Every time when you sign up to a new service online, you would have to create a password. As a security measure, every site will ask you to create a strong password which is hard to guess, mix of alphanumeric, special characters, at least one uppercase letter and with least character limitation. On top of that the password should be unique.

There are many security reasons behind each of these requirements. The more complex your password is, more harder for a hacker to crack it. You can create one or two such passwords, but how would you remember 10+ such passwords without writing down anywhere? Because writing down is not a good practice anyway. So what’s the best way to create passwords every time with all the requirements and store them securely for easy access every time? What’s the best way to protect your credentials from theft?

Enable MFA/2FA

Multi/Two factor authentication is an additional layer to protect your online accounts. If your password is compromised, the attacker will still need the second authentication value to enter into the account. You can use your mobile and receive one time password or install authentication apps like Google Authenticator in your iOS or Android phones or use FIDO, U2F hardware tokens in supported sites. . The best practice is to enable MFA/2FA is all your online accounts wherever available.

Check HaveIbeenPwned

HaveIBeenPwned (HIBP) is a free service created and maintained by @troyhunt. It contains credentials leaked in data breaches. You can enter your email address and check if your account was part of any security breaches. Also, you can check your passwords to see if it was exposed in any data breaches. Subscribe to HIBP and get notified if your account was exposed in new data breach.

Use Password Managers

Password managers helps you to create unique complex passwords every time and securely store them. All you need to remember is the master password for the password manager. With browser plugins for some password managers, credentials will be automatically filled when you visit a site. Don’t forget to enable MFA/2FA in your password manager. There are so many password managers in the market. Let’s take a look at some of them.

LastPass

Lastpass uses AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes. It claims that 13,000,000 people use LastPass, including 43,000 businesses. It has free version with unlimited passwords storage and the premium version is priced at $3 / month with more advanced features . It has some built in audit tools called ‘Security Challenge’ to check your existing passwords quality, duplicates, compromised passwords and gives a final score.

1Password

1Password uses AES-256 bit encryption and PBKDF2-HMAC-SHA256 for key derivation which makes it harder for someone to repeatedly guess your Master Password. 1Password does not have a free plan. Pricing starts from $2.99/month. 1Password has partnered with HIBP, so if your account was part of any new breaches you will get notified as part of it’s feature called Watchtower.

Dashlane

Dashlane is another competitive player in this space. It uses symmetric AES 256-bit key for ciphering and deciphering the user’s personal data on the user’s device. It has a free plan to store 50 accounts and premium plan priced at $3.33 / month. Password health in Dashlane monitors your passwords and scores it. It has breached passwords monitoring as well.

There are more on the list, see below for a quick summary from Wikipedia

What’s your preferred password manager? Share them in comments below.