They are built into Apple, Google, and Samsung phones, web browsers, and are stand-alone apps. Most are free.
Huge lists published online containing millions of hacked usernames and passwords increase the chance that criminals will compromise accounts with reused passwords.
These attacks occur at scale. Criminals can automatically cycle through thousands of compromised logins until an attempt is successful.
Use a password manager. These set and store highly-complex, random passwords inside a secured service that is protected with the only password you need to remember. Set one password and forget the rest.
There are many free and easy options available, but you may find it easiest to use the built-in managers you may already have.
Apple’s iCloud keychain password manager is built into iPhones, iPads, Mac OS, and the Safari web browser. Google’s password manager is built into Android-based phones including Pixel and Samsung lines, tablets, and in the Chrome web browser.
Web browsers Firefox and Edge also contain a built-in password manager, while separate free and paid apps exist that work across all mobile devices and computer operating systems.
Prevailing advice for decades has taught people to use passwords that are hard to remember and often easy for computers to break.
Requirements to set passwords with an upper and lower case letter, a number, and a special character result in people setting predictable passwords like P@ssw0rd1 or Summer2020!, and hackers know it.
Ultimately, security that comes at the expense of convenience inevitably comes at the expense of security.
So make the last password you need to remember for your password manager one that is strong but easy to remember by using a phrase that is unique to you.
Write it as a normal sentence, complete with spaces, and throw a number somewhere to make a highly original combination.
Ensure your password manager is active whenever you wipe or buy a new phone or laptop. The software will capture your usernames and passwords as you log in to apps and sites, often a one-time requirement on mobile devices.
Your password manager can start warning you if your accounts are reusing passwords once the manager has saved a collection of them. You can use the inbuilt features to generate a new strong random password with which to replace it.
Start by changing the passwords that protect your most valuable accounts. Bank accounts, email, social media, and any associated with a business you may operate including website, email, and mailing list administration. These are popular targets with criminals.
Prioritise changing breached passwords. Many password managers alert when your passwords are found in hacked lists giving you the opportunity to change them before they are used by criminals.
You may also choose to visit haveibeenpwned.com, a legitimate security service, which collects and conceals the same hacked usernames and passwords allowing people to check if they are affected.
