How many reused passwords do you have? How many weak passwords do you have? For years, I thought I was completely in control of my passwords, but then I took a cold hard look at the reality. It was so much worse than I ever imagined. So I decided to clean them all up, making sure they were all strong and unique. Every last one. Here's how I did it.
(You can read more stories like this, as well as tutorials and advice this in my ebook "Get Organized: How to Clean Up Your Messy Digital Life" available via Ganxy and other ebook retailers.)
Old Habits
I never even imagined how many passwords I actually have until I started using a password manager, which was crucial to this whole password cleanup project.
Get Organized I started using Dashlane about a year ago. For the first two or three weeks of being a Dashlane user, I constantly felt interrupted by Dashlane when I was trying to go about my work. Every time I logged into a site, Dashlane would ask if it could capture and save my login credentials for me—and I said yes because that's kind of the whole point of using a password manager. Still, the interruptions were annoying.
At first, I didn't change any of my habits of keeping and maintaining passwords. I've always changed the passwords that protect my most important accounts (banks, credit cards, email) every few months and used the same dummy password for accounts that I don't really care about.
After a few weeks, I got past the first hurdle with Dashlane. It now had all the passwords for accounts I used regularly, so it interrupted me less and less. So I made one new habit: I now let Dashlane invent passwords for me for any new accounts I created. I didn't do anything (yet) to change my older accounts, but new ones now got the new treatment: strong and unique passwords created by Dashlane.
How I Assessed My Password Predicament
Dashlane has a dashboard that shows statistics about all your passwords, and when I first started exploring this feature, I thought, "Uh oh."

The dashboard said I had 45 weak passwords as well as 37 reused ones! Yikes.
Sometime in August, I decided to make a project for myself around this whole idea of cleaning up those 45 weak and 37 reused passwords. So I set a clear goal: Fix ten passwords every weekend until the job was done.
Number-Crunching
I felt certain that all 37 reused passwords were also the majority of the ones counted as "weak." In other words, I only really had 45 passwords in total to clean up, not 82. If I could bang out ten every weekend, I'd been done in five weeks.
During the first weekend of this cleanup project, I found that changing ten passwords took approximately 30 to 45 minutes, depending on how much troubleshooting I had to do. Thus, the whole project took somewhere between 2 hours 30 minutes and 3 hours 45 minutes. That's no small task, so I'm glad I broke it up into manageable sessions.
So for five weeks, I just worked my way through the list of bad passwords that Dashlane presented. I didn't necessarily work in order because some days I had more time to troubleshoot than others. If I was tight on time and hit a snag, I'd just leave it for the next session. I kept track of how many passwords I updated in a single sitting by watching that "45" weak passwords number slowly tick down. In other words, session one was complete when Dashlane changed the number to 35. Session two was done when I hit 25.
Project Workflow
As I started churning through my passwords, I developed something of a workflow.
I found that it helped tremendously to have my iPhone on hand while updating my passwords. That's because I found it extremely efficient to re-authenticate apps that I leave logged in on my phone on the spot the same time that I updated the Web account password."
The most efficient workflow for me was:
Identify a bad password in the password manager
Change the identified password online (which wasn't always straightforward, as you'll see)
If I encountered any problems (like the ones outlined a little later in this article), then I would try to re-log in just to make sure the new password saved accurately
When applicable, open the related mobile app or setting in iOS and immediately and re-authenticate with the new password.
Tip: Keep Email Open
For recovering lost passwords, which I had to do more than I anticipated, I quickly realized my workflow was smoother when I kept all my email accounts open. For example, sometimes Dashlane wouldn't sync immediately with the newly set password, and I'd have to go through the process of retrieving access to the account via email a second time to set yet another new password.
Problems and Annoyances
Perhaps the most unexpected problem I encountered was that not all websites have a "change password" option. For those, I found you typically have to pretend that you lost your password to get an email verification to set a new one. This happened with TweetDeck and Focus@Will, to name just two examples.
I also had a problem finding options to update my password on mobile-only applications. For instance, I had a bad password for Any.do, which I use primarily on my iPhone and which does not have a Web interface. There is no "change password" option in the app's settings. So there is ostensibly no clear way to change your password. I installed the one other app that Any.do has, a Any.do plug-in for Chrome and finally found a "lost my password" button that sent me an email notification with a link to create a new password.
Situations like that were more common than I had anticipated. When they occurred, it definitely made a dent in my time efficiency. That's why it took 45 minutes to update ten passwords.
Another minor problem that happened a few times was when Dashlane didn't sync well. When Dashlane picks a new password for you, it doesn't even show you what that password is. All you see on the screen are dots. So you don't know that the new password is.

A few times, Dashlane didn't save or sync that newly generated password back to the installed application for Dashlane on my computer (when it is successful, a pop-up notification appears in the upper right corner of the screen). If something goes wrong, the Web account knows the new password but neither you nor Dashlane do. When this happened to me, I ended up doing the full "lost password, reset by email" process, which just added more time and more work to my project.
Final Stretch
By the end of weekend number four, I was feeling pretty good. I was in the home stretch. Weekend five rolled around, however, and I realized I'd never get a perfect 100 on my password score in Dashlane.
The problem? Two of the account logins I have saved in Dashlane aren't actually mine. They are for social media accounts managed by another person that I use from time to time. I can't change those passwords because they're not mine to change.

Another login that is holding me back from password perfection is the New York Public Library, which asks me for a four-digit PIN. Dashlane thinks I can do better than a four-digit PIN. The NYPL website, on the other hand, restricts me to a four-digit PIN. There are four exceptions all told, and Dashlane seems to be okay with that. All the dashboard readouts now appear in green, whereas formerly there was some red and orange mixed in there, too. A security score of 94.3 percent must be good enough. It's certainly a number I can live with.

Thanks for posting this - it's a more important topic than some people realize.

I use LastPass myself. It works great and is completely free to use on everything but mobile devices (android, apple) It works great with all my browsers. I love the way when i go to a website it will auto log me in. Great app!! and it also works great with xmarks app. Check it out!!

It's a very important topic. I used to use the same password for pretty every website - such bad security!

Luckily for me none of my services were ever compromised.

I now use randomly generated passwords for every site stored with LassPass which is secured by 2-factor authentication with the use of a Yubikey - I now consider myself pretty secure

okay i use strongpassword generator and i note in a book

O.O same for me, i have a really bad security to all of my accounts... Really need to change this habbits and started to manage my passwordsss --


Sent from my iPad using Tapatalk

Good read. Thanks kenshiro12, I think everyone on the internet should have to read something like. Unfortunately it is like most other things, people only notice there is a problem when something major happens and it is probably already to late.