How Good Password Hygiene Keeps You Safe

A big part of online security is something called password hygiene. Let’s go over what it is, how to maintain it, and exactly how it will keep you safe online.

What is Password Hygiene?

Password hygiene is a set of rules that make sure you are using passwords the right way. This includes using strong passwords that can’t easily be cracked, but also involves picking the right storage medium, enabling two-factor authentication, as well as a few other tactics.

Below we go over six tips that are easy to follow and almost guarantee that your accounts will be safe from any attack that targets your passwords—as well as a few others.

Use a Password Manager

The first thing you need to do to practice password hygiene is to use a password manager, a program that can generate secure passwords, store them, and autofill them as you browse. Most of the other tips on this list—and definitely the most important ones—depend on you using a password manager.

Besides security, we also like password managers as a way to upgrade your quality of life. Instead of having to enter passwords for each and every site, the best password managers will autofill your credentials as you browse. There’s no way to overstate this convenience, and it will change the way you interact with sites forever.

Long, Random Passwords

However, convenience isn’t all a password manager can do. They also help you with password hygiene by helping you create long, random passwords. All your passwords need to be at least 16 characters long, and contain lowercase and uppercase letters, numbers, and special characters. They also need to be random.

This has to do with password entropy, the measure of how difficult a password is. This is important because most attacks on passwords are so-called dictionary attacks, which go through every word in the dictionary and common variations in an attempt to crack your account. The more difficult a password is, the longer it will take to crack. A 16-digit random password can take millions of years to break, making you safe from these attacks.

However, as a regular human being, creating and remembering random passwords is pretty much impossible, which is where password managers come in. Without them, you’re creating weak passwords—unless you’re a math genius.

Never Reuse Passwords

The other important reason to use a password manager is because it will keep you from a very bad habit that is a real risk to your online accounts, namely reusing passwords. The reason you shouldn’t do this is simple: if one of your accounts is compromised, others are, too.

If a dictionary attack cracks one password, or your credentials are exposed in a data breach, attackers will try to access other accounts with those passwords. It’s an effective tactic, as many people still reuse passwords since they’re relying on their own memory to store them.

Password managers save the day here again, as they remove the need to remember passwords yourself and thus any reason to reuse them. In fact, many password managers will even warn you if you duplicate passwords, meaning you can remove this threat easily.

Use Passkeys

We’ve talked a lot about the weakness of passwords, so let’s take a look at a few ways we can bolster them a bit. One way is to remove them completely and use passkeys instead. This new technology lets you create a cryptographic token that gives you access to your account on a specific site. You store the token in your password manager, and whenever you want to access your account, you’re signed in without needing to enter your password.

Passkeys are a really neat bit of tech and we recommend you use them whenever you can as they’re secure and convenient. However, as a new technology, not all password managers or sites support them, so don’t expect to use them everywhere quite yet.

Switching on 2FA

Another issue with passwords is that if you have one, you can use it. This means that somebody else could impersonate you if they had your password, like if they obtained it in a breach. With two-factor authentication (2FA), you can mitigate that risk. 2FA means that to access an account you need to present two “factors” or methods to authenticate yourself and gain access.

For example, your password is one method of authentication, while you could also present a code sent to you via text message, or one created by an app on your phone—most phones have one built-in.

By forcing you to use two methods of authentication, you’re confirming twice over that you are who you say you are. Even if your password is leaked, your accounts will be safe. We recommend that you switch on 2FA on all your accounts.

Don’t Forget About Usernames

Finally, an important part of password hygiene is to use better usernames. Most sites will only let you use your email address as your username. This makes sense, but also creates a data point that can be linked to you across accounts, which isn’t great for privacy. As such, any time you can create a unique username, we recommend you do so.

Like with passwords, you want to make sure that your username is unique and can’t be tracked across sites. If possible, try to randomize it (though maybe not if you’ll use it as a forum name). Though usernames aren’t the most effective attack vector for cybercriminals, following this tip whenever you can will minimize your risks.

Password Hygiene Is Easy

These six tips are how you can set up and maintain password hygiene. Though they would be near impossible to handle without the aid of software, password managers have made it easy to keep your accounts and their passwords safe with just a few clicks. There are numerous good password manager options out there, but there are important factors to consider when picking a password manager.