Hands up who uses the same password for everything? Shame on you, and is there anyone out there who uses the same small clutch of passwords for everything? Yes, some shame on you people too. You lot may have been lucky so far but there's a very good chance that sooner or later you're going to get hacked which could lead to all sorts of fraud and identity theft at the worst or some severe social network embarrassment at the least.
Now, what you're going to say to us is, "Oh but Pocket-lint, I've got so many user profiles for so many sites out there. It's impossible to remember a different one for each of them", and we'd have to agree. So don't. Don't remember them. Get something else to remember them for you. Follow a few steps below and we'll have you 100% secure by the time you reach the bottom of the page. Okay? Let's go.
Step 1 - Find yourself a good password manager
There's all sorts of different password managers out there. They're either web-based, desktop applications or even browser extensions as well. The most obvious one and very good choice is the Firefox password manager. So, all users who browse with Firefox may as well use this one. It's automatically attached to the main build of the program, so you'll all have seen it popping up at the top of the window each time you enter credentials asking if you'd like Firefox to remember the details you've just entered. If you haven't already, then start answering "yes".
Each time you do that, the browser will save them for you and you can go and have a look at them now if you wish in Tools > Options and under the Security tab. Note the area where you can put exceptions, in case you share your computer with others and happen to surf some rather sensitive sites. Do be sure to set a master password while you're there though as anyone will be able to scoop the lot otherwise.
For those not on Firefox, a popular choice is the desktop application Keepass which has the bonus of working across all platforms. It also happens to be free and it's even portable onto all good smartphones as well. All the information you put into your password database is highly encrypted and the only thing it all hangs on is locking it up with a single master password. You will still have to remember one password, but then that's not too much to manage.
Step 2 - Start changing your passwords
Your database is all set up, so now all you need to do is remove the trace of your old unsecure ways by changing your credentials each time you enter them. There are plenty of good tips on creating strong new passwords and make sure you employ them to the max when selecting your master passwords. Also, bear in mind that it's only the master that needs to be memorable in any way. Essentially, you can mash the keypad for the others, so long as you tell your password manager to remember them.
Step 3 - Back them up
So, now you have a huge bunch of all sorts of different passwords that are impossible to crack and a piece of software to do all the remembering work for you. The only issue now is if your computer happens to die, well, then you've lost the lot and you're locked out of your entire virtual life. Not pretty.
There are two ways around this. One is that you can use an online password manager but the problem here is that you're putting your life into someone else's hands. They may be corrupt or they may be hacked themselves.
Better is to back up the two solutions we've suggested. The Firefox password manager can be backed up by an extension called Password Exporter, which allows you to turn your database into an encrypted XML or CSV file and Keepass also has a similar feature built in. Take this file off your computer - either somewhere far away and virtual or onto a USB stick and put somewhere safe. You can go out and buy an expensive/inexpensive external disk drive if you must but there's really no need.
Step 4 - Sit back and relax
Congratulations you are now safe from all the normal everyday security dangers of the online world. Well done you. Most of the attacks these days are by phishing or keylogging. The fact that your passwords will be called up automatically means you'll have no keystrokes to log as you enter your details. The second bonus is that bogus phishing sites are designed to fool your eyes but not password managers. Your new system will not automatically provide your details for websites that are designed to look the same. It can tell the difference. So you're now safe from those too.
Sadly, nothing in this world is 100% certain. There's always room for human error and indeed if there's a single mind out there doing its very best to hack into your specific life, they'll probably manage it eventually no matter how many layers of security you use.
Additionally, a few very high end websites, such as banks, may not be compatible with password managers, so you might have to remember those ones the old fashioned way. There is also the possibility that you could pick up a screen sharing piece of malware somewhere that even an unkeyloggable master password system might be cracked, but only if you allow your typed characters to be displayed on your desktop too, but these are all pretty rare circumstances indeed.
So, if you've followed this all step by step we'll stake our reputation that you'll be surfing safe for now and always. Congratulations.