As 2017 drew to a close it was announced that, yet again, '123456' was among the world's most popular password. It was joined on the podium by '123456789' and 'qwerty', as — again — internet users failed to take their security seriously.
It may seem unlikely that your password would be compromised and your identity stolen — after all, there are billions of people online, so why you? True, there may be safety in numbers. But when Yahoo can inexplicably let all three billion of its users have their details stolen, it pays to not only use good, strong passwords, but to use a different one for every website, app, service and piece of software you use.
And that doesn't mean using the same word with a different number on the end each time — it means using a password which looks like this: y5W8!c%3MK4#. (Not mine.)
But how are you supposed to remember even one password like that, let alone dozens? That's where password managers come in. These applications live on all of your devices as an app or web browser plugin, ready to create new secure passwords, and remember them all so you don't have to. All you ever need is one master password to gain access to the password manager app. Simple.
Here are five of the best password managers available now.
Widely regarded as one of the very best password managers in the business, LastPass creates new passwords of varying complexity (depending on how many character you want to use), and keeps them safe. LastPass can import all of the passwords you likely already have saved in your Google Chrome web browser, then adds them to site forms automatically each time you log in.
It also saves every new password to your 'vault', where they are listed in the alphabetical order of the service they correspond to. The vault can be searched to quickly find the password you need, and passwords can be copied and pasted without even needing to be viewed. Accessing the vault on the smartphone app is done with your master password, or with biometric security like a fingerprint scanner or FaceID on the iPhone X.
There is also two-factor authentication, meaning a hacker would need both your master password and phone to gain access.
LastPass is available on Mac, Windows, Linux, Chrome, Firefox, Safari, Internet Explorer, Opera and Microsoft Edge, as well as iOS, Android, Windows Mobile and the Apple watchOS.
The free version of LastPass will likely be all you ever need, while the premium package costs $2 per month (billed as $24 annually) and includes the ability to grant friends and family emergency access to your vault. Premium also gives you priority tech support and 1GB of encrypted online file storage.
Attractive and easy to use, 1Password is available for an individual user, a family of up to five users, or for a business. There is a 30-day free trial for all customers and after that it costs $2.99 per month for individuals and $4.99 for a family account, although these are both billed annually. Business rates vary depending on the size of the company.
1Password works in a similar way to LastPass, with a customizable password generator and support for a wide range of operating systems, web browsers and mobile devices. There is also the ability to create separate vaults for different sets of passwords - one for financial services and one for entertainment login details, for example. A section can also be created for keeping secure notes, plus important documents like a scan of your driving license, and software licenses. In that regard, 1Password can be tailored into your all inclusive digital locker and key safe.
There is also a feature called Watchtower, which notifies you of cyber breaches around the web - like when Yahoo was hacked, for example - and asks you to change the associated passwords which may now be vulnerable.
A relative newcomer, Dashlaned launched as a beta product in 2012 before getting a new user interface in 2016. The UI looks attractive and feels more modern than the basic, utilitarian design of LastPass and other alternatives.
As well as creating passwords and storing them securely, Dashlane includes support for two-factor authentication, the ability to share passwords with emergency contacts, and log all online purchases.
Similar to 1Password, Dashlane will notify you when a website or service you use has been hacked, and can even be configured to automatically create a new password for that service, keeping your account secure.
Dashlane is free to use, but if you want your passwords kept in sync across multiple devices then you'll have to pay for Dashlane Premium which is $40 per year.
One of the first password managers, RoboForm keeps things simple and doesn't overload the user with too many features or optional extras. This no-nonsense approach means your passwords are always quickly available across PC, Mac, iOS and Android. Passwords can be created or imported from another password manager and all you'll need to remember is a single master password.
RoboForm is free to use, but like Dashlane if you want to keep your passwords in sync across multiple devices you will have to pay - in RoboForm's case, this is a very reasonable $19.95 per year.
The free version of Sticky Password has all of the usual features - a password manager, automatic form filling in web browsers, two-factor authentication, access via biometrics like Touch ID, and a search feature. For $29.99 per year - or $149.99 for a lifetime license - users get to sync passwords across devices and back passwords up to the cloud.
For users who would rather sync passwords between devices over their own Wi-Fi network instead of via Sticky Password's cloud server, this can be configured.
Bizarrely, premium customers will see a cut of their payment go towards saving endangered manatees. Because, why not?
Are password managers safe?
Password managers have, on occasion, become the victims of hacking. OneLogin was hacked in 2017, for example, and LastPass announced a data breach in 2015. As with anything else online, there is no way to guarantee absolute security.
But using a password manager is a good place to start. How many of your passwords are the same? How many are easily guessable because they contain your name, the name of the website or service they are used to access, or a common dictionary word? These factors all make passwords easier to hack, but by using a manager you are more likely to choose passwords which are strong, unique, and more difficult to crack.
With cheap and even free password managers available across almost all platforms, you really have no excuse to still be using '12345'.