All is not lost however, luckily you do not have to memorize hundreds of high entropy passwords or carry them around in a locked diary. Password managers provide the ability to generate and store secure passwords across devices, all controlled by a single master password. This means you only need to know one password, and the rest can be pseudo-randomly generated.
My first recommendation to students when they want to secure themselves now is to start using a password manager such as LastPass, Keepass, or 1Password. Even Apple and Google have built in ones for your browser these days. If you haven't heard of them before, what password managers do is recommend randomized passwords to you when you sign up to a site, store the password, and then autofill the password for you when you are logging into the site the next time. This is very helpful because the human brain can only remember so many passwords, which leads us to reuse passwords across different sites. The problem with this is that if you use the same password on all of your accounts, if someone steals that password at one site, they now have the ability to log into any of your accounts. Password managers help you maintain track of a bunch of strong, unique passwords, which limits the most likely threat that you have online.
I recommend using LastPass. There's plenty of other great password managers out there, but I've been using this one forever and that is the main reason I recommend it. Convince your friends and family to use password managers. Again, I totally get if you don't want to do this now, just skip it.
- Submit a 2-3 sentence statement trying to convince my grandma to use a password manager.
- Relevant XKCD What password has 2^44 bits of entropy?
- Install a password manager if you haven't already
- Make your password for your password manager something you have never used before. Now that everything will be stored in the same location, you need to protect this as much as possible.
- My recommendation is to write this password down in a few places that you will not lose, but that will not be obviously related your password manager if someone finds it. Or just remember it. I recommend writing it down.
- Complete the Security Challenge for whatever password manager you are using.