Database breaches, phishing scams and emerging artificial intelligence tools have made simple passwords passé as a way of protecting online accounts — but you still have ways to shore up your defenses.
First, you need to be proactive with longer, unique passwords and extra layers of protection. A password manager app can help, and it’s far more secure than keeping your credentials in your Notes app or written down.
Password managers can also store passkeys, a more secure way of logging in that’s intended to replace passwords altogether. Here’s a quick introduction to it all.
Password Managers
Apps and web browsers that encrypt all your passwords behind one master password have been around for decades, but Apple Passwords and Google Password Manager for Android and web browsers are relatively recent — and free. Check your home screen for a Passwords icon, or command your virtual assistant to find it. The app requires your PIN or biometric data (a fingerprint, eye or face scan) to open.
Keep in mind that having all your passwords on a device that can be stolen — and snatched themselves if someone knows your lock-screen PIN code — is a security risk of its own. Turn on Apple’s Stolen Device Protection feature in the iOS settings, or Google’s Identity Check and other theft protection tools in the Android settings, for added protections.
Both the Apple and Google apps are intuitive and can automatically generate long, unique passwords when you are creating or updating an account. The apps save passwords (and passkeys) in one place and automatically supply your credentials when you log into a site. The apps warn you if any of your passwords are weak or have been compromised in security breaches. User guides are on the Apple and Google sites.
Google Password Manager works in much the same way for Google Accounts on different devices. For those not using Android, the password manager in Google’s cross-platform Chrome browser works similarly.
Samsung Galaxy owners also have Samsung Pass, which uses biometric information to log into accounts. It works on Samsung products and does not include a password generator, but integrates with the Samsung Wallet app.
But if you want a password manager with its own password, document storage and more flexibility across devices, subscription solutions are available. Wirecutter, a product-review site owned by The New York Times, recommends the 1Password ($48 annually) and Bitwarden ($20 annually) apps.
As passwords have shown their vulnerability, many websites have added two-factor authentication to the sign-in process. These are the short numeric codes typically sent as a text message to your phone.
If a site supports passkeys, it may prompt you set one up the next time you log in. You can also check your account’s password and security settings for a passkey option. The steps for setting up the passkey can vary depending on your software and hardware, but onscreen instructions will guide you.
To prevent hackers from exploiting account-recovery tools, Google advises keeping two-step verification enabled. Microsoft recommends removing old password-reset methods from your account settings.
Many password managers also store passkeys now. Some even let you know when you can upgrade from a password to a passkey for an account — which is a nice thing if you’re weary of worrying about passwords.