“Lawyers have hated passwords since passwords first made their appearance,” some of my colleagues recently wrote. So true.
Emerging AI tools mean it is easier to crack passwords. So, the standard advice for strong passwords is now at least 15 characters, with requirements of upper-case and lower-case letters, numbers, symbols and maybe a drop of blood (OK, not really.) The challenge is most of us cannot remember that long of a string of random characters and creating passwords we can remember, typically by inserting dictionary words within them, makes them easier to crack. From my point of view, the only rational solution is a password manager. The good thing about password management is that as you get more login credentials saved, you benefit from quicker logins.
Many of us who follow technology have turned against the previously popular tool LastPass. Not only did they suffer a major breach last fall, but their messaging in its wake was misleading at best with the major disclosures not released until the Christmas holidays. I switched to 1Password. PC Magazine highly ranks Dashland and Bitwarden in its best password managers of 2023 roundup.
Accounts that can access your financial information or client information should be secured with two-factor authentication. The most common way of doing this is a text message confirmation code is sent to your phone that must be entered to complete your login. Many password managers also support two-factor authentication.
My podcast teammate Sharon Nelson and two of her colleagues wrote about the next step in login security in their post Passwords May Be Extinct Sooner Than You Think. They note that thanks to passkeys, the days of passwords will soon be numbered. Ironically that probably will not eliminate password managers as they evolve to managing some passkeys and some remaining passwords because some sites that haven’t upgraded their login yet.
Additional reading: Why passkeys from Apple, Google, Microsoft may soon replace your passwords CNBC.