Passwords are a pain, let’s be honest – a necessary evil to keep us secure. None of us wants to have to deal with these cumbersome little beasties, but they’re an inescapable part of online life. In the future, things will change – as a new passwordless reality comes to fruition and passkeys evolve. But for now, traditional typed passwords remain prevalent and in need of taming.
There are simple ways to deal with passwords, some of which are terrible. Like having ridiculously simple passwords that are easy to guess. Or ‘remembering’ them by writing them all down in a notepad, where a nosy person might find them and get access to your online accounts, if they’re a nefarious sort.
I don’t do anything like that, of course – perish the very thought – I use mnemonics to help make passwords complex enough, but still memorable, so they don’t have to be jotted down. However, even that’s not an ideal way of dealing with passwords, and so I have some (admittedly dull) new year’s resolutions to vastly improve my relationship with passwords and my overall online security.
Taking the plunge with a password manager
This is the main pillar of my reformed relationship with passwords – yes, getting someone else to do them. Or rather, getting something else to do them in the form of an application.
Password manager software automatically generates passwords for all online accounts without me having to lift a finger. These are incredibly secure passwords, too – lengthy strings of garbage that I wouldn’t have a snowball’s chance in hell of remembering.
Taking the plunge with a password manager is something that’s been on my computing to-do list for quite some time, and one of those things I simply haven’t got around to doing. Mainly because it seems easier to carry on as I’ve been doing for a long, long time now (I owned a PC before the worldwide web even existed). So, 2024 is the year it’s going to happen, and I’ll relinquish my old system for a more convenient and secure way of dealing with passwords.
Which password manager am I going to run with? After weighing up the pros and cons of the various options out there, I narrowed it down to either Dashlane or NordPass – but in the end, the latter won out. Why? NordPass scored with its wide-ranging support across multiple platforms, regular updates – and plentiful features – not to mention that it represents a great value proposition.
It’s also the top-ranked product in our roundup of the best password managers, so comes with the TechRadar Pro seal of approval (and a deal to make it even better value, it should be noted). For those after the top freebie option, by the way, check out the best free password managers.
2FA achievement complete
1. Never, ever, use stupidly simple passwords
‘Password’ is not a good password, much like a riot shield is a bit pointless if it’s made out of tissue paper. Choose a complex password with a decent mix of characters, and a mnemonic to remember it (or better still, use a password manager).
2. Don’t reuse passwords
Never reuse the same password for multiple online accounts. It may seem tempting to do so for easy recall, but if a hacker or other ne’er-do-well gets hold of that password, obviously they could then access more than one of your services.
3. Don’t keep the same password forever
You don’t have to change any given password much, but it’s worth doing so every now and then. Especially if a company you have an account with has a data breach, it’s a good pre-emptive move just to change your password, even before you’ve been told if you’re affected.
Getting a password manager isn’t necessarily bulletproof, of course. What if that company or their systems are somehow breached in some manner? It’s very unlikely that this will happen with a reputable vendor, but it has happened in the past.
At any rate, a robust approach to security doesn’t rely on a single solution, and 2FA (two-factor authentication) is a seriously valuable addition as a second line of defense to back up passwords. This often takes the form of a code texted to your phone, or emailed, after your initial login to an account.
My problem in this department is that I don’t have 2FA enabled on all my online accounts yet. I do have it running on most important services, mind you, but I need to go through my array of various online accounts, check where it’s supported – in theory, on most big sites and services – and implement it, if 2FA isn’t already active.
Much like migrating over to a password manager, this is something I’ve been meaning to do for some time now – and it’s been nagging away at the back of my mind all that time as a task that really needs attending to. In most cases, it'll simply be a case of going into my account > settings > security (or a variation of that process), and turning on two-factor authentication. So, I shall get it done, and tick another niggle off my list of password blues for 2024.
Biometric bonus
While I’m fixing password security issues, my final resolution is to actually use biometrics wherever possible. Until fairly recently, I used a hardware token for logins to my online banking, but have since switched to use the fingerprint sensor on my phone (via the bank’s app). It’s a much more convenient and secure way of logging in, and wherever there’s an option to use a fingerprint login, I’ve resolved to switch to it.
Another point on this subject: while initially I wasn’t convinced about the tech, I now love the Windows Hello login on my Surface Pro tablet – it has got better over time, and works pretty much flawlessly now, even in different lighting conditions.
I’d advise strongly in favor of using facial recognition, fingerprints, or other biometrics wherever you can turn them on, which is usually a case of exploring an app's settings for security options that can enable hardware like fingerprint sensors. None of this is exactly fun, but you'll go into 2024 feeling all the more secure and smug for it.