Fork me on GitHub

Why So Many Passwords?

Every site (or every account) you use should have a different, distinct password. Every single one. Never re-use passwords.

That way: if one site gets hacked (and your password leaked on the darker parts of the web), only that account is leaked. The potential damage is reduced. The bad guys will not be able to use your account name (probably your email address) and try the same password on other things: LinkedIn, Facebook, GMail, whatever.

And trust me: They will and have done so. It is a common way for hackers to take over accounts, as lots of peopple re-use passwords and "hacking" such accounts does not require much technical knowledge.

And web sites leak details with alarming regularity - partly due to bad security (business pressures here do not help), sloppiness or bad employees. The law of large numbers almost ensures that you have had at least one password exposed. Hopefully it was just an old one, and only for one account.

You should also change them regularly: This will help when web sites leak passwords - e.g. if the leak is from their 3-month-old-backups, then this is (hopefully) your OLD password, which is useless to the bad guys. Also: it may take some time before the "wrong" people get their hands on the leaked data.

This gives you a lot of passwords to keep track of. Most likely: more than you can remember. So keeping track of them in your head can become a real struggle.

For this, I would recommend a password manager - e.g. KeePass (others are available too). Then you only have to remember the one master password to unlock the password manager.

Or if you really ONLY have a need for web site password management (most people have other passwords), it is worth using the password feature in your browser - as long as you set a master password. Which you should always remember.

Make your master password nice and long. Don’t think of it as a WORD : Use a phrase or a sentence. The longer the better. You probably only have to type it once a day anyway.

And make sure you back up your (encrypted) master password file: Losing that would be bad.