What I tell everyone: Use a Password Manager!
A password manager does more than just remember your passwords. 1Password lets me know if I have duplicate passwords, weak passwords, and even accounts in systems that have been breached, and I should change my password.
However, one of the strongest reasons to use a password manager: It defends you against phishing attacks.
I heavily use 1Password and know I can fill in any password by pressing the
⌘-\. I do this even for passwords I might fill in a dozen times per day.
I got an email from a colleague (or so I thought), asking me to look at a particular document stored in Sharepoint. I clicked on the link in the email, got the login screen, then pressed
⌘-\ and nothing. I tried it a few more times, and checked to make sure 1Password was working.
I was about to login manually when I took a closer look at the URL. In place of the letter m in our company’s name was an r followed by n. rn: It looked like an m, but wasn’t. The email was a phishing email. The landing webpage looked like our corporate login webpage, but wasn’t. The hacker even had a security certificate for this fake webpage. I was fooled, but not 1Password.
You cannot survive in this age without a good strong password manager. You need hundreds of different passwords. You need to be alerted when one is breached, and you need to use it exclusively to prevent phishing attacks.