The first Thursday of May is World Password Day, a day to remind ourselves of the importance of making our digital lives more secure. For better or worse, just about everything we do is connected, online, and digital–our phones are car and house keys, every penny we have is behind a few banking passwords, and our entire jobs and reputations can be destroyed with access to just a couple social media accounts.
It’s more important than ever to ensure our accounts and digital devices are as secure as possible. But of course, security has to be convenient as well–you’re not going to type in a 45-character alphanumeric password every time you want to unlock your iPhone!
With that in mind, here are three straightforward tips to making sure your digital life is more secure. Some can be done in minutes, others may take some time to set up but will be fast and convenient after you do, but all of them will help make sure you don’t end up with a disaster on your hands.
Use complex, unique passwords
Every security expert will tell you that the biggest problem isn’t that hackers are super skilled, it’s that they don’t have to work very hard most of the time because people use bad passwords and the same passwords for multiple things.
Just look at the most common passwords for 2022:
It takes no skill or ingenuity to guess one of those in seconds. You should also not use your children’s birthdays, anniversaries, a pet’s name, or any other set of numbers or words that is associated with your real life.
Instead, experts say to use long passwords made of multiple words together–a pass phrase, if you will. Something like
walter-white-is-heisenberg is a lot harder for a computer to crack than
vNe3R#1! because brute-force password cracking gets much harder as the password gets longer, not stranger.
You should also use a different password for every single account you have, without exception. Huge lists of stolen passwords are frequently sold and traded among hackers, where they are then checked against millions of sites and services. If one of your accounts is compromised and you change the password, you can bet that same password will be tried on many other sites and services for years to come.
Using long, complex passwords that are different for every account you have is a huge pain–you’ll never remember them all. That’s where password managers come in! They help you store and fill in passwords across all your devices and can fill in things like address and payment forms too. Check our list of the best password managers for our recommendations—or you can use the one built into your iPhone, iPad, and Mac. A good password manager makes your life easier and more secure and is well worth the time to set up.
Take advantage of biometrics
Biometric password features like Face ID and Touch ID are not foolproof, but they’re much harder to crack than a string of six numbers, and they’re much more difficult to sell and trade around than big lists of passwords.
You should change your iPhone or iPad passcode to a real password, and make it a good one, then use Face ID or Touch ID to avoid having to type it in all the time. Do this wherever possible: Use big complex unique passwords for your main password manager, for example, and let Face ID or Touch ID do the hard work of unlocking it for you.
Apple, Microsoft, and Google have joined together to allow the use of biometric logins without passwords across their sites and services. This initiative, called Passkey, has been supported in Apple devices since macOS 13 and iOS/iPadOS 16 and is starting to be used across other sites and services. You can now log in to your Google account with Passkey, for example.
Secure every account with 2FA where possible
Two-factor Authentication (2FA), also called Multi-Factor Authentication (MFA), is when you have to supply a password and something else–a short one-time use code sent to you via text message or generated by a special app, or a fingerprint or face scan, for example.
These are really great ways to secure your account. Any time your password is correctly entered on a new device (such as when a hacker tries to use it), you must enter a code sent to you via text or generated with an app. The code can only be used once and is valid for a very short time. So even if a hacker steals or guesses your password, they’re not likely to be able to get into your account.
Using SMS (texts) for this is commonplace and handy because it doesn’t require an app, but SIM-jacking and other techniques can sometimes allow hackers to target individuals and access their texts, making this less secure than using a 2FA app like Auth, Google Authenticator, or Duo Mobile.
Apple has its own 2FA system for your Apple ID, which you should definitely have enabled since many Apple services require it. Here’s how to set up 2FA with your Apple ID. You’ll want to enable 2FA on every other account you have, especially bank accounts and accounts where you can make purchases (like game services). Check out our guide to getting started with 2FA for more.
And if you want the utmost security, you can lock down your Apple ID with a security key if you’re running iOS 16.3 or macOS Venture 13.2 or later. Instead of a code, you’ll have a physical key (two actually) that stores your authentication and is impossible to steal or spoof remotely.