I've been meaning to write this blog post for a long time and hearing in Jonathan Holmes' recent article on The Drum that he doesn't have a complex password and reuses that password over and over again tipped me over the edge. I hear this time and time again and it doesn't need to be this way.

Here's three simple steps that will massively increase your online security. It won't make you bullet-proof and you should still do all those other things security people have been telling you for years but these are really easy to do, anyone can do them and they plug the biggest security hole that people have these days - insecure and reused passwords.

Step 1. Create a complex password

Wait! Don't stop reading because you think it's going to be hard to remember - complex passwords can be easy to remember.

A software tool called pwgen can generate complex passwords that are pronounceable and therefore easier for us humans to remember.

There's an online version you can use to generate these. Go off and generate one now and use it for your most important online tool, such as your Gmail account.

Step 2. Start using a password manager

If you're reading this, chances are you have heaps of username and password combinations for all of the online services you use. To manage these you need to be using a password manager.

Password managers generate complex passwords for services that you don't need to remember. When you open your password file you just enter one master password and it unlocks all of your other varied, complex passwords.

I use KeePass because it is open source and works on the different platforms I use (Linux and Android). I also use Dropbox to ensure it's synchronised between all my computers and is always available for download over the Internet.

Go and download it now and use the password you generated in the last step as your master password.

Step 3. Move all of your passwords into your password manager

This sounds hard but the trick is not to go around laboriously changing all of your passwords up front. Whenever you touch a service (e.g. login to Twitter, upload photos to Flickr, etc.), just go to your settings page and use your password manager to generate a new password. It'll take you 30 seconds.

Off you go - go and change a few now. You'll feel more secure right away.


Jonathan Holmes responds, "easy! You don't understand how freaked out people like me get when confronted by something like KeePass". That's a fair point and I feel embarrassed I've done the stereotypical geek thing and assumed something easy for me wouldn't be difficult for a non-geek.

I'm off to eat some humble pie :) In the mean time, hopefully these instructions at least inspire some geeks to fix up their own online security and, in finest nerdy tradition, show their friends and family.