Select Page

One simple way to avoid identity theft

Ready to be scared a little bit? The odds are very, very good that—at some point in time—a website you use has been hacked, and your e-mail and password from that site have been compromised.

Ready to set your mind at ease? It’s simple and easy to set up your online life so that you’re totally safe if that ever happens again (and to protect yourself now, in case one of your passwords is out in the wild).

The stuff I’m writing here is about your online life, and how you can make sure the bad guys don’t get to access your bank accounts, your e-mail, your blog, or the other important parts of your identity on the internet.

So, it turns out it’s hard to write something about “security on the internet” without it quickly falling into a hysterical, doom-and-gloom, panicky mess of a post.

flowers by the laptop

I don’t want to cause anxiety, but I also want you—when you read this—to understand how important it is, and how easy it is to protect yourself. Really, it’s as simple as downloading a free program (takes a few seconds), setting it up (takes about a minute), and then using it to log in to the sites you normally use (no more time than it takes you now).

If a website I use gets hacked, and my password gets stolen, what do the thieves get?

Without getting into boring details, there are two ways a website can store your password: encrypted (meaning a password like “puppies_are_cute” is stored as something like “c76dae966ba4fe2e427249511e3983ac16beef67”) and unecrypted (meaning it’s saved in the database as “puppies_are_cute”).

Even if a password is encrypted, hackers might still be able to crack it and figure out your password.

Ideally, every website would encrypt passwords securely before saving them. But they don’t all do it. If your password gets stolen, it’s probably safest to assume that the bad guys have your actual password. (Yikes!) And that they now have access to every site where you use that password. (Double-yikes!)


If I can’t guarantee that my password will be safe at a website, how can I protect all my other accounts if that site gets hacked?

The easiest way to keep yourself safe is to use a different password for every website. That way, if Site A gets hacked, your password from there will be useless at Site B.

Do you know how many sites I use? I can barely remember to get all the things on my grocery list. You expect me to remember that many passwords?

Me too. And no.

“Remembering passwords” is something you should probably commit zero brainspace to. But if you can remember just one (which you’re doing right now), you can use a password manager.

What is a password manager, and why should I use one?

Password managers do three things:

1. They securely store the username and password you use to log in to every site on the internet.

You only have to remember the one password you need to get into your password manager, and you’re all set. Also, when you first set it up, it’ll import all of the saved passwords you have on your computer.

2. They let you create unique passwords for each site.

Instead of using an easily-guessable password, they’ll generate a password that looks like this: “Af!@ADn56Zk*”. And every site you use will have a different password, so if one gets compromised, the rest of your online accounts are safe.

Even better, they remember your passwords for you, and can fill them in automatically. So you don’t have to worry about remembering them.

3. They give you a browser extension that lets you log in with a click of the mouse (or no clicks!), and manage your account across computers.

You might already have your computer set up to do this, but with a service like LastPass, you can set up your computer to log you in to any site, automatically. Further, if you log in to your LastPass account from another computer, or from your phone or tablet, it’ll log you in there, too.

As a bonus, they also store credit card information and other important data that you need. And they encrypt it all, so your info is secure.

(This isn’t sponsored by them at all. I’m just a fan.)

I have to pay for this, right?

Not for basic service. LastPass is free, but if you upgrade to Premium (right now, that’s $1/month), you get even more security.

But … what happens if my LastPass gets hacked?

The short answer: nothing. All of your data is encrypted, via methods that make decryption practically impossible. Your data is safe. Not even the folks behind password management tools can see your passwords.

Every few months, I see news that some large site has been hacked, and millions of passwords have been leaked. That used to freak me out. Since setting up a password manager, though, it doesn’t bother me anymore. I’d love you to have that same sense of peace.

And with all the things you’re trying to manage in your life, don’t make managing your own passwords be something that you have to handle as well.

Reading Time:

3 minutes





  1. Whitney

    Interesting timing. We just dealt with a major breach ourselves due to a hacker – $2800 dollars worth! Thankfully, the vendor and our bank were great and we were totally protected. But it sure has been a huge hassle. I had to change several accounts, passwords, and get a new debit card.

    We need a new password system, obviously.

  2. Catherine

    I don’t use one at the moment but I will now! Thanks for the great info. I log into a bunch of sites and do worry about it.

    • Jar

      Identity thefts have now appeared in our sights very often. Since technology has been advanced by time, different ways of identity stealing have appeared. One of the ways that’s used commonly is that they will become your friend. Those thefts could first pretend to be your friend. Then they will chat with you and become good friends with you. At last they will take away your personal information and then at last you realize that he/she’s just imaginary. At the same time you don’t know that if your friend stole your identity or someone else stole your friend’s account and did that. You need to know that not everyone and everything on the internet is reliable. People usually get tricked by people that they trust the most because no one knows that what he/she is actually thinking about. For example in one short clip in YouTube, there’s a girl that found a friend randomly. In his profile picture that boy is really handsome so she decided to add him. They became very good friends. And one day they decided to meet each other. At the day that they meet, the girl arrived very early but no sign of the boy have come. She waited for hours and at last went back home. When she went back home, she noticed that her identity is stolen while she went outside. She told the police about this. At last the police figured out that that boy was actually a 32 year old man. He is an identity theft. His profile picture was actually a picture that was found in google images. The same thing also appears in movie Identity Thief.

  3. laura

    We are huge advocates of 1Password. Thanks for sharing this.

  4. Heather

    I have never heard of a password manager – what a great idea! It certainly beats my little word doc organization method of the many passwords I can’t actually remember 🙂

  5. Kat

    I use 1Password and love it. It took a lot of coaxing from my husband and grumbling from me, but once you get everything set up it’s very easy to use. I just recently learned a neat trick where you can append “op” to the start of the URL (so it reads ophttp or ophttps) and it will open in the 1Password app, which is really handy if you do most of your computing from a mobile device like me. I also store credit cards and user identities in it, so when the autofill on my browser fails me, 1Password still saves me a lot of typing.

  6. Jenn @ A Simple Haven

    What?! I’ve never heard of this. It sounds like a fantastic tool. Great article.

  7. sarah

    I’d heard of these services but didn’t know how they worked. Thanks so much for explaining this. SO helpful!! I’m definitely going to get this set up!

    I had to freeze our family’s credit this month as the ultimate secrity measure, since our state (SC) had all the online taxpayer’s social security numbers stolen !!! It was a big deal, and the state is paying for credit protection for a year for everyone, including the kids that were named as dependents, but once we finished refinancing our mortgage we decided to do the most secure thing of freezign our credit. Now no one can open any credit account in our name at all! I feel better

  8. Cari

    As someone who just had her bank account compromised TODAY, I needed to see this! Apparently my debit card info was stolen via a website and someone had a field day with my money! Grrrrr.

  9. Lisa

    Thank you for this post! Seriously I had never heard about a password manager. I am definitely going to have to check this out.

  10. J

    Yup, have been using the password manager Roboform for years. It also syncs with mobile devices too. I highly recommend it!

  11. Julia

    My Mac computers offer to remember my passwords for me. How safe is this as compared to the password managers referenced in the article?

    • Charlie Park

      The main benefits of a password manager over just using your browser’s built-in “save this password” option are:
      • a password manager gives you a random password for each site
      • a password manager gives you a password that’s complex enough that it’s not going to be cracked
      • a password manager will help you log in *across different computers*.

      On that last point, let’s say you have a desktop and a laptop. For whatever reason, you update your password somewhere from the desktop. It offers to save your info. You say, “sure.” But then, the next time you’re at a coffeehouse and you want to log in to Facebook (or whatever), you’ll have to do that whole “forgot my password” dance, which is a waste of time. Password managers take care of that for you. So once you log in to your account (regardless of the computer you’re on), it’ll have your up-to-date passwords ready to go.

  12. Ryan

    I use LastPass, and one of the great features it has is 2-step verification. This means that not only do I have to put in my password, but I also have to put in a code off of a table that I keep on me. This means that even if my LastPass password was stolen, without that table, they still won’t be able to get in. I also have 2-step setup and Gmail, so that if they somehow manage to get my gmail password, they will also need to have my cell phone. Sure it looks funny when I want to check my email at a friends house. But my data is as secure as it can be right now. Only thing to make it more secure it biometric, and not all computers have that as an option.

  13. Lisa

    Very timely indeed. My email was hacked this morning. I’m sold!

  14. Sarah @ Your Healthy Home Biz

    Sounds like a great tool. I use multiple passwords by creating a very strange initial password like “ljdiaofij&8Km” and then injecting 3 letters associated with the site into the middle, like “ljdiaofijSIM&8Km” (“SIM” for simple mom) that way I don’t depend on software if something should go wrong with it.

    Also, citibank credit cards offer an online virtual number program which creates a virtual number for your credit card whenever you shop online. While you can set the number to extend for a certain amount of time or amount of work, it essentially is only valid for that one purchase. It creates another layer of protection against access to my credit card.

  15. Emily

    I use KeePass and I love it! I still struggle to not jump in and use my “go-to” password, but KeePass is making it easier to adjust and create unique passwords for every account I have.

    • Elizabeth

      I too have used KeePass for years and love it. I would also point out that unlike the above two options it is completely free, including the mobile apps.

  16. Kara Garis

    We use lastpass and love it! I have had my email hacked several times but since using lastpass it hasn’t happened once!

  17. Wendy

    Thanks so much for sharing this! I’ve been thinking about looking into something like this–you’ve saved me time spent researching; I’m taking action today!

  18. Brianna

    Unfortunately, I am one of the thousands of Canadians who’s personal information is “out there” somewhere, because of that government hard drive being stolen after I applied for and received a student loan years ago. While i will continue to be very cautious with all my personal info, it still bothers me that someone out there potentially knows everything that is important about me 🙁

  19. Kelly Wiggains

    Thanks for giving information that is helpful and informative without making me feel incredibly dumb or for making me afraid of the internet. I’m checking out LastPass today!

  20. Andrea

    We use KeePass, which has been a memory-saver! We just have it on our main computer right now, but it’s really taken the pressure off my mind. I spent too long trying every single password that I’ve used in the last 10 years. Because I spend time on other computers as well, I have used my own easier-to-remember passwords, but maybe it’s time to create KeePass accounts on my work computer and laptop.

  21. Debbie

    Hi Charlie, Interesting stuff…thank you. I just signed up for your free trial of Pear Budget and I love how easy it is to enter everything! I’m looking forward to trying it out!

  22. Tiffany

    Good timing, my husband has been telling me FOREVER that I should stop using the same password everywhere. In my defense, it’s 2-3 passwords but really that’s not enough. Off to check out LastPass!

  23. Amanda

    I haven’t used one because I didn’t really understand how they worked and was concerned about security. Thanks, Charlie, for explaining it in simple terms!

    And thanks for PearBudget. We are users and love it!

    • Charlie Park

      Thanks so much, Amanda! So glad it was helpful, and that you love PearBudget!!! 🙂

  24. Lesley

    I use 1Password – I’ve used it for a few years and I love it! I also use it to track purchase receipts (it supports attachments). Given the hundreds of websites I use, it is the sanest way to track everything. I have also gotten to where I have alerts set up with all of my credit/debit card companies. I get fraud alerts via email, phone and text.

  25. Amy

    I’ve used PassPack for years. It’s free as well for less than 100 passwords, I think.

  26. Erin

    I’m a mom first and foremost… AND I also recently began working at LastPass! It’s a fantastic company/software – but regardless of which password manager you choose – please choose one! It accomplishes two MAJOR things for me… simplifies my life (which is desperately needed) and keeps my information secure. Side note: it also has cool features like secure form fill that really speeds up those summer camp registrations 😉

  27. Mary

    You inspired me to bite the bullet.

    I installed Last Pass and feel like the weight of the world is off my shoulders.

    My learning style is hands on so I started with a site I didn’t care much about (in case I messed up with letting LP generate a password for me, etc.)

    Keep going with various sites that you don’t particularly care about and pay attention as you add them to your vault. Sometimes there’s a glitch (for example, if the site doesn’t require a password confirmation). You can manually fix it.

    I added sites one by one, logging out each time and then letting LP login for me with the new password. Once I was sure it was working correctly, I added another.

    Finally I added a site I cared about (the Dave Ramsey forums) but one that wouldn’t lock me out of our bank account. That worked successfully. I plan to continue adding sites leaving my web broker and banks for the last ones. By then, I hope to be an expert at this!

    Thanks for sharing such a great post. I needed to do this in the worst way. I love how LP will generate a strong password for you. To me, that’s half the battle.

  28. le

    Am I correct in assuming that this would be a bad idea to install on a computer that, say, I let my roommate use? Also, is there any way for my husband and I use it for two separate accounts with the same website? I suppose the obvious answer to both these questions would be to set up different users on the computer in the first place… we’ve just never taken the time to do it. Thanks for all the tips, I am challenged to put some better security in place.

    • Charlie Park

      Regarding the roommate / coworker / shared computer — As long as you sign out of your password manager, you should be fine. For the software to work, you need to log in to it (e-mail & password), so as long as you don’t leave it logged in (and don’t tell them your password!), you should be alright.

      You can have multiple accounts on a single website, even if you both log in to the same password manager. (Hopefully that made sense.) Another example of that scenario: I have multiple bank accounts at one bank (one is personal, one is business). When I go to the bank website, LastPass gives me options as to which account I want to sign in to.

      I hope that helps!

  29. Sam Sprott

    Good evening Charlie,
    I’m in the process of following your suggestion today, having signed up for LastPass this afternoon.
    I am finding the credit monitoring feature interesting, as well as the obvious simplicity and security of pass word maintenance.
    Thanks mucho for the article, and thank you Simple Mom for making the article available on your site

  30. Frank

    Great article! And yes, I use a password manager. Mine is called Sticky Password ( and I use for couple years. Now the changing of all the passwords because of Heartbleed will be easy 🙂

  31. Charlie Park

    I wanted to add a quick note, specifically about Heartbleed (linked at the very start of the piece). The Heartbleed website is aimed more at web developers than at the normal everyday web user, so don’t worry if it uses a lot of technical jargon that you don’t understand.

    Here’s the core issue around Heartbleed: Most of the Internet had a bug in its code that meant that someone (in theory) could have observed traffic that was supposed to be encrypted. Think of it like a party where you need a password to get in past the bouncer, but there’s some dude standing within earshot of the velvet rope. If he hears the password when you say it, he can now get in, since the bouncer will think he’s you. It’s even worse if that same password gets him in to every private party in town. And to the bank, and library, and so on.

    What you should do about Heartbleed:

    There’s no evidence that anyone knew about this bug before it was reported to web developers, but it’s still a good idea to A) use a password manager like I described in the article, and B) to start changing the passwords you use on the web.

    Now’s an especially good time to do those things if you happen to use the same password on every website! 🙂

  32. Christie

    Yes! We use LastPass. I love that it will generate complex passwords for you, so I don’t have to sit there looking around my room or flipping through books trying to find something to spark a unique but memorable password in my brain. The passwords it generates can be 10, 20, 30 or more characters, including numbers and symbols. I would never remember those types of passwords, but Last Pass does it for me and logs me in automatically!

  33. PAIGE

    I use my tablet 90% of the time. Do you have any recommendations for secure, free android password managers?

    • Charlie Park

      Hi, Paige! Unfortunately, I don’t know much about Android software. I looked in the Google Play store, and did see LastPass available for Androids, but there’s an annual fee after a free trial. I’ll keep my eye out, though!

  34. Lisa

    Never heard of this before, but I’m sold. Everything is so risky now days…this should help.

  35. Bethany Turner

    I have been using Keeper to store my passwords. But I am making the switch to LastPass and changing all my passwords to be encrypted.

  36. Katie

    I’m wondering how LastPass can be free? I’m feeling hesitant to trust it.

  37. Rebecca

    How do this work on our e-mail when we are logged in using the icons on our iPhones or iPads? Same question with the apps? Also, do I need to manually change my passwords on the different sites or will it do it for me?

Join thousands of readers
& get Tsh’s free weekly email called
5 Quick Things,

where she shares stuff she either created herself or loved from others. (It can be read in under a minute, pinky-swear.)

It's part of Tsh's popular newsletter called Books & Crannies, where she shares thoughts about the intersection of stories & travel, work & play, faith & questions, and more.