Take Control of Your Passwords, 4th Edition

Overcome password frustration with Joe Kissell's expert advice!
Version 4.1.1, updated March 21, 2024

Password overload has driven many of us to take dangerous shortcuts. If you think ZombieCat12 is a secure password, that you can safely reuse a password, or that no one would try to steal your password, think again! Overcome password frustration with expert advice from Joe Kissell!

Passwords have become a truly maddening aspect of modern life, but with this book, you can discover how the experts handle all manner of password situations, including multi-factor authentication that can protect you even if your password is hacked or stolen.

The book explains what makes a password secure and helps you create a strategy that includes using a password manager, working with oddball security questions like "What is your pet’s favorite movie?", and making sure your passwords are always available when needed.

Joe helps you choose a password manager (or switch to a better one) in a chapter that discusses desirable features and describes nine different apps, with a focus on those that work in macOS, iOS, Windows, and Android. The book also looks at how you can audit your passwords to keep them in tip-top shape, use two-step verification and two-factor authentication, and deal with situations where a password manager can’t help.

New in the Fourth Edition is complete coverage of passkeys, which offer a way to log in without passwords and are rapidly gaining popularity—but also come with a new set of challenges and complications. The book also now says more about passcodes for mobile devices.

An appendix shows you how to help a friend or relative set up a reasonable password strategy if they're unable or unwilling to follow the recommended security steps, and an extended explanation of password entropy is provided for those who want to consider the math behind passwords.

This book shows you exactly why:

• 9-character passwords with upper- and lowercase letters, digits, and punctuation are not strong enough.
• You cannot turn a so-so password into a great one by tacking a punctuation character and number on the end.
• It is not safe to use the same password everywhere, even if it’s a great password.
• A password is not immune to automated cracking because there’s a delay between login attempts.
• Even if you’re an ordinary person without valuable data, your account may still be hacked, causing you problems.
• You cannot manually devise “random” passwords that will defeat potential attackers.
• Just because a password doesn’t appear in a dictionary, that does not necessarily mean that it’s adequate.
• It is not a smart idea to change your passwords every month.
• Truthfully answering security questions like “What is your mother’s maiden name?” does not keep your data more secure.
• Adding a character to a 10-character password does not make it 10% stronger.
• Easy-to-remember passwords like “correct horse battery staple” will not solve all your password problems.
• All password managers are not pretty much the same.
• Passkeys are beginning to make inroads, and may one day replace most—but not all!—of your passwords.
• Your passwords will not be safest if you never write them down and keep them only in your head.

But don’t worry, the book also teaches you a straightforward strategy for handling your passwords that will keep your data safe without driving you batty.