Passwords are everywhere in our digital lives: securing our email, bank accounts, social media and more. Ensuring your online accounts are safe from prying eyes is important – but what makes a strong, secure password?
Read our handy guide to learn about choosing a secure password, whether or not you should be using iCloud Keychain, and how to manage passwords on your Mac more effectively.
If your trouble is that you don’t know what your password is, try How to reset a forgotten Apple ID password and What to do if you forget your Mac password. If you have forgotton the password to the admin account on your Mac you may find this article helpful: How to change the admin password on a Mac and, How to find a password on a Mac.
Also read about How Apple plans to retire passwords.
How to choose a good password
What’s a good password? Opinions differ, but there are some general approaches that everyone can agree on.
Security experts say a good password contains upper and lowercase letters, punctuation and a number, and that it should be 8-14 characters long. A solid password will be hard for computers and humans to guess, but easy for you to remember. If your password is so hard to recall that you have to write it down or post it on a sticky note at your desk, it’s almost useless.
Try some of the following strategies to generate good passwords:
- Use an algorithm or password generator. This will often create a hard-to-remember password, however, so you may wish to use this in conjunction with a password manager.
- Use deliberate misspelling of words, as these do not appear in the dictionary, or invented words/nonsense that you have come up with.
- Use a password manager. This will be discussed in detail later on in this article.
Things to avoid
Never use personal information such as your birthday, phone number, National Insurance number or social security as a password: with a little research these are easy to guess, and if it gets cracked, your other information could be at risk.
For similar reasons it’s also bad practice to use names or details of your family or significant other. Avoid having the login to your bank be “David” or “8thApril”.
Passwords vs passphrases
A passphrase differs from a password by being a string of words separated by a space. These are generally 3-4 words long and still satisfy good password standards such as uppercase letters and punctuation. “My neighbour has Cats!” or “Vermont gets very cold” would be some passphrase examples.
These are considered better than passwords since they provide a way to create a complex password that is easy to type and remember.
Many applications and websites now support the use of passphrases. As with regular password creation, a good passphrase will be unique to you and not easy for anyone else to guess. We recommend you start using passphrases where possible.
How to keep a password safe
Even great passwords (or passphrases) can become bad if managed improperly, however. Here are some good habits to follow:
- Never share your password.
- Don’t let other people watch you type your password.
- Log out properly after using public or shared systems.
- Change your passwords every 3-6 months and don’t reuse them.
Should you use Apple’s iCloud Keychain?
Apple introduced the iCloud Keychain back in Mac OS X Mavericks (10.9) as a convenient way to store and sync your usernames, passwords and credit card info across all of your approved devices. Apple states that iCloud Keychain is protected with industry-standard encryption techniques on all of your devices, both in transit and in the cloud. This is about as secure as you can get, so if you are worried that your info isn’t secure enough from Apple’s end, rest easy.
Your decision to use the iCloud Keychain or not should depend on your needs and the way you use your computer(s). The cloud keychain only works with Safari and not other browsers such as Firefox or Chrome. Additionally it is not cross-platform compatible like some password management software.
These alone may be deal-breakers for many, but if you love Safari and only use Macs, then it is a solid and free option.
There are some considerations to be aware of when using iCloud Keychain:
- If you’re concerned about cloud storage or just don’t wish to do so you may skip storing your data in iCloud and simply store your keychain data locally. This will update via Wi-Fi on any approved devices.
- If working on a shared computer, note that anyone on your user account will have access to all your logins or sites. Be sure to log out or set a password on sleep or screen-saver.
To begin using iCloud Keychain on your Mac, go to System Preferences, then click on iCloud and select Keychain. Enter your Apple ID and password, then follow the instructions to complete setup.
iCloud Keychain is handy, but not a fully featured standalone password manager. If you are looking for something more robust, you should consider using a fully featured app instead of or in addition to iCloud Keychain.
Best password managers
Are password managers right for you? That depends on a few different factors. If you’ve got dozens of accounts or frequently log into multiple accounts on a daily basis, you may wish to consider using a password manager. They will streamline your workflow and turn the annoying process of entering all that information into a one-click process.
If you’re already using iCloud Keychain, a manager can offer more features such as full browser compatibility, storing sensitive documents, organisation options, cross-platform compatibility and security audits.
We look at the best options in separate articles (see Best Mac password managers and Best iPhone password managers), but here is a basic list of popular software to get you started – from free apps to top-of-the-line software.
Price: Free on Mac App Store. iOS Apps require paid upgrade.
If you don’t want to fork over your hard earned cash for an app yet, LastPass is a great place to start. What’s better than free?
LastPass is ideal for users who want increased security with minimal effort. A completely web-based storage approach makes setup a breeze. The only downside here is that the interface lacks a true Mac look and feel.
Price: £19.99/$19.99 on Mac App Store. £3.99/$3.99 for iOS on App Store.
OneSafe offers password management and features at an affordable price. Unlike most competitors OneSafe lets you choose from four different unlocking mechanisms to access your data. It also includes a convenient drag-and-drop feature for storing documents and files.
Price: Free on Mac App Store. Free on iOS App Store. £3.49/$3.99 monthly membership, £34.99/$35.99 annual membership.
The current king of password management on the Mac, 1Password offers a premium price for premium features. Plug-ins for every browser, strong organisation, vault sharing and a slick interface are all good reasons to check this app out.