I’ll admit there are sites I don’t bother using a good password, where I’ve been forced to “join” when all I want is some information. But if you need to give them ANY confidential information, especially payment info (even if they’ll always be sending to YOU), if its personal use a good password. Surprisingly, writing it on a post-it and sticking it yo your screen (at home that is) is probably as safe as anything, I mean is a burglar is at that point he could probably get all the personal details he wanted without even turning your computer on. Still, if everything else is secure, you should be a bit more circumspect about your on-line security too.

Never use anything too obvious (“password” is one of the most common passwords!), avoid personal info that can be found elsewhere such as your birthday, maiden name etc.  For websites where I won’t be entering personal data I’ll uses a non-obvious but memorable password, perhaps the same one. I have lost nothing if such a site gets hacked. Once they starts to need personal data (and if this they ask for details they don’t actually need in the name of greater security or perhaps just for their marketing, don’t use the real data, give a false birthday etc). I often take the web site and apply my own recipe to it that make it hard to guess. How to remember them all? Since most problems with stolen details happen on-line you can write a list and stick it on your desk, sounds unsafe I know but if a burglar is much less likely than a hacker. In fact if websites ask you for personal info, don’t be too truthful since if they are hacked then the hacker will know your birthday, mother’s maiden name, pet or whatever so lie.  See below for on-line storage of these details since if you have “lied” you will need to remember.

All places requiring a password will have an “I forgot my password” link. This will usually send to your email. So it is REALLY important that your email password is secure!

If you are offered a second level of security such as secret questions, don’t use real or obvious questions (if you get to choose these) and answers. Favourite pet Mother’s maiden name could all be found with a bit of research so be canny.

Use the second level of security that sends a code to your mobile if the site is important for instance your bank.

Personally I use a password manager, lastpass is good and free. You’ll need a really safe long master password that you’d enter once when you turn your computer on and thereafter it will ask if you want to save new sites and remember existing ones. Use its “generate password” option and it will generate something like (#l/n?8/*@€#{[ which you will never remember but lastpass will. Away from your computer? Just go to the lastpass website and login.

Other passwords managers are available, some with your browser, not a lot of good if you are out and about (though Chrome does have a facility to store online). Anything online is hackable but on-line password managers have very good encryption. And changing your password periodically is a good idea and if you use a manager, much more “manageable”. Changin your password manager password periodically is also advisable. I often use a long sentence, some nonsense and write it down somewhere. Other password managers are available but  I like

If you must use your own non-automated passwords, you could do worse that your own memorable “encryption”. For instance I might have created a password for amazon that was the first letters of “I spend too many pounds on amazon!” = ISTM£OA! or a series of words like “rat dog cat” .

Until there is a convenient iris identifier, dna mapper or fingerprint reader that cannot be bypassed by chopping your hand off or plucking your eye out (someone else doing it to you I mean!), passwords will be necessary, and you will be forced by sites who want to protect themselves (an indirectly, you) to create ever more complicated passwords. For me an online manager is ideal, but at very least store yours in a password protected zipped spreadsheet.


Icons by dDara from is licensed by CC 3.0
Icons made by Pixel Buddha from Photo by Christopher Gower on Unsplash Beach Image by  Gregory Culmer Icons made by Freepik from Icons made by fjstudio from Icons made by Pixelmeetup from Icons made by Darius Dan from  
This product includes GeoLite2 data created by MaxMind, available from

Subscribe to receive new articles as soon as they are published


Managed WordPress Pro server

Content Delivery Network by CloudFlare


All Care Plans Include...

All the time

Every Month

Specific Plans Plus...

Personal plan - $35 pm

Tweaks and fixes.

Business plan - $50 pm

Website care report. Tweaks and fixes plus weekly /daily (as required) backups and up to 30 mins additional tasks (non-transferable). Extra tasks $75 ph

Performance plan (for high access sites) p.o.a

As above plus bespoke performance specifications eg. extra storage, extra processors and extra bandwidth. Required for high traffic ecommerce or membership sites.