A password is the primary credential protecting most online accounts, and weak or reused passwords are among the leading causes of account compromise. Strong passwords are long (12+ characters), random, and unique per site. Password managers solve the impossible problem of remembering dozens of unique passwords by encrypting and storing them behind one master password.
Audit your existing passwords using a password manager's built-in strength checker. Replace the five weakest or most reused passwords. Enable a password manager on at least one device.
Your password is the primary key to every online account you own — email, banking, social media, and anything else. The threat model is straightforward: attackers either steal password databases from websites (data breaches) or run automated programs that try millions of combinations per second. Understanding these two attack methods explains why conventional password advice ("add a capital letter and a symbol") often misses the point.
When a website is breached, attackers get a list of hashed passwords — scrambled representations that can be reversed by guessing. Modern hardware can test billions of guesses per second. This is why length matters far more than complexity: a 16-character password of lowercase letters has more combinations than an 8-character password with symbols, capitals, and numbers. The passphrase "correct-horse-battery-staple" — four random common words — is both memorable and extremely long. Automated tools do test common substitutions (@ for a, 0 for o), so "p@ssw0rd" offers almost no improvement over "password."
Reuse is the other major risk. If you use the same password everywhere and one site is breached, every account you share that password with is now vulnerable. Attackers run "credential stuffing" attacks that automatically try leaked passwords across thousands of sites within minutes of a breach. The fix is simple in principle but hard in practice: every site needs its own unique password.
This is where password managers solve an otherwise impossible problem. Remembering 50 unique, random, long passwords is humanly impossible — so most people reuse passwords instead. A password manager generates and stores a unique random password for every site, encrypts the entire vault, and requires only one master password to unlock. The security tradeoff is clear: one very strong master password protects all your others, and you never need to memorize the random ones.
One surprising truth: writing a password on paper and storing it in your physical wallet is not inherently bad. A physically-secured note is safe from remote attacks, which is where the real risk lies. It is far safer than reusing a weak password across 20 sites. What to avoid is storing passwords in an unencrypted text file on your computer or browser notes — those are trivially accessible to malware.