
(This is part one of a three-part series. Read parts two and three)
If you do not have a password manager - now is a good time to set one up. This gives you a secure way to store all of your accounts, and easily take it with you.
Choose BitWarden or 1password. I like BitWarden. These are open source from more trusted companies, and receive security audits + vetting.
To create a password - choose four or five random words and just put them together. There are online lists of words you can use to select or choose by rolling dice. This helps to keep your password strong.
It is totally okay to write your password down! Especially as you are starting out. Keep that note somewhere safe.
To set up 2 Factor Authentication (2FA) on your password manager - install Aegis Authenticator on your phone. This gives you a way to see the codes without needing data or an internet connection.
You should also print off your backup codes and keep them somewhere safe.
For $20 you can buy a physical Yubikey hardware key and also set that up as 2FA for your password manager. This way - even if you lose your phone (lost, damaged, etc.) you can still get back into your account. Hardware keys are small and easy to travel with. You can put one in an old medicine pill bottle! See my short article here.
Once you have this set up - you only need to remember one password, rather than having to remember all of them. It should give you an easy way to move around and keep control of your digital life. You can replace old passwords for some accounts with longer, stronger ones if you want to.
If you needed to suddenly leave due to a natural disaster or other emergency - it is fast and easy to grab your phone and key, or even just your key. Keep it in your emergency Go Bag or container. Or keep it on a lanyard for easy grabbing.
Special Note: Do *NOT* use LastPass
The company LastPass was one of the earliest password managers on the scene. However, they have terrible security. They have been hacked twice - that we know of - and have had their entire customer list stolen and compromised. They do not know how to do actual security - do not use them.
Multiple Hardware Keys
Bonus: If you have the money - buy a couple of Yubikey hardware keys and store them at different physical locations. Do you have a locker somewhere? A family member or friend you can trust? Perhaps offer to hold their key if they hold onto yours. Then you have extra resilience in case something happens.
Good luck!
Resources
Word lists -
“Writing down your password is okay” -
Strong passwords - longer is better. Choosing several words is easier for humans to remember, and harder for computers to crack.
Digital Recovery Kit. Get your digital life back after a broken phone, house fire, or other bad event.
EFF Digital Security guide (detailed)