Password Management

Using the proper procedures will help ensure that your passwords are not compromised, or if one password is compromised no one can use that password to access other secure accounts.
  1. 1

    Create one master password

    The best passwords are hard to guess so they can't be something that hackers have learned that most people use as a password. These are the elements of easily guessed passwords that you want to avoid using:
    • Your birthdate, or family members' birthdates
    • Names of children, relatives, or pets
    • Any personal information you share anywhere online
    • Any of these commonly used passwords

    Traditional Advice About Passwords

    You've probably heard that you need to create "strong passwords" like these:
    • 9P4dwT3c!Ha
    • RMaP,VmT(j5!
    • -4XN9,9;A)4&~np
    If you want to create these kinds of passwords you can google "password generator" and you'll find a site like this one. But...

    Let's be real

    No one wants to use these kinds of passwords. Because first of all they look weird. And (more importantly) they're hard to remember and hard to type. It might be okay to use those kinds of passwords if you have a tool for creating them, remembering them, and filling them in automatically (which is discussed in this procedure: Use of a password manager ), but for now let's just recognize the truth...

    No one wants to use passwords like those (listed above) even if one believes that they should use them. So for your master password let's not use passwords like those. Next, we'll talk about a better option for your master password.
  2. 2

    Use a passphrase (why and how)

    For your master password, you can use a "passphrase." Which is a fabulous option for a password because it's
    1. Easy to remember
    2. Easy to type, but
    3. Hard for hackers to guess (even by using a "brute force" method)
    A passphrase is just a combination of words that are not obviously related. If the words are obviously related they'll be easy to guess.

    So, for example, these are bad passphrases:
    • Jack and Jill
    • Green Eggs and Ham
    • Love and Marriage
    On the other hand, these are good passphrases
    • Dog Socrates Jello
    • Santa Morpheus Omelet
    • Capital Shark Umbrella
    If you come up with a weird combination of words (that are related in your mind) it will be easy to remember. If you use shorter words it will be easy for you to type. The presence of spaces is permissible in passwords and helps you remember how to separate the words.
    If you need or want to use a number you can do that by just adding it to the end as in:
    • Dog Socrates Jello 27
    • Santa Morpheus Omelet 35
    • Capital Shark Umbrella 49
    Or add it to the beginning or the middle—whatever is easiest for you to remember.
  3. 3

    Where to use the passphrase

    You should not use your one passphrase for all of your password-protected accounts. Because if you do then when your passphrase is compromised in one account you'll have to change it for all of your accounts.

    That would be a huge pain. And so you'd be disinclined to change all the passwords in all of your important accounts, which would leave you vulnerable to attack. So you should use your master passphrase only in one or two important accounts.

    The most important account for most people who are sensible about password security is their password manager. Popular password managers are:If you use a password manager and want to help us better understand which ones are most popular, please take this one-question survey. Right after you answer you'll be able to see what several hundred other lawyers say about their use of password managers.