VERY important. Hackers depend on people using the same passwords over and over; a password manager helps people to stop. doing that. Another common thing I see are people who think they are being clever by creating passwords like "E!nst3in" where a number or symbol replaces a letter but the whole thing still spells a recognizable word. Bad guys have algorithms that can crack these in just a few seconds.
If you can convert an account to a passkey, do it. However, not everyone has adopted that yet, so for the accounts that still require a password use a MINIMUM of 14 characters (I go with 16) that are a random jumble of upper and lower-case letters, with numbers and special symbols thrown in the mix. Most sites accept $ ! @ and & … some balk at # for some reason. Good websites tell you up front what characters they'll accept in a password. Stupid ones only tell you AFTER you enter a strong password that one of the characters isn't allowed. I hope there is a special place in Tech Hell for web designers who do that ;-)
Also, always — and I mean ALWAYS — enable 2 Factor Authentication when a site or service offers it. The best kind are OTAs: One Time Authentication. These send a code to an "authenticator" app instead of sending a text message. Now, I grant you that until recently Authenticator apps were a pain in the ass; you just want to sign in and now you have to go through yet another set of steps to prove it's you? Many people give up for that reason, which the Bad Guys count on. Let's face it: even super-strong passwords are of no use if there's been a data breach and all the passwords are stolen.
That's why 1Password — and to a lesser extent iCloud Keychain — are so good: they handle OTAs without the need for a separate authenticator app. For example, my Paypal account uses an OTA every time I log in instead of sending a text. As soon as 1Password automatically pastes in my user name and password, the "enter the code" screen appears and within TWO SECONDS 1Password automatically pastes in the verification code … the one that changes every 30 seconds. So you don't have to sweat trying to get the code and hoping you enter it in time. Easy-peasy.
With passkeys, or strong passwords coupled with 2 Factor Authentication (when available) you are as secure as can be. And that's what I got.
There is actually an online market place for stolen personal data? How depressing is that?
Thanks for the heads up Tech Daddy.
Question: We have been using 1Password for many years now per your instruction. How important is it to use those long passwords within 1Password?
VERY important. Hackers depend on people using the same passwords over and over; a password manager helps people to stop. doing that. Another common thing I see are people who think they are being clever by creating passwords like "E!nst3in" where a number or symbol replaces a letter but the whole thing still spells a recognizable word. Bad guys have algorithms that can crack these in just a few seconds.
If you can convert an account to a passkey, do it. However, not everyone has adopted that yet, so for the accounts that still require a password use a MINIMUM of 14 characters (I go with 16) that are a random jumble of upper and lower-case letters, with numbers and special symbols thrown in the mix. Most sites accept $ ! @ and & … some balk at # for some reason. Good websites tell you up front what characters they'll accept in a password. Stupid ones only tell you AFTER you enter a strong password that one of the characters isn't allowed. I hope there is a special place in Tech Hell for web designers who do that ;-)
Also, always — and I mean ALWAYS — enable 2 Factor Authentication when a site or service offers it. The best kind are OTAs: One Time Authentication. These send a code to an "authenticator" app instead of sending a text message. Now, I grant you that until recently Authenticator apps were a pain in the ass; you just want to sign in and now you have to go through yet another set of steps to prove it's you? Many people give up for that reason, which the Bad Guys count on. Let's face it: even super-strong passwords are of no use if there's been a data breach and all the passwords are stolen.
That's why 1Password — and to a lesser extent iCloud Keychain — are so good: they handle OTAs without the need for a separate authenticator app. For example, my Paypal account uses an OTA every time I log in instead of sending a text. As soon as 1Password automatically pastes in my user name and password, the "enter the code" screen appears and within TWO SECONDS 1Password automatically pastes in the verification code … the one that changes every 30 seconds. So you don't have to sweat trying to get the code and hoping you enter it in time. Easy-peasy.
With passkeys, or strong passwords coupled with 2 Factor Authentication (when available) you are as secure as can be. And that's what I got.