Skip navigation

Gentle January

Use a Password Manager To Protect Yourself From Breaches

Using unique credentials for each of your accounts helps isolate the impact of hack attacks

Digital illustration of the words “Gentle January” over a field of pixelated flowers; in the right-hand corner there is the number “6” placed on a stack of post-its
Gabriel Hongsdusit

The Gentle January series shares one practical privacy tip a day from a Markup staffer who actually uses the advice in their own life.   

I created my first-ever internet password by physically visiting a room in the basement of a severely ugly building on the University of California, Berkeley campus. In that server room, I created the password for my first email account.

Months later, I created my second password while signing up for an account on HotWired, Wired magazine’s then-new website. This time I could register my password over the internet, so I created a new one, distinct from my Berkeley login. That way, if someone was spying on my online activities and intercepted my password, they couldn’t use it to log into my email account. 

In those relatively early internet years, I felt paranoid—who would ever spy on someone’s internet activity?— and from there, as my logins multiplied, I became less and less careful. My HotWired password would also get you into my New York Times or Slashdot accounts, not to mention Expedia and the now-forgotten content hub Pathfinder.

But I should have stuck with my original instinct: passwords are not very secure on the internet, and you should avoid reusing them. A favorite tactic of hackers is to break into a website, crack the passwords, and then try using those same passwords to log in to the email accounts associated with them. Sometimes they’ll share the logins with other hackers interested in breaking into other sites. Because people tend to reuse their passwords, this technique is frequently successful.

The problem is, you need so many passwords these days (I have 597!) that there is no way to make them all unique and memorize them. That’s where a software tool called a password manager comes in. The idea is you memorize one strong password to unlock the manager, which is like a vault where you can look up all your other accounts, usernames, and the unique passwords assigned to them.

I’ve tried all sorts of password managers over the years but have always stuck with the first one I settled on, 1Password. 1Password stores not only passwords but also two-factor authentication codes, secure notes, and other sensitive information. 1Password has apps providing access to your passwords across all the major mobile and desktop platforms, even Linux, and over the web. It is transparent about its security architecture and has a strong track record of avoiding breaches. And if you have friends, family, or coworkers on 1Password, the company makes it easy to share passwords and other items with them.

But 1Password isn’t for everyone. It costs money and stores your data, in encrypted form, on its servers, which isn’t something everyone is comfortable with. Some people like free password managers like Bitwarden or those that store files locally, like KeePassXC. To find the right one for you, I suggest starting with reviews at a place like Consumer Reports, The New York Times’ Wirecutter, or my old standby, Wired. Which reminds me, I have a password I need to update.

We don't only investigate technology. We instigate change.

Your donations power our award-winning reporting and our tools. Together we can do more. Give now.

Donate Now