Remember when a “password” could be your dog’s name and the year you were born? Those days are over — and for good reason. But you don’t have to be a security nerd to lock things down. You just need a few sensible habits.

1. Use a password manager — do not negotiate

This is the hill I will die on. Password managers (1Password, Bitwarden, Keeper, etc.) let you:

- Create unique, long passwords for every site.

- Store them safely behind one strong master password + 2FA.

- Autofill on desktop and mobile so it’s not a pain.

If you still reuse passwords because you “can’t remember them”, a password manager solves that problem instantly.

2. Make your master password human but long

Your master password should be easy for you, hard for everyone else. Use a passphrase (three random words + a number) — easier to type and harder to crack than ‘Hunter2’.

Example: `blue-pavlova-7-hill` — long, memorable, and Aussie-adjacent.

3. Enable 2FA (but choose wisely)

Two-factor is a must. Avoid SMS if you can — use an authenticator app (Google Authenticator, Authy, or the built-in phone authenticators) or hardware keys (YubiKey or Titan).

Hardware keys are the nicest “set-and-forget” option if you want to go extra tidy.

4. Watch the recovery options

If your recovery email or phone number is weak, your strong password is moot. Make sure recovery accounts are as locked down as the main account (unique passwords, 2FA).

5. Old accounts: clean house

You probably have accounts from websites you stopped using 8 years ago. Close or freeze what you don’t need. Fewer accounts = fewer ways in.

Tools: periodically search for your email on **Have I Been Pwned** to check exposures.

Final thought

Passwords are boring, but boring wins. Use a manager, enable 2FA, and tidy up recovery options. That combination will stop 90% of the casual attacks out there.

*If you want, I’ll share my exact Bitwarden / 1Password folder setup and a checklist for cleaning old accounts in the next post — say the word.*