Fighting password fatigue: how to secure your digital life

In today’s digital world, passwords are the bouncers that guard our online identities and private information. We rely on passwords and password security to protect our financial accounts, our health records, our personal and work communications, and much more.

But we’re supposed to use different passwords for every account. We’re supposed to change them frequently. And password security includes making our passwords so complex that they’re hard for others to guess—but that makes them just as hard for us to remember.

The sheer number of passwords that the average person needs to remember is staggering: Cybersecurity company NordPass says that it’s more than 100 passwords per user.

Managing and remembering all these passwords can be a real headache. In fact, there’s a name for it: password fatigue. And according to a survey conducted by identity management company Beyond Identity, nearly 40% of us suffer from it.

The implications of succumbing to password fatigue can be dire. In our interconnected world, a single breach can lead to significant personal and financial loss for people and businesses. But you can employ a number of ways to tame password fatigue, bolster your password security and make digital life a little easier.

1. Enable two-factor authentication (2FA): 2FA provides an added layer of account protection by requiring you to provide a second factor of identification besides your password. (Another form of this protection, multi-factor authentication (MFA), requires at least two forms of identification.) This may be, for example, a code provided by an authentication mobile app or physical “hard token” device. Even if your password falls into the wrong hands, a hacker would need this code as well to gain access.

2. Biometric authentication: Options for biometric authentication, such as fingerprint or facial recognition, are increasingly common, especially on mobile devices. These methods provide security, reduce your reliance on traditional passwords and make it difficult for hackers to break into your accounts without physical access.

3. Use a standalone password manager: Standalone password management apps can be useful tools for password security. These applications securely store your passwords and auto-fill them when needed. They can also generate complex passwords to replace your weaker ones. Note that you can also save passwords in your web browser, but that approach gets mixed reviews from security experts.

4. Single sign-on (SSO): Single sign-on is a solution that lets you log in to multiple accounts using one set of credentials. You’ve probably visited websites or used apps that let you sign on using, for example, your Google, Facebook or Apple account information; this is an example of SSO, which balances security with convenience. And while there’s a risk that a single breach could give access to all of your linked accounts, combining SSO with other security measures, like 2FA, MFA or biometrics, can mitigate this risk.

5. Use strong, unique passwords: Sometimes we default to using simple passwords that are easy to remember and easy to guess, like “guest” and “password” and the old favorite “12345.” And according to an Ipsos poll conducted on behalf of Google, more than half of us incorporate personal information such as names and birthdays into our passwords—and that undercuts password security. It’s essential to create a strong password that could be easy for you to remember but hard for a hacker to guess. Here’s an example:

Think of a phrase that’s easy to remember, such as:

• A line from a favorite song or poem or the title of a book

• A phrase about your home, family or hobby

• A humorous, nonsensical phrase that’s easy to remember

Take the first letter of each word in your phrase to create the string of characters that will become your password, such as changing the line from Romeo and Juliet “O swear not by the moon, the inconstant moon” to “Osnbtmtim.”

Add numbers and upper- and lowercase letters to add complexity, such as substituting a zero for the initial letter “O,” making the two m’s for “moon” uppercase and substituting the numeral 1 for the letter “i.” That way, it becomes “0snbtMt1M”

6. Regularly review passwords: If, for example, you have a Google account, you can use Google Password Checkup to check the strength of passwords saved to the account, and see if they’re compromised; follow the directions at Password Manager. If you’re using an Android device running Android 9 or higher, you can check to see if your saved passwords were exposed in a data breach. On your Android phone or tablet, open Chrome; at top right, tap More > Settings > Password Manager > Password Checkup > Check passwords. And if you have an Apple device running iOS 15 or higher, it can monitor your passwords and let you know if they’ve appeared in known data leaks; go to Settings > Passwords > Security Recommendations for more information.

Password fatigue is real, but there’s a cure. Learn about password security. Understand the risks associated with weak or reused passwords and the potential consequences of a breach. Stay informed about new security practices and technological advancements, and put to use these practices in combination to avoid the risk of any one technique failing you.

Check out our advice for how to create strong passwords.