There are steps you can take if you’re stuck with password-only, one-factor authentication.
1. Do not re-use Passwords!
Never use the same password more than once.
It doesn’t matter if you are using the same system or different systems. Passwords are a consumable item. Think about them as windshield wipers for your car. You can only use the new ones once you have used them and replaced them.
If you re-use a password there is a chance that the password was compromised during the time period. Hackers have a greater chance of finding out that you’re using the same password again or using it somewhere else. This could be because the hash is the same or they are using the dictionary list that contains your old password.
2. Stop trying to be clever.
Hackers have too many clever examples in their password database. Every trick or technique that you can think of – based on your keyboard and mental calisthenics – is already in password cracking tools.
It is important to base your passwords on randomness. (See more below.
3. Use a tool.
If your organization doesn’t prohibit it, you might consider using a secure password management software (also known as a credential manager or password vault).
Even if you’re not allowed to use one at your workplace for company systems, it is recommended that you use one for private access to internet sites or services.
A password management tool must encrypt your password database and offer random password generation. Lastpass is my favorite, but Dashlane and NordPass, KeePass, KeePass and Bitwarden are all great options.
Some password storage tools can be tied to a cloud service, which allows you to access your passwords from any web terminal or smartphone app. The most important aspect to a secure password storage device is that you are the sole owner of the master unlock code to the credential archive.
Safe can be having your credential archive stored on the cloud, provided it is encrypted and that no one, including the hosting company or software vendor, can open it.
If you decide to use a tool to unlock it, make sure that the master code is as complex as possible. This should be as random and complex as possible. However, you will need to MEMORIZE it (see step 4).
The tool will then generate random passwords for all your other needs and keep track of them. I use a credential manager for hundreds of passwords stored on online services and sites. My passwords are long, based on site parameters, and random. Only two passwords are known to me: the ones that allow me to access my computer and the one that allows me to open my password vault.
4. Consider these alternatives if you don’t want to use a software tool
Use a Passphrase
Passphrases are multi-word passwords. Instead of choosing a single word or string of characters for your password, choose three to six words to form a collective. You can place a space between each word or a symbol. Avoid picking words that are connected in any way. Also, avoid creating sentences that are not understandable.
Instead, choose words that can tell a mental story to increase your chances of remembering it. For example, “purple balloon underground flight intentionally upsetting.”
This password is extremely long and it would be impossible for hackers to crack it using traditional password cracking techniques.
Use a random password generator
You can use a variety of smartphone apps and computer software to generate passwords. I prefer an online service called “Perfect Passwords” at https://www.grc.com/passwords.htm, which is “GRC’s Ultra High-Security Password Generator.”
This site generates