I am not a cryptographer or a security guru. All I know is the very basics of password safety. Turns out, this is enough of a step up from what most people are doing that I think it’s worth sharing.

## Don’t Give It Away

Perhaps the single worst thing you can do with a password is share it with people you don’t trust. Don’t email your passwords or reveal them over the phone. Don’t put them on a sticky note in a public place. This should be obvious….

However, I used to live in a place where there were government buildings where you could see a few sticky notes on desks just from walking by the window. Some of these had strings of characters on them that looked suspiciously like passwords. Not a great idea.

## Increase Difficulty

Using English words in passwords isn’t as bad as using short passwords. There are well over 100,000 words in English. Let’s say there are 72 characters to choose from for a randomly-generated password (26 uppercase letters + 26 lowercase + 10 digits + 10 symbols).

If you choose three English words completely at random, your password is chosen from a bigger space than if you choose 8 characters at random, simply because $100000^3 \gt 72^8$. This very roughly corresponds to an idea called “password entropy”, but because this is a dead-simple guide, just think of it as being harder to guess a password that comes from a bigger space of possible passwords. This reference is almost obligatory here.

## Use A Manager

Even though English words are easier to remember than random characters, they can be hard to type, and hard to associate with certain services in your memory. I heartily recommend using a password manager like LastPass or 1Password. I’ve used LastPass for the past five years—it’s hard to beat something that’s both safer and more convenient.