Remember when you only needed to remember one password? Maybe it was your pet’s name, maybe your wedding anniversary. Simple times.

Now you need a different password for your bank, your email, your doctor’s portal, the pharmacy, Facebook, Netflix, Amazon, and dozens more. It’s exhausting. So you write them down on sticky notes, or you use the same password everywhere, or both.

Only last year, older adults lost $4.8 billion to online scams. Most of those scams started with a stolen password. But here’s the good news: you don’t need to become a tech expert. Three simple changes will make you safer than 80% of people online.

What About Writing Passwords Down?

First, let’s address what you’ve probably been told: “Never write down your passwords!”

Security experts actually disagree. Bruce Schneier, one of the world’s top cryptography experts, says writing passwords down is fine if you’re smart about it.

Safe places to keep written passwords:

• In your wallet with your other valuables (just your 2-3 most important ones)

• In a locked drawer at home

• In a home safe

Dangerous places:

• Stuck to your computer monitor

• In unlocked desk drawers

• Anywhere visitors can see them

Think about it: A burglar who breaks into your home has bigger concerns than your Netflix password. But a hacker in another country can steal passwords from millions of people while sitting in their pajamas.

One Simple Password Formula

Stop using “Password123” or your pet’s name plus your birth year. Hacking tools crack these in under one second.

Try This Instead: The Sentence Method

Think of a sentence that’s meaningful to you, something you’ll never forget. Then use the first letter of each word, plus some numbers that matter to you.

Examples:

“I graduated from Lincoln High School in 1975” Password: IgfLHSi1975!

“My favorite movie is The Sound of Music” Password: MfmiTSoM!

“We bought our first house on Maple Street” Password: WbofhoMS2010!

Why this works: The sentence is easy for you to remember but impossible for hackers to guess. Even if they know facts about you, they don’t know which sentence you chose or how you abbreviated it.

How to Create Yours:

1. Pick a memory that matters to you (where you met your spouse, your first job, a favorite vacation spot)

2. Make it a complete sentence

3. Use the first letter of each word

4. Add a number that goes with the memory (a year, an address number)

5. Throw in a symbol like ! or # at the end

Write the full sentence on your paper logbook (that’s safe in your locked drawer). You’ll remember the sentence, and that helps you remember the password.

Important rule: Don’t use information that’s posted on your Facebook or social media. Hackers look there first. Use memories that live only in your head.

Minimum standards to aim for:

• At least 12 characters (longer is better)

• Mix of uppercase, lowercase, and numbers

• Never use information that’s on your social media

This sounds more complicated than it is. Once you create two or three passwords this way, it becomes second nature.

Your Free Digital Safe: Password Managers

Imagine a secure vault that remembers all your passwords so you don’t have to. That’s a password manager.

You create ONE strong master password (use that sentence method). It remembers everything else. When you visit your bank’s website, it fills in your username and password automatically. When you create a new account, it generates a strong password and saves it.

You never have to write anything down or remember anything except that one master password.

Start Here: Use What You Already Have

Your phone and computer already have password managers built in. You don’t need to download anything.

If you use Apple devices (iPhone, iPad, Mac):

1. Go to Settings

2. Tap “Passwords”

3. Turn on “AutoFill Passwords”

4. Done. Next time you log into a website, your phone will ask “Do you want to save this password?” Tap yes.

If you use Google Chrome (on any device):

1. Open Chrome

2. Click the three dots in the upper right

3. Go to Settings → Passwords

4. Turn on “Offer to save passwords”

5. Done. Chrome will now remember everything for you.

These built-in options are completely free and work beautifully if you stick with one brand. If you only use Apple products, use Apple’s. If you use Chrome on everything, use Google’s.

If You Use Multiple Device Types:

If you use an iPhone but a Windows computer, or switch between different browsers, the built-in options won’t sync properly. In that case, you could consider NordPass ($1.49-$2.99/month).

NordPass has the simplest interface of any password manager. It’s specifically designed to not be intimidating. Their customer support is patient and helpful. It works on every device, phone, tablet, or computer, and keeps everything synchronized automatically.

Think of it as paying $2 a month to never worry about passwords again. That’s less than a cup of coffee.

The Safety Net: Two-Factor Authentication

Two-factor authentication (2FA) is like needing both a key AND a code to open your door. Even if someone steals your password, they still can’t get in without the second code.

Microsoft’s research shows this stops 99% of hacking attempts. It’s the single most effective security measure you can take.

How It Works:

1. You type in your password (that’s factor #1)

2. The website texts a 6-digit code to your phone

3. You type that code into the website

4. You’re in

The code changes every time and expires in a few minutes. So even if a hacker somehow intercepts it, it becomes useless almost immediately.

Yes, There Are More Secure Options

You might hear about authenticator apps or fingerprint readers. Those are great, but they require downloading new software or having specific hardware.

Start with text message codes. They’re the easiest, they work with the phone you already have, and they’re 1,000 times better than nothing. Don’t let perfect be the enemy of good.

Turn It On for These Three Accounts First:

1. Your email - If hackers control your email, they can reset every other password using “forgot password” links

2. Your bank - For obvious reasons

3. Medical portals - To protect your health information

How to Enable It:

Every website is slightly different, but the process is similar:

1. Log into the account

2. Find “Settings” or “Security Settings”

3. Look for “Two-Factor Authentication,” “2FA,” or “Two-Step Verification”

4. Follow the prompts to add your phone number

5. They’ll text you a code to verify it works

It takes about 5 minutes per account. Your bank’s website will walk you through it step by step.

If you get stuck, call the customer service number. Say “I want to turn on two-factor authentication.” They’ll help you. This is becoming so common that support staff do this dozens of times a day.

If Something Goes Wrong

Even with perfect security, breaches happen. Companies get hacked, mistakes occur, and sometimes you’re just unlucky. Here’s what to do:

Signs You’ve Been Hacked:

• Your password suddenly doesn’t work

• Friends say they received strange messages from you

• You see purchases you didn’t make

• You get password reset emails you didn’t request

Take These Steps Immediately:

Step 1: Reset your password Go directly to the website (don’t click any email links) and use their “Forgot Password” option. If you’re completely locked out, call their support number from their official website.

Step 2: Check your other accounts If you used the same password anywhere else, change those immediately. Hackers try stolen passwords across multiple sites.

Step 3: Turn on 2FA If the account didn’t have two-factor authentication before, enable it now so this can’t happen again.

Important contacts to write down and keep handy:

• Your bank’s fraud number (on the back of your card)

• Your email provider’s support number

• Your country’s identity theft reporting agency (search online for “identity theft reporting [your country]”)

Having these numbers accessible when you’re panicked is invaluable.

You’ve Got This

You don’t need to do everything at once. Start with one small step today.

Your First Step (Choose One):

• Turn on your browser’s password saver

• Create one strong password using a memorable sentence

• Enable 2FA on your email account

Pick whichever feels easiest. That single action puts you ahead of 80% of people online.

Tomorrow, do another one. By next week, you’ll have better security than most of the internet, and it will have taken less than an hour total.

Technology should work for you, not stress you out. These tools exist to make your life easier and safer. You’ve managed more complicated things than this. You’ve got this.