In the digital world, a password is like a key to your house. It is a little item that can give you a sense of security and prevent an intruder out. A password is not perfect and might never be since it can be lost, stolen, or someone can brute force and break into your account. Sometimes a password can be even worse than a key since you are rarely using the same key for your house or a car while we all know you are using the same password for all the online accounts you have.

These are the most common issues with the password that you should be concerned.

1. Weak password — there is no excuse if you got hacked using a password like “123456”, “654321”, or the obvious ones like “password” or creative version of it “passw0rd”. These are a list of common passwords:

From: https://en.wikipedia.org/wiki/List_of_the_most_common_passwords

2. One password for every online account — Like a key, you should have separate keys for the car, house, room, office, and even your safety box. There should not be any excuse for not using a different password for each website you have the account. Otherwise, if one website is compromised, your password can be out there, and the intruder can use it everywhere.

3. Some website are not that trustworthy to follow a good practice — in a perfect world, a password when store in the database should not be a plaintext such as if your password is “R0ckeT1234#” the good developer should never store “R0ckeT1234#” directly to the database but instead to use a hashing algorithm to hash it as a bare minimum; so after hashing a plaintext “R0ckeT1234#” will become something that no-one understand such as “187D4566DCD44033A3B693EEC2DB4F4D3E113E7B000B0A58E5E88ED30E33063C”.

Commonly, a hashing is fast to do one-way encoding and really hard or take a long time to reverse it back to original plaintext. So next time when you are logged in any website, they hash your plaintext password and compare a hash value with one in the database and decide to grant or not grant you access.

When the website got hacked, the intruder cannot know the plaintext version of the password easily and need time to brute force it until able to know a plaintext value. However, again hashing cannot prevent against a weak password like “123456” since a hashing algorithm is universal and everyone can access it, an experienced programmer can glance and know instantly that which algorithm is used to create the value so they can use a standard password to hash and compare with a value in a database. Thus, they can know a real value.

With several reasons above, we all should have to use a Password Manager, and you can think of it as a keychain but better. It works like this:

1. You download a Password Manager of your choice and install, for me my choice is 1Password, and I have been using it for several years, and I loved it. Although, it can be pricey, so you have a lot more choices such as Dashlane, LogmeOnce, etc. So do your research and pick the one that suits you the most.

2. It will ask you to create a “Master Password” so this is a password that should be somewhat strong, and you can remember it easily as well as you should never tell others. You most likely not to recover this easily if you forget it (although most of the password manager provide you with an emergency kit on how to recover it while requiring some effort)

3. Every time you want to access your password you will be required to enter a “Master Password” some of the password managers like 1Password also allow you to use a Touch ID/Face ID function (on Mac and iPhone) for example to make it faster to access your passwords.

You need a master password to access or you can use TouchID to unlock it.

4. Now each website that you have an account with, the password should be generated using a password manager and make it strong since you don’t have to remember it. A password manager will remember it for you and auto-fill a login form for you from the next time.

5. Next time when you are logging in, you can unlock your password manager and select your credential and log in.

1Password also tell you if the website was compromised or when there is 2FA available.

6. You can also setup 2 Factor Authentication using 1Password and jot down some note securely on it.

That’s all for now for essential features about a password manager, we hope you take a password more seriously like your real world keys and don’t give your password to anyone even your closed ones (or change it as soon as possible after the business is done), also keep changing your password every few months or especially, after you use it to log in using a public computer.