There are a number of recommended best practices for passwords. Make your passwords lengthy. Use complex strings of numbers, symbols and characters that are not in the dictionary, increasing the effort required to break your passwords. Use a different password for every online account, to prevent a breach at one site from cascading across all your accounts. Don't go swimming for 30 minutes after you change your password. (I made that last one up.)
A 2012 consumer survey on password habits found that 61 percent of consumers admit to reusing passwords on multiple sites, and 44 percent of consumers surveyed change their passwords once a year or less. It's no wonder that the survey found that 21 percent of consumers have had an online account compromised at some point.
Better management for passwords
To handle all of these passwords, you used to have to rely on memory (faulty) or a blizzard of Post-It notes (insecure). Currently, the recommended approach is to use a password manager.
A password manager is an application that encrypts and securely stores your passwords. You can access it from both your desktop machine and your smartphone.
You typically have one very complex password for your password manager itself, and it then manages the passwords for all of the sites and services you access. Commonly used password managers include LastPass, 1Password, Roboform and others.
Once you've set up your password manager, it will automatically notice when you're on a website that requires authentication, and pre-fill the password field for you on login screens. In fact, most password managers also include password generators that will create long, extremely complex passwords when you need them.
Strangely enough, if you are using a password manager and its password generator, you might not even know your passwords for various sites. Since the password manager is handling the passwords (and, naturally, storing them in an encrypted database), you might never see them. For example, I don't actually know my Facebook® password since I've started using a password manager. I saw it once when it was generated and noted that it was long and complex and gnarly, and since then the password manager keeps track of it for me.
For me, using password managers took a little getting used to. Now I'm a number of months into the process and it’s become second nature. While no security process can ever be made completely infallible, effective use of a password manager is a step in the right direction.