Use a password manager to generate and store unique passwords for every account - eliminates password reuse risks
Enable two-factor authentication (2FA) on all important accounts, especially email, banking, and social media
Create passwords with at least 12 characters using a mix of letters, numbers, and special characters
Never reuse passwords across multiple sites - one breach can compromise all your accounts
Check if your accounts have been compromised using Have I Been Pwned and update passwords immediately
After I was compromised along with 150 million other users in the Adobe Breach, I decided to completely overhaul my password security. Adobe was using weak encryption without salts, so by analyzing password patterns and hints, my password became visible to attackers worldwide. I was using a very insecure password at the time. While I wasn't hijacked, many others weren't so fortunate.
I'm using a password manager across all my devices—macOS, Linux, Android, and Windows. Password managers are essential for maintaining unique, strong passwords for every account without the mental burden of remembering them all.
Updated 2025 Password Manager Recommendations:
1Password: Best overall with excellent security and family sharing
Bitwarden: Open-source and free, great for individuals and teams
Dashlane: User-friendly with built-in VPN features
KeePass: Free, offline password manager for privacy-focused users
Note: While I originally recommended LastPass, they've had several security breaches since 2015. I now recommend the alternatives above for better security.
After choosing a password manager, I spent several days changing all passwords I'd ever used, using the security audit features most managers provide. This helped identify duplicate passwords, weak passwords, and accounts potentially compromised in data breaches like Adobe, Sony, or LinkedIn.
For even more security, combine your password manager with secure internet access using a VPN to protect your login attempts from interception.
Modern password managers work seamlessly across all your devices. They run as browser extensions and mobile apps, automatically auto-filling your login credentials when you visit websites. Simply enter your master password once, and you have access to your entire password vault.
How password managers work:
Auto-fill login forms in browsers and mobile apps
Generate strong, unique passwords for every account
Sync across all your devices securely
Share passwords safely with family or team members
Audit existing passwords and identify security issues
You can also copy passwords for desktop applications, terminal sessions, or other non-browser services. Most modern password managers can even change passwords automatically for supported sites.
Password managers eliminate the need to remember dozens of complex passwords or write them down insecurely. You only need to remember one strong master password to access your entire vault—which should be long, unique, and memorable to you alone.
Enable Two-Factor Authentication (2FA)
Beyond using a password manager, enable Two-Factor Authentication on all important accounts. 2FA requires both your password and a second factor (usually your phone) to log in. Even if someone steals your password, they can't access your account without your physical device.
Best 2FA methods:
Authenticator apps: Google Authenticator, Authy, or 1Password's built-in 2FA
Hardware keys: YubiKey or similar FIDO2-compatible devices
SMS codes: Better than nothing, but less secure than apps
Backup codes: Always save these in case you lose your phone
Critical accounts to protect with 2FA:
Email accounts (Gmail, Outlook, etc.)
Banking and financial services
Social media accounts
Password manager account
Work and business accounts
For example
One of the most important services for me is my Google account so that is locked up separately using Two-Factor Authentication. Nobody can log in without also having your phone. If you happen to wipe your phone and can't use the Authenticator app you're still not completely locked out as you can send a backup code by SMS to your phone number or even use a backup code that you can print out and keep safely somewhere. My Google account has my e-mail that can be used for a password reset and it has my calendar, my google apps domain and whatever else.
A hijacker would have to log in using your generated password which looks something like this:
This is virtually impossible to determine by brute force given the time that would take is longer than we're alive. Next thing they would need is your phone, so they would need your phone password to be able to access your encrypted phone and pass the 2FA.
Keep in mind that the longer your password is the harder it will be to crack. It doesn't matter what order your characters are in but how many characters and the different types of characters it has. Throwing some numbers and special characters in the mix increases the complexity exponentially. A phrase with only letters is usually good enough as long as you don't use it for other websites.
In general:
numbers only up to 10 characters take 25 seconds to crack.
words only up to 10 characters take 9 hours to crack.
words and numbers up to 10 characters take 10 days to crack.
words, numbers and special characters up to 10 characters take 22 years to crack.
a phrase with 4 words takes 4 trillion years to crack.
the random generated password above takes 43 trestrigintillion years (10102) to crack.
Complete Your Digital Security
Password security is just one layer of digital protection. Combine these practices with other security measures:
