Set up a secure password manager

It goes without saying that relying on the same old passwords to secure your online accounts is not good practice. A quick trip to https://haveibeenpwned.com should reveal that one or more of them has been exposed in the past 20 years or so.

The solution is simple, yet complicated. It’s simple because you just need to generate long, random passwords comprising letters, numbers and symbols to make them hard to guess or crack through brute force, but complicated because it’s hard to remember them all.

The solution lies in employing the services of a password manager. This helps you to generate those random passwords, then stores them securely in an encrypted file (or vault) that’s locked behind a ‘master password’ – the only password you’ll have to remember going forward. This should be lengthy but memorable (to you), and can be further protected using secondary layers such as 2FA.

Password managers come in all shapes and sizes, but to be truly effective they need to be cross-platform, work in any browser and simplify the act of entering passwords through autofill and paste features. Plenty of proprietary solutions offer these, but few are open source, which raises questions about transparency.

Cross-platform means apps for all major platforms: and , but preferably more). Your vault is kept synced between your devices via the cloud. The cloud might mean storing your vault on one of your cloud services, or relying on the password manager’s own proprietary server. If you’re lucky, you’ll even get the option of setting up your own self-hosted server. Using the cloud throws up security considerations of its own, so the vault needs to be encrypted using keys that aren’t accessible to your password manager.