Better password safety in five minutes


If 2014 left you uneasy about your cybersecurity, you have good reason. Data breaches at JP Morgan, eBay, Home Depot and many more companies made headlines all year long.

Passwords offer protection, of course, but with 58 percent of Americans having at least five unique online passwords and 30 percent having 10 or more, how is the average consumer supposed to keep track?

Read MoreTop 5 cybersecurity risks for 2015

That is where password managers come in. Password managers like LastPass, KeePass and Dashlane let you store log-in information for numerous websites, protecting all that information with a single master password. All you need to remember is that master password. The manager keeps track of all the individual passwords you store with it, and some will even give you assessments on the strength of your passwords. Some password managers save your information in the cloud, while others, like RoboForm, store your passwords locally.

Lance James, head of cyber intelligence at Deloitte & Touche, argued that the rise of password managers is a plus on several levels. He said he doubts the password managers will eliminate cyberfraud, but when consumers use the managers, "it's making them more aware, and that's good. It's like being aware of crime in your neighborhood."

Amazon, Groupon among sites with worst password security: Study

Password generation

Alengo | E+ | Getty Images

Signing up for LastPass, one of the password managers recommended by PC Magazine, took 3 1/2 minutes, though the incorporation of passwords is a separate process.

One feature that many password managers are promoting is password generation — the creation of new passwords if a site you use has been hacked. It's a much simpler way to maintain your protection than laboriously changing your passwords one by one.

Read MoreWorried about your password? Change it....now!

But be careful: a newly generated password could trip you up if you try to use it with sites that require you to put in your passwords directly. For example, Mint, the online budgeting tool, requires users, not password managers, to supply any new passwords. "If a password changes, a Mint customer needs to share that with Mint," said a spokeswoman for Intuit, which owns Mint. "Mint does not communicate with password generators or managers."

Without a current password for a customer's financial account, Mint cannot provide that customer with up-to-date budget information.

James is one expert who believes passwords can be more robust if consumers instead use pass phrases, or strings of words, ideally with characters embedded, that are harder for thieves to obtain. "When you increase that length, the chance of anybody breaking it," he said, "is pretty low."

There are some security experts who predict that passwords will eventually go the way of the buggy whip as other verification measures such as fingerprints and eye scans become more widespread.

Read MoreForget passwords: This is the future of logging in

James, though, believes "passwords really are not bad." Especially when consumers manage them right.