Couldn't agree more. And if you use the Apple ecosystem, Safari has a built in password manager that syncs your passwords to all your apple devices.I can't recommend a password manager enough. It doesn't matter if you use Dashlane, Lastpass, or 1Password, but it's so important to have strong, unique passwords. Your Yahoo account has been hacked. That stinks. But if you're using unique passwords, _only_ your Yahoo account (and other accounts that send "password reset" emails to it) have been hacked. If you're using your Yahoo password across multiple sites (and we all are. There are limits to human memory, and most of us have to remember and change several asinine passwords for work, which leads to ridiculous repetition like MyAmazingPassw0rd12), then all of those sites are hacked, too.
Pay for a password manager. It's digital life insurance.
Keepass is free. Using that and a random strong password generator does the trick as well.I can't recommend a password manager enough. It doesn't matter if you use Dashlane, Lastpass, or 1Password, but it's so important to have strong, unique passwords. Your Yahoo account has been hacked. That stinks. But if you're using unique passwords, _only_ your Yahoo account (and other accounts that send "password reset" emails to it) have been hacked. If you're using your Yahoo password across multiple sites (and we all are. There are limits to human memory, and most of us have to remember and change several asinine passwords for work, which leads to ridiculous repetition like MyAmazingPassw0rd12), then all of those sites are hacked, too.
Pay for a password manager. It's digital life insurance.
I hear you. Using the Apple Keychain (the built-in manager for the Apple ecosystem) or the password management/sync tools built into Firefox and Chrome isn't a bad idea. Something's better than nothing. But if you're committed to using a password manager, you're probably better off making sure that, if compromised, the password manager isn't also tied to a critical account (Apple or Google).Couldn't agree more. And if you use the Apple ecosystem, Safari has a built in password manager that syncs your passwords to all your apple devices.
Good call. I don't know anything about Keepass, but it looks legit.Keepass is free. Using that and a random strong password generator does the trick as well.
Fully endorsed. 1Password has given me much peace of mind.This is good advice, but I'd recommend again for a separate password manager. For Apple folks, you'll love 1Password. It's highly polished. The secure browser is great. It's integrated with TouchID, and you can use 1Password to log into several popular apps.
And your phone is not a secure second factor.If you guys are using a password manager that doesn't require two factor... well I guess it beats using the same password everywhere but it's still not really bulletproof.
Well for personal crap that doesn't matter , like ESPN, that doesn't matter I just generate a random. For real stuff the password that I store is slightly different.Amateur question:
what if the password manager gets hacked? Isn't it better to have different passwords for different accounts?
Yeah. Lots of sites are surprisingly dumb, but somewhere like Yahoo isn't going to be storing your password. If you have a complex enough one (which password managers help with) you should be reasonably safe from your password being deciphered even after they're hacked.A password manager allows you to use a different password for each site (since most of us can't keep track of 100 passwords), so if Yahoo gets hacked then they can't use your password to get into other accounts besides Yahoo.
It also allows you to generate passwords with 20+ random characters, so if a site gets hacked it's less likely your password can be cracked (if they are hashing correctly)