Being better with passwords

February 1 is global Change Your Password Day. In the past, many companies would force users to change their password every month or so, even if there was no evidence of compromise. This was annoying, and did not generally make you more secure — mostly people would just reuse the same password they used everywhere with a different number on the end. Thankfully, this is no longer considered best practice. However, we thought it would still be a good day to reflect instead on what we should do.

How to be better with passwords

The number one thing you can do to improve your security online is to always use a different, random password each time you create a new account on the web. Not everyone has the same tight security as Fastmail, and you don’t want a hacker that gains access to your local library to now also have the password to your email and your bank!

But coming up with random passwords is hard, and memorising them even harder, which is why these days we strongly recommend you use a password manager to create and remember your passwords for you.

What is a password manager?

A password manager is a digital vault, similar to how the banks of yesteryear stored jewels and high-value items for their customers. The vault securely stores your passwords in an encrypted format that cannot be accessed by anyone but you. When required, it will create unique, complex passwords and auto-fill them across your various applications.

We like and use 1Password, which keeps your passwords securely in sync across all your devices and integrates with Fastmail’s Masked Email feature. However, there are other good alternatives too, and a built-in one in every browser these days — find one that works for you and use it!

As well as remembering your passwords for you, password managers help protect you against phishing by only auto-filling your password when you’re at the genuine website for the account.

The zero password future

Today’s password managers don’t just store passwords, they can also store something better — a passkey.

In 2024, Fastmail introduced passkey support to provide you with even greater online security. A passkey is a highly secure cryptographic key that works like a digital handshake between your password manager and the website you are logging in to. This ensures it’s definitely you logging in, and — just as importantly — definitely the real site you are logging in to! We wrote a great blog post if you want to learn why passkeys are better than passwords.

Online scams like phishing emails are increasingly hard to distinguish from legitimate messages. Scammers, or even AI agents, can now convincingly impersonate your trusted contacts and companies. As a result, even technically savvy individuals can unknowingly give away passwords. Passkeys provide the strongest protection against these threats.

How does Fastmail work with 1Password?

In 2021, Fastmail partnered with 1Password to bring Masked Emails to our customers. This lets you create a unique email address for each account you have online, keeping your real email address private. Working together, you can use Fastmail with 1Password to achieve the greatest protection online through private and secure email addresses and passwords every time you sign up to a new site.

For more information on how to use 1Password with Fastmail, you can read our help article here.