Reusing same passwords on many websites and applications is the number one security bad practice. Even large and strong platforms are being hacked and their users’ credentials are getting sold over black markets. There have been cases when the stolen data was available publicly too. Imagine if your credentials were in one of such databases - every account you used the same password for, is essentially hacked too.

It is important that you use a different password for each website or application you create an account for. Consider this the number one security best practice.

password

Source

The second best practice is creating passwords that are strong and hard to guess, especially for computers but for humans too. Let’s compare these two passwords:

  1. Tr0ub4dor&3
  2. correcthorsebatterystaple

The first password is very hard for a human being to remember but it can be easily bruteforced using modern hardware, therefore it is easy to guess for a computer.

Now the second password is very easy to remember as a human being but it is amazingly hard for a computer to bruteforce it. It will take hundreds of years to crack it.

As we have learned the two basic rules now a third problem arises - we have so many accounts nowadays! How can a normal human being remember so many different passwords? One cannot, obviously. [Password managers](/privacy/beginner/password-manager/ come to save us. These programs manage passwords for us so that we don’t even have to remember them. Amazing, right?

Using password managers means you can also generate long, complex passwords and do not worry that either human being or a computer can crack or remember it. You can even generate random data for security questions and save them in the software vault itself. It comes at a cost though - now you have a single point of failure so you have to choose a strong password and protect your password manager vault very carefully.

Now you are armed with the basic knowledge needed to upgrade and strengthen your passwords.