Your Password Is Probably Terrible: How to Fix It in 5 Minutes
81% of data breaches involve weak or reused passwords. Here is how to fix yours without memorizing anything.
The average person has 100+ online accounts and reuses the same 3-5 passwords across most of them. If any single account gets breached — and breaches happen to major companies multiple times per year — attackers immediately try those credentials on every other service. Your Netflix password should never be the same as your banking password, yet for most people, it is.
The Three Rules That Actually Matter
Rule one: every account gets a unique password. Not a variation (adding "1" or "!" to the end of the same base), but a completely different, random password. This sounds impossible to manage, which is why rule two exists.
Rule two: use a password manager. A password manager stores all your unique passwords in an encrypted vault protected by one master password. You remember one password, and the manager handles the other 99. Bitwarden is free and excellent. 1Password costs $3/month and is worth every cent. Both generate random passwords, auto-fill login forms, and sync across all your devices. Setting one up takes 15 minutes and is the single most impactful security improvement you can make today.
Rule three: your master password (and any password you must type manually) should be a passphrase — four or more random words strung together. "correct-horse-battery-staple" is both easier to remember and harder to crack than "Tr0ub4dor&3." The math: four random words from a 7,776-word dictionary provide 3.6 trillion combinations. At a billion guesses per second, that takes 3,600 seconds to crack. Add a fifth word and it takes 28 million seconds — about 324 days.
What to Do Right Now
Step 1: Generate a strong master passphrase. Step 2: Install a password manager (Bitwarden is free). Step 3: As you log into accounts over the next few weeks, save each one in the manager and replace the password with a generated random one. You do not need to change all 100 accounts today — just change each one as you naturally encounter it. Within a month, your most-used accounts will all have unique, strong passwords.
Start by generating a strong password with our password generator — it uses cryptographic randomness and never stores or transmits anything.