Articles in Category: Passwords

A woman looking at her mobile phone with suspicion.

Why Do Services Like Google and Microsoft Ask for a Phone Number?

Many online services request your phone number. I’ll look at how that’s typically used and why it’s a good thing.

No passwords!

Going Passwordless Without Going Passwordless

Passwords are dying. On some services, you can start playing with the process by creating a secure password… and then forgetting it.

A home office desk with a frustrated man sitting in front of a computer. The screen shows multiple reminders for password changes, with sticky notes scattered around displaying various passwords crossed out. The man's expression reflects annoyance, with his hand on his forehead.

Is a Periodic Password Change a Good Thing?

Conventional wisdom says to change your passwords periodically. I disagree.

The image shows a smartphone with a biometric fingerprint scanner in the center, representing device unlocking. In the background, there are abstract digital locks, key symbols, and security shields surrounding the phone to symbolize online security and protection.

Is a Passkey Two-Factor Authentication?

Passkeys are secure, but they’re not two-factor authentication in and of themselves. I’ll run the scenarios that explain why that is and when 2FA might be involved as well.

A finger pressing onto a fingerprint reader. The fingerprint reader is a modern, sleek device with a glowing blue light indicating where the finger should be placed. The background is a clean, minimalist setting, emphasizing the interaction between the thumb and the fingerprint reader.

More Passkey Questions

Passkeys seem like magic, and confusing magic at that. I’ll address a set of questions I received recently.

A bright and simple photorealistic image showing a computer screen displaying a password change interface, with a large padlock icon. The background is minimal, with faint outlines of a smartphone and a tablet, emphasizing multiple access points. A person’s hand is seen typing on the keyboard, indicating action being taken to secure the account.

Changing Your Password After a Hack May Not Be Enough

Changing your password is a common response to account hacks. Unfortunately, it isn’t enough.

Setting up or using a passkey.

What If There’s a Passkey on My Lost Phone?

Losing a device with a passkey isn’t a disaster at all. I’ll describe why that is.

A line of dominoes on a sleek, modern table. The first domino in the line is labeled "Your Password", and the subsequent dominoes are labeled with generic online service categories like "Email", "Social Media", "Banking", etc. Each domino represents a different aspect of one's digital life, illustrating the concept of how a single compromised password can lead to a chain reaction affecting various online accounts.

What Is Credential Stuffing?

Credential stuffing: less complicated than the fancy words imply and easy to prevent.

A close-up of hands using a smartphone or tablet, with the device's screen displaying a clear and bright passkey icon.

How Can Passkeys Possibly Be Safe?

Passkeys may feel confusing now, but they’re a doorway to a more secure, less frustrating, passwordless future.

Visualize a secure, encrypted server with a padlock symbolizing security, and a magnifying glass over a computer screen displaying an Outlook.com login page, to represent the attempt to find the existing password without changing it.

How Can I Recover an Outlook Password Without Resetting It?

Microsoft doesn’t know your Outlook.com password. Honest. That makes recovering it without changing it challenging.

A formidable fortress stands under a clear sky, its design a blend of medieval strength and modern mystery. The large, wooden door at the fortress's entrance is secured with a robust lock, symbolizing protection and secrecy. Above this door, a sign boldly proclaims "Passwords," hinting at the digital fortification concepts within. Emblazoned on the door is a shield, an emblem of defense and security. Beside the main entrance, a small, quaint ticket kiosk offers a juxtaposition to the fortress's grandeur. This kiosk sports a sign that reads "2FA," and another says "PASS", suggesting a modern, technological gateway requirement akin to two-factor authentication. The entire scene merges the aesthetic of ancient castles with contemporary cybersecurity themes, illustrating a unique intersection of the past and present security measures.

Isn’t Putting Two Factor Codes in My Password Vault Less Secure?

Storing 2FA codes in 1Password alongside passwords might slightly reduce security, but the risk is minimal, especially compared to the convenience.

Frustrated Login

What If Password Autofill Won’t Work?

Password vaults are sometimes unable to auto-fill fields. There are several ways to work around this.

Secure Your Google Account With a New Password

How Do I Change My Password for Google Mail?

There are times when a new password is what you need. Here’s how to change it.

Password

How to Use Just a Single Password for Everything

It’s very tempting to use only a single password everywhere. That’s dangerous, and there are better alternatives.

A photorealistic 16:9 image illustrating a scenario where a person of Caucasian descent is handing over a digital key to a family member of African descent. The scene is set against a background filled with subtle symbols and icons representing recovery options like emails and phone numbers, emphasizing the emergency access options for passkeys. This image conveys the idea of digital legacy and the importance of ensuring trusted individuals have access to digital assets in emergency situations, highlighting the role of passkeys in modern digital security.

Passkeys and Disaster Planning

Passkeys are new, convenient, and secure. I’ll review how they affect your disaster planning. (Not very much.)

Bitwarden Sign-In Error

What Should I Do If I Lose Access to My Password Vault?

Losing access to your password vault is something you can recover from.

Moleskin notebook with notes.

No, Don’t Write Down Passwords

The world’s largest magazine dispensed some bad tech advice. Here’s why I so strongly disagree.

Extracting a Password

Is It Really That Easy to Get Someone’s Password?

We’ll look at some ways that someone else could access your account — or at least look like they have.

a passphrase as good as a password?

How Can Four Random Words Possibly Be More Secure Than 16 Random Characters?

Passphrases are just as secure as passwords — perhaps even more so — and are easier to remember if needed.

No more passwords?

What Is a Passkey?

Passkeys are a new form of authentication that promise to be both easier and more secure.

LastPass?

Can I Still Use LastPass Safely?

Selecting another password manager is now the common recommendation. I’ll review what you can do if you elect to keep using LastPass.

AI generated robot at a keyboard.

Will AI Crack Your Passwords?

We’re seeing AI associated with many things. Cracking your passwords is now on the list.

Password Management

What’s the Best Password Manager for 2024?

The best password manager is the password manager you’ll use (within reason, of course).

Facial recognition, conceptual.

Are Facial Recognition and Fingerprint ID Safe?

Facial recognition and fingerprint ID are quick, convenient approaches to signing into or unlocking your devices. But are they safe enough?

Extracting a Password

Why Is It Important to Have Different Passwords on Different Accounts?

Using a different password for every login is crucial — and it doesn’t have to be difficult.

1password.com homepage.

Setting Up 1Password

How to get started with 1Password and the most important action to take.

Password list

Your 6 Strongest Practical Password Techniques, Ranked

Six practical approaches to generating passwords, ranked from best to worst.

A Long Password

How Long Should a Password Be?

For years, the standard practice has been to assume that eight-character passwords made up of sufficiently random characters was enough. Not any more. Not even close.

Oh, LastPass...

What to Do About the LastPass Breach

The most recent LastPass security incident has many people concerned.

LastPass 2FA Feature. (Screenshot: askleo.com)

Should I Use My Password Vault for Two-Factor Authentication As Well?

A new feature in some password vaults has us thinking about security implications. Bottom line: use two-factor authentication.

Authy. Part of the solution. (Screenshot: askleo.com)

A Lost-Second-Factor Tale of Woe and How to Avoid Your Own

A tech journalist lost his phone and encountered issues recovering a two-factor-protected account. We can all learn from his experience.

Some Gmail Account Recovery Options

Please Set Up and Maintain Account Recovery Information

Account recovery information is an important yet often overlooked part of account security. Managed poorly, it can lead to permanent account loss.

LastPass?

What You Need To Do About the LastPass Hack

A portion of LastPass was breached. Here’s why it’s not a disaster, and why I’m not leaving LastPass.

Login

How Can I Delete an Old Account If I Can’t Log In?

If you’ve lost your password, there may be recovery steps. If you’ve also lost your email address, recovery becomes significantly more difficult.

A Dead Phone

I Lost My Phone With My Second Factor for Authentication. How Do I Recover?

My phoned died, and with it, all the two-factor authentication methods I’d used it for. Here’s how I recovered.

LastPass Password Manager

LastPass Password Manager and Vault

One of the challenges with current online safety advice is keeping track of multiple different secure passwords. LastPass not only does that, but does it securely across multiple devices.

Password Entry

I’m Told to Change My Password. Why?

If you’ve been told to change your password, do so, but do so in the right way. I’ll explain what that means and why it’s important.

Please?

Would You Please Recover My Password?

Every day, I’m asked to reset lost passwords, recover hacked accounts, or retrieve lost information in them. Here’s my answer.

Windows Sign-in

Is a Password-protected Windows Login Secure?

Your Windows log-in password gets you surprisingly little real security. I’ll look at why that is, why you might still want one, and what I do instead.

Looking at your keystrokes . . .

Will Using a Password Vault Thwart a Keylogger?

A password tool may bypass a few keyloggers, but not all. Think about your overall computer and account safety first.

No Password!

Is Passwordless Authentication Safe?

Passwordless authentication removes the need for a password and replaces it with something else. But can that be secure?

Three Random Words

Do Random Words Make Better Passwords?

As few as three random words make better passwords than strings of random characters — but not, perhaps, for the reasons you think.

Password Vault

Responses to Your Three Common Password Manager Objections

Password vaults are a common recommendation by security professionals to improve your online security. Why do so many resist?

A Server Farm / Data Center

How Do Websites Keep Passwords Secure?

A high-level overview of how websites and services should store passwords security, so next time there’s a breach you’ll know what to look for.

The LastPass message

No Email from LastPass? Dealing with Sign-In Problems

While travelling, I signed in to my LastPass account only to be told I needed to confirm an email message that never arrived — or so I thought.

Worry

What if I Forget My Passwords If I Use Two-Factor Authentication?

Two-factor authentication is different than passwords, but they both share important recovery steps if there’s a problem.

Sign in to Gmail

How Do I Access Gmail Without Phone Verification?

There are a number of ways to confirm your identity if you don’t have your phone. The catch is that most have to be set up before you need them.

System Login Dialog

Should Your Username be More Like a Password?

Occasionally people suggest that usernames should be treated like passwords. While there’s some merit to the idea, it’s ultimately impractical.

A two-factor key fob.

The Easy-to-Avoid Two-Factor Loss Risk

Two-factor authentication is an important tool to keep accounts secure, but prepare for losing the second factor so you don’t lose your account.

All the eggs - One basket.

Isn’t Storing Your Passwords In One Place a Security Risk?

Yes, password managers put all your information in one place. It better be a very good place.