If you’re like millions of Americans, you’ve got one password that you think is uncrackable: no one else will ever think of your first dog’s name, and then your high school football number, and then—to keep things extra safe—an exclamation mark: Rufus72! How could some dickhead hacker ever guess that? Impenetrable, right?
Unfortunately, the “bad guys” don’t sit around spitballing different aspects of your life until they land on your password, even if the image makes for terrific television. Here’s how hacking today actually work: a gang of shady jerks will target vulnerable websites that you probably use, but are not protected nearly as well as, say, Bank of America. (Think: Target, Home Depot, Anthem health care—not necessarily bulwarks of information security.) Sometimes, scoring access to a customer database is as easy as duping a low-level Target employee with a fake email that looks real enough but in actuality is peppered with bad hyperlinks.
Starting to see the issue with using the same password for your Chase login as you do on that Game of Thrones forum? Once a thief scores your password—usually acquired in bulk with other people—the first thing they’re gonna do is try it on every account linked to your email.
It’s why having different passwords for every site you use is tantamount to staying safe. We like 1Password (~$25 right now) because it keeps you protected without requiring a whole lot of effort. All you have to do is remember a single password, but you type it into 1Password instead. From there, it’ll create tough-to-crack, unique passwords for all of your accounts across all your devices, and log in for you.
Just don’t write that password on a Post-It note and stick it on your office computer. Every time you do that, your IT department makes fun of you behind your back.