Passwords & Security

Companies get hacked constantly. When that happens, hackers try those same email/password combinations on other sites. It’s called “credential stuffing.”

If you use the same password everywhere — one hack gives criminals access to everything.

The solution: Use a different password for every account.

How to manage this: Use a password manager.

• Generates strong random passwords
• Remembers them all
• Auto-fills when you log in
• You only remember ONE master password

It sounds risky, but password managers use serious encryption. Your passwords are way safer there than reused across the internet.

See: Password managers

2FA adds a second lock to your accounts. Password + something you have (usually your phone).

Types:

• SMS codes — Better than nothing, but can be intercepted
• Authenticator apps — Much better, codes change every 30 seconds
• Hardware keys — Most secure, physical device required

Why bother?

2FA stops most account takeovers, even if someone has your password. Most hacks hit accounts WITHOUT 2FA.

Enable it first on:

• Email (controls all password resets)
• Banking
• Social media

See: 2FA recommendations

This is the ONE password you can’t forget. Most password managers have no “forgot password” option — that’s a security feature.

Prevent disaster:

• Write it down and store somewhere safe (not a sticky note)
• Use a memorable passphrase: “correct-horse-battery-staple”
• Set up recovery keys when you create your account
• Designate an emergency contact if your manager supports it

Already forgotten?

Check if you’re still logged in anywhere — export passwords before getting locked out. Look for recovery keys you might have saved.

Worst case:

Start fresh and reset all account passwords manually. Painful, but that’s why these systems are secure.

Yes, much safer than the alternative (reusing passwords or writing them down).

How they protect you:

• Strong encryption (even the company can’t see your passwords)
• One breach doesn’t expose everything (unlike reused passwords)
• Generates passwords humans can’t guess
• Alerts you to breached passwords

Concerns addressed:

“All eggs in one basket?” Yes, but it’s a very secure basket. The alternative is dozens of weak, reused passwords.

“What if they get hacked?” Good password managers encrypt everything locally. Even if their servers are breached, hackers get encrypted gibberish.

“Can the company see my passwords?” With zero-knowledge encryption, no. Only you have the key.

See: Password manager recommendations

Length matters most. A long passphrase beats a short complex one.

Good:

• “purple-elephant-dances-tuesday” (long, random words)
• 20+ random characters from a password manager

Bad:

• “P@ssw0rd!” (common substitutions, easily cracked)
• Your birthday, pet name, or anything guessable
• Dictionary words alone

The math:

A 12-character random password takes millions of years to crack by brute force. An 8-character password? Hours.

Best approach:

Let your password manager generate them. You don’t need to remember “xK#9mP2$vL@n” — that’s the manager’s job.

For the few passwords you DO memorize (master password, phone PIN), use long passphrases with random words.