A malicious hacker recently took control of the ROS1cancer.com website (which I help to manage). WordPress suspects the hacker accessed the site by guessing a password of an authorized author on the site.

Over the past two days, WordPress worked with me to restore most of our content. During the process, the site automatically emailed a LOT of old blog posts to our subscribers (I apologize for all the emails you may have received.) Dozens of blog posts about living with ROS1 cancer that had been shared by patients around the world were corrupted when the hacker deleted the site’s list of authors and editors. WordPress is still trying to help me recover those posts without having to reconstruct every single one. I also had to request a new credit card number, since the hacker could see my card data that was used to pay the annual upgrade fees (more time lost updating my card info for autopays). At least the hacker hadn’t used my credit card yet.

It’s a cautionary tale that reminds us to practice good password management, especially on sites that contain vital information (like banking or personal info) that could cause significant problems if it were compromised.  EVERYONE should:

• Use STRONG passwords (more info below)
• Create a unique password for each site
• Change passwords regularly
• Avoid reusing passwords

Alas, hackers use sophisticated tools to help them guess passwords. It is no longer sufficient to generate an eight-character password with one uppercase letter, one lowercase letter, and one number. But we all use a lot of passwords–I use over 400!–and generating a unique, strong password for each of them can be a real pain. What to do?

Use a password manager!

Password managers are software products that help you generate and store complex passwords, eliminate duplicate passwords, update your passwords regularly, and access your passwords on different devices and browsers. They will also allow you to autofill your password when visiting a site, if you wish.  The best part is that you only have to remember ONE password to access ANY of your passwords.

I have used a password manager for years on all the PCs in our household, as well as on my tablet and phone. I love that I only have to change a password in the password manager software on ONE device to make the new password available on ALL devices. True, the apps can be glitchy at times, but I’ve seen a big improvement in features and performance in the past few years. For me, it’s been far easier and more accurate than maintaining all my passwords in a written notebook.  I’ve never had one of my passwords compromised while using a password manager, although I know it could still happen–hacker tech is evolving rapidly.

Each password manager has a different combination of features and strengths. Which one is right for you depends on how you use your devices ( family? business? high-tech projects?) and how often you’ll use it on which platforms (Windows PC, Mac desktop, iPad, Chromebook, iPhone, Android, etc). Comparisons and rankings of products are published every year by reliable and impartial sources like PC Magazine, CNET, Wired Magazine, WireCutter, and Consumers Reports.

No one can guarantee a password can’t be hacked, but you can at least make your passwords harder for hackers to guess.  When did you last update YOUR passwords?