on tech
Complete guide to securing your internet access with VPNs, browser extensions, and privacy tools. Protect yourself from packet sniffing and surveillance.
Discover the fastest, most secure VPNs in 2025. NordVPN, Surfshark, ExpressVPN compared for speed, privacy, streaming. Get protected in minutes.
Discover 15 high-potential Chrome extension ideas based on market analysis of 30,000+ extensions, complete with market gaps and user demand insights.