How to manage passwords securely and easily (2023)

There’s a lot of conflicting advice about how to manage passwords: 

• Do you need a password or a passphrase? 

• Are complex or long passwords better? 

• Do you really need to change your passwords every three months? 

• Is two-factor authentication always better? 

Here’s concise advice on exactly how to manage your passwords safely and securely.

TeamPassword is the easiest way to manage passwords. Don’t believe us? Sign up for a 14-day free trial today and try for yourself.

7 steps to safely manage passwords

Password management isn’t difficult conceptually. It’s really a series of intuitive steps that help keep all of your accounts safe. However, some of the individual steps are tedious, and doing better at one sometimes leads to doing worse at another. For example, stronger passwords are harder to remember, leading some people to write them down on sticky notes or using other unsafe password storage systems. 

Here are seven steps to better password management:

1. Stop reusing passwords

2. Check if you’ve been pwned

3. Change your passwords regularly

4. Make your passwords hard to crack

   1. Consider passphrases

   2. Employ a password generator

5. Turn on multi-factor authentication

6. Store and share your passwords securely

7. Use a password manager

Note that, while the first six steps are critical to securely managing your passwords, they can all be accomplished automatically once you follow through on Step 7.

1. Stop reusing passwords

There’s no bigger cybersecurity mistake than reusing passwords. Unfortunately, despite warnings for more than two decades, people still reuse passwords. 

It’s totally understandable, too. 

The average person has 200 accounts. The average password is 12+ characters long and usually gibberish. Trying to remember even one of those passwords is difficult, but 200 is impossible.

Still, there is no single better cybersecurity tip you can walk away with from this discussion on how to manage passwords than to stop reusing passwords. Step 2 explains why this is the case.

2. Check if you’ve been pwned

Have you been pwned? Pwned is the industry term for your password being leaked online, and there’s a friendly tool that matches your email address to all of the leaked password lists found on the dark web. 

These passwords need to be changed immediately! If you reuse the same password on other accounts (like your bank website or email), then those accounts have been compromised as well. That’s why you never reuse passwords.

The last thing you want is for your leaked Neopets password to give hackers access to your bank account.

3. Change your passwords regularly

At this point, you’ve basically gone from your company’s cybersecurity weak point to at least neutral. Steps 3 and 4 are really about bringing our password management up to best practices. 

First, you should be updating your passwords regularly. That’s because even the most secure websites do get hacked. Sometimes those password lists don’t get released for months because it takes hackers that long to decrypt the password information and export it to a plaintext file. 

By updating your passwords every three months, there’s a good chance that by the time your hacked account is uploaded to the dark web you’ve already changed your password and can safely ignore the security breach. 

4. Make your passwords hard to crack

Passwords are usually cracked by two methods, brute force or dictionary attacks. Brute force attacks start at 11111111, then 11111112, and so on until the password is discovered. Basically, it tries every possible password in sequential order.

Dictionary attacks use a list of commonly used passwords such as “password” or “qwerty”, as well as the derivatives such as “passw0rd” or “QwErTy”. They can also include customized lists that come from social engineering, for example your pet’s name, the street you grew up on, or your birthday. 

Most cyberattacks start with the standard dictionary attack, move on to social engineering lists, and finish with a brute force attack. 

The single best way to prevent these attacks is to use a random, strong password that is at least 12 characters long, but the longer, the better. Here are two ways that can help you make your passwords hard to crack.

1. Consider passphrases

Passphrases are passwords that come from putting three or four medium to long words together and then mixing in capitalization and special characters, for example “D0g-Baseball-Co1n-Sh3lf!”. Passphrases help manage passwords by making long, secure passwords easier to remember. 

2. Employ a password generator

If you can’t come up with 200+ random passwords on your own, then use a password generator. This helps guarantee you won’t fall into lazy patterns of reusing passwords or making them easy to remember. 

5. Turn on multi-factor authentication

Multi-factor authentication (MFA) forces individuals to prove their identity in more than one way, first with a password and then some sort of secondary confirmation. The most common MFA systems are SMS message, email, authentication app, and phone call. 

Of these methods, authentication apps are the most secure as a separate system only used for authentication. Since phone numbers and email addresses can be compromised, they are not recommended when the option to use an authentication app is available.

However, even though SMS and email are not preferred MFA systems, they are still better than no second authentication requirement! 

6. Store and share your passwords securely

Store your passwords somewhere safe. The best place to store written backups is in a safe (and definitely not on a sticky note on your computer monitor). The best way to manage passwords online is using a password manager (and definitely not an unsecure Google Sheets list). 

When it comes to sharing passwords, remember that emails can be compromised, as can text messages, Facebook chats, etc. If your password manager doesn’t have a password sharing function and you really need to share accounts, consider making a phone call and then change the password when your friend/colleague/family member is done using your account.

7. Use a password manager

The first six steps are how to manage passwords securely. If you want to know how to manage passwords securely and easily, then here it is: use a password manager. Password managers have built in password generators to help you pick strong, random passwords. They store those passwords for you. Password managers also make it easier to change passwords when needed. 

If you plan to share accounts, then you need a password manager designed for teams. That way accounts can be shared securely, so one team member doesn’t unintentionally leak your account credentials by sharing them via email or leaving them on a sticky note on their laptop.

How to manage passwords FAQ

Here are some frequently asked questions about how to manage passwords online.

Why do you need a strong password?

Your accounts are only as secure as the passwords chosen. They need to be long and complex to protect your data.

How do you create a strong password?

The easiest way to create strong, random passwords is to use a free password generator.

How often should you change your passwords?

Recommendations vary, but changing your passwords every three months is generally considered acceptable. 

Should you use passwords or passphrases?

Passphrases make it easy to remember longer, and therefore more secure, passwords. If you need to remember your password, passphrases are probably easier. 

Do you need a password manager?

Password managers are the most secure way to store passwords. They also make it easier to use a new strong, random password for every account by remembering all of them for you.

Should you use your browser password manager or a separate one? 

Browser password managers have two main deficiencies. First, they make it hard to use the same password list across all of your devices. Second, they don’t have password sharing features. 

For many individual users, these features aren’t necessary. However, for companies where multiple employees share key accounts, separate password managers like TeamPassword bring time-saving features and improved cybersecurity.

TeamPassword is the best way to manage your passwords

Managing passwords is usually a six-step process. You use unique passwords for every account, make sure you haven’t been pwned, update the passwords regularly, make sure those passwords are hard to crack, turn on multi-factor authentication, and store and share passwords securely. 

That’s a lot of work. It also goes against human nature. Difficult to crack passwords are hard to remember, so you need to write them all down—but writing them down violates another step. 

Here’s the one-step method to better manage your passwords: use a password manager. TeamPassword generates strong, unique passwords for each account, stores them securely, updates the passwords when necessary, and makes it possible to share them with teammates securely.

TeamPassword is designed to help teams manage passwords. Don’t believe us? Sign up for a 14-day free trial today and try for yourself.