"Can't I just pick one good password and use it everywhere?"
I get that question a lot. The answer is simple and scary: Websites that store your password often do so in a reckless manner. They don't encrypt the password. If someone breaks in to that website's database they can download everyone's information.
Think it doesn't happen? So did LinkedIn, until they had 164 million email addresses and passwords stolen and then offered for sale 4 years later. If you had your LinkedIn credentials stolen and they were also they keys to your banking or other web services that makes for a potentially bad day. Even security vendors like Avast have been hacked, so you can't consider anywhere really safe.
"I have over 30 websites I use, I can't remember 2 long, complex passwords, let alone 30!"
I completely agree, I can't do it either. Instead I suggest everyone use a good password manager.
A good password manager will not only keep track of what usernames and passwords you use at various sites, but it should help by offering to generate unique, long complex passwords for you when you register at new sites, then store that information.
One of my favorites is free, and you might not realize you already have it.
Google Chrome will not only keep track of your user names and passwords, it will autofill them for you when you visit a site, and it can auto-generate long, complex passwords for you at new sites.
The really great thing about using Chrome as a password manager is all the information is securely stored in your Google account, and synced over all your computers, tablets, and phones (You did turn on 2 factor authentication for your Google account, right?)
When you upgrade to a new computer, tablet, or phone all you have to do it log in to Chrome and all your internet passwords are ready to autofill, no complex export/import process required.
You can check your password settings in Chrome by going to https://passwords.google.com From here you can turn on/off Smart Lock for Passwords and the Auto Sign-In settings, as well as view any passwords you have currently saved in Chrome.
If you'd like Chrome to auto-generate passwords for you when you register at a new website you need to turn that function on elsewhere.
1) Open Chrome and type chrome://flags in the address bar.
2) Press CRTL+F and enter "Enable password generation"
3) Change the drop-down from "Default" to "Enabled"
That's it! From now on when Google detects you are at a web sign-up page it will auto-generate a strong password for you. You don't have to accept the suggestion, but since it's already syncing the passwords to all your other devices why wouldn't you?
-The Home Geek