askST: What is a good way to manage passwords to all my online accounts?

After news broke recently that at least 500 million Yahoo accounts were hacked in 2014, a reader wrote in to bemoan the fact that one has to maintain so many different passwords to various online accounts nowadays.

"How often should one change them? And what would be a good way to manage multiple passwords for multiple accounts ranging from online banking accounts to e-mail accounts, so that one can not only remember them but also make sure they are strong passwords?"

Tech writer Vincent Chang answered.

Yahoo confirmed on Sept 23 that data from half a billion users were stolen by hackers in 2014 in possibly the largest security breach ever. The company urged affected users to change their passwords.

However, the stolen information also included names, e-mail addresses and security questions and answers that may be used to break into the victims' other online accounts.

In other words, this security breach may require affected users to change more than their Yahoo passwords - they may need to change the passwords of other online accounts that had used the same e-mail address and security question.

As you can imagine, this can be very frustrating for users. Not only do they have to change their passwords, they must also ensure that the replacement passwords are strong ones that are not easily cracked. Such passwords are usually random alphanumeric characters that are difficult to remember.

For convenience and security, I recommend using a password manager app to generate and save strong passwords for your online accounts. Instead of memorising a score of passwords, you just need to remember a single master password.

Popular password manager apps to check out are LastPass and Dashlane. Find out more about password managers here ( But take note that these apps obviously are attractive targets for hackers.

Therefore, for accounts involving sensitive data, such as your online banking account, you should enable two-factor authentication to provide an extra layer of security. Google, Microsoft and Yahoo offer this feature for their e-mail accounts too.

More askST stories here.