Make sure your passwords are different
Let’s say you use the same password on every single website. Let’s be real - it’s most of us. >80% of people1 use the same password on every website. Maybe you have a super secure 30 digit password with lots of capitals, numbers, and symbols. Nobody could ever guess it (including maybe you…) Perhaps you’re one of the 11% of people who have one of the following PINs2
Nobody has to guess your password. Odds are that some website you use has leaked their usernames and passwords as part of a data breach. You can check out HaveIBeenPwned to see how many websites have leaked out your usernames, passwords and the like. A hacker can grab your username and password from one of these many leaks and then just log into every website they can think of.
The best solution is to use a different, complicated password for every single website. This can be really hard. Luckily, password managers can make it easy. A password manager will securely store all of your passwords for you - one for every account. When it’s time to log in, your password manager will input in the correct username and password for you automatically. It can make logging into websites easier and more secure. The two most popular are LastPass and 1Password, although there’s a bunch more[^pm-warning].
- Download a password manager app onto a computer.
- Setup an account using a unique password. I’d recommend paying the monthly fee for cloud syncing (if there is a fee). It makes using a password manager a bit easier, and if your computer goes down your passwords aren’t lost into the void.
- Come up with a list of every digital account that your relatives have. At the very least, this list should have the following:
- Email account
- Checking account
- Investment accounts
- Cell phone
Now comes the
boringfun part! You have to log into each one of these accounts, change the password to be randomly generated, and then add the username/password to the password manager. Be sure to try logging into the account afterwards. I’d recommend temporarily copying the new randomly generated passwords to a text file until you’re positive that your password manager has the correct password. Or, for the more extravagant, write it down on paper and then toss it into a nearby fire to ensure nobody will ever see it again.
- Install your password manager on tablets + phones. Do not turn on biometric recognition. Be sure to log in to the password manager once to verify everything is working properly.
Most password managers don’t handle changing passwords that well. Expect to be accidentally locked out of an account because your password manager didn’t capture the password properly. If they want to change passwords, have them copy all generated passwords into a text file temporarily and manually verify that the password manager has it remembered.
If you’re close with your relatives, write down a copy of their master password and store it in a secure place offline. This way, if they lose their password, you can help them recover access to their password vaults.
Do not store your 2FA backup keys in your password manager! It may seem tempting, but keep them separate. If your password manager supports multiple “Vaults” with different passwords, perhaps.
Some websites will allow symbols in their passwords and others won’t. Some websites limit password length to x characters, some don’t. You should make sure your relatives know how to play around with the settings on the password generator
Password managers can fill out your password field for you and that can be scary. Try creating a fake email account using the password manager and then try changing the password on that account using your password manager. Then try changing the password on the fake account using your password manager. This way, if something bad happens, you just lose access to your fake account.
Some mobile apps will have a little icon to open a password manager and others will require manually copying + pasting passwords.