Password Smarts: How to Improve Your First Line of Defense

Passwords often get a bad rap, and for good reason. Left to our own devices, most of us will make passwords that are easy for us to use and remember. But we’re notoriously bad at creating good passwords, so inevitably we open ourselves up to security issues. Plus, passwords are dependent on the encryption used to secure them, and the practices online services put into place to protect them. Not to mention that passwords are a hassle to remember, and even more of a hassle to reset when you forget them.

But while we’re stuck with them, passwords do serve an important purpose. They are often the only gatekeeper between the rest of the web and our personal information. That means that for as long as we need to use passwords, it’s in our best interest to treat them with care and make sure they’re working hard to protect us.

Whether you’re new to password security or a seasoned pro, everyone can benefit by following these essential tips for improving your first line of defense online.

Think “unique”

Everyone knows you should have a long password, and that it should be a mix of characters like numbers, symbols, and upper and lowercase letters. But using a unique password is arguably even more important.

Every single online account you have should have its own password. We often think that once we create one good password, we can just use that one password everywhere. After all, that’s much easier to remember.

The danger with that approach is that as soon as one site has a security issue – and let’s be honest, it’s only a matter of time before one does these days – it‘s very easy for hackers to try the same username and password combination on other websites. Countless websites have had to force password resets for their users over the last several months because of massive coordinated attacks using leaked passwords from other breaches.

It’s no longer good enough to have a strong password. Using a unique password everywhere is the only way to reduce your risk of breach.

Go for passphrases, not just passwords

When you do need to create a password, “passphrases” are a simple way to make a strong one. The key with a passphrase is to string together words or phrases to create one long phrase that’s easy for you to remember, but pretty hard for anyone else to guess or crack. Then you can add in a few random symbols and characters to increase the strength further.

Here’s an example: mydogfido’sbirthdayisnovember19

A passphrase is the best of both worlds: It’s easier to remember because it’s a phrase you can repeat and commit to memory, but it’s also very strong by virtue of its length and mix of characters. Using a passphrase is a simpler way to create a super strong password.

Boost passwords with Two-Factor Authentication

Two is always stronger than one. Whenever possible, turn on two-factor authentication with your accounts; many websites now offer this option for added security.

Two-factor authentication simply means adding another login step when you’re signing into an account. It combines something you know (your password) with something you have (your phone) or something you are (your fingerprint), or even somewhere you are (your location). It could be texting a one-time code to your phone, or using an app like LastPass Authenticator that lets you approve a new login.

The benefit with two-factor authentication is that, should your password somehow be compromised – perhaps in a phishing attack – the attacker still won’t be able to get into your account without the two-factor authentication information.

Add a password manager to your toolbox

The reality is, it’s really hard to practice good password habits without something to help you remember, organize, and create passwords. That’s where a password manager is so valuable. A password manager like LastPass helps you centralize your passwords in one secure place, and keeps your passwords synced where you need them.

But to really get the most out of your password manager, you need to use it to create unique passwords for every single online account. The password generator makes it easy to create a new password whenever you need one, and the LastPass Security Challenge helps you identify old, weak, or reused passwords that still need to be changed. Once you get set up with your password manager, it’s critical to take the next step and update every single password to a better one.


For as long as we continue to use them, passwords are an important part of staying secure online. By following these tips, you’ll make sure your passwords are working hard for you and doing everything possible to protect your personal information.


  • tds says:

    An extra. If you feel you must keep an actual passphrase list despite using a password manager. Add false characters to each passphrase on the list. Make your own practice to, say, add a character or two (or 3 or more) at the beginning, end, middle or other set point in the passphrase. You will know what’s real and what’s false, but others won’t unless you make your protocol too easy to detect by eye-ball or computer review. Pain in the butt, but so are the other password/passphrase consequences.

  • Perry says:

    I have used Lastpass for 4 years and have over 283 websites stored each with a different unique password and I don’t know any of them, I only know my master password which is known only to me and impossible to guess and using the kaspersky password manager check a similar password would take 18 trillion years to hack (I think that’s safe enough).

    I have hundreds of secure notes and several card profiles stored in LP too and my online security is a breeze now.

    It takes time to get to the above standard but it’s worth the time, if you do so many websites a day and change the passwords to a unique long password using the password generator you will soon have made your online world much more secure.

    It is now so easy only having to remember one password and if any sites do get hacked I don’t have to worry about my others I just change the affected one.

    Would recommend LP to anyone regardless of how many sites you have.

    PS I don’t work for LP or in anyway have any connections with them I’m just a user who is more relaxed and secure thanks to this great product.

    Give it a go you will be glad you did.