# All About Passwords

How to create and manage your logins while maximizing security and ease.

Nobody enjoys typing passwords to log in. Nobody!

Every website has slightly different requirements. Your standard RoverIsAGoodBoy didn't work on this site? Oh, must've needed a number—try RoverIsAGoodBoy1. No? Maybe a symbol. RoverIsAGoodBoy!. Or both? RoverIsAGoodBoy1!. Wait, when did you create this account? Maybe it was your previous standard password: password1234.

If the above looks familiar to you: 1) I empathize and 2) I am here to rescue you from this hell!

## Use a Password Manager

Password managers are programs that remember your logins for you. They keep a list of your usernames and passwords in an encypted database that only you can access. All you need to remember is the password that opens your password manager—after that, it's just a matter of copy-and-paste.

The relief that comes from using a password manager is enormous. You've probably never thought about how much mental space your passwords are taking up. Well, I have. Not counting work logins, I've got three hundred and eighty one usernames and passwords. That is 381 things that would hurt my head every day of my life, if I were foolish enough to try to memorize them all.

Perhaps you ease the burden by using the same password everywhere. But if you're reusing RoverIsAGoodBoy1! on every website, then you're at risk of hackers getting into all of your accounts if there is a data breach at one of your accounts. It's standard practice for hackers to take usernames and passwords from a compromised site, and start plugging them into other sites like email providers and banks. If you use the same password for your email, your bank, and your favorite Harry Potter fanfiction forum, then you can kiss your email and banking logins goodbye when a nefarious hacker inevitably breaks into that woefully insecure guilty pleasure.

"But I have a system!" you say. "On each site I do <<some_permutation_I_can_remember>>." Yeah, OK, that's better—until someone figures out your system. It's probably not as clever as you think it is, and it's still taking up space in your brain that is better allocated to learning linear algebra or another Netflix binge.

## Multi-Factor Authentication

After passwords, the next thing nobody enjoys is checking their phone for a two-factor authentication code. Nobody!

I have some bad news: you're just going to have to deal with this one. It's not fun, but it's very important to protect yourself from hackers.

Getting a text message to confirm your logins is better than no secondary authentication. Using a dedicated app is better still, as it's not vulnerable to a SIM swapping attack.

But if you really don't want to deal with these MFA codes, you can use a device like a YubiKey instead. It's a device that can plug in to USB as a form of authentication. In the way that a code sent to your phone authenticates you because it's assumed only you have your phone, a YubiKey authenticates you because it's assumed only you would possess this USB key. Personally, I'm more afraid of losing this than I am of losing my phone, but it's an option and definitely more secure than texting or apps.

1. We've already established that it's Rover, and that he's a good boy. ↩︎