For the better part of a decade, I employed a mnemonic password system to remember every password for every website that required one.
In early 2020, I deleted every password that mattered and replaced them with a randomly-generated string of characters (comprising capital letters, lower-case letters, numbers, and symbols).
I use an open-source password manager called Bitwarden that creates the passwords and auto-logs me into websites that require them.
Additionally, I use a program called Authy which backs-up two-factor authentication codes into the cloud. This avoids needing my email address or my phone.
Now, it doesn’t matter if I’m logging into Facebook or the Washington Post because while I usually know my username, I definitely don’t know my password. But by logging into Bitwarden, it is pre-configured know when and where to input the correct login credentials. All I have to do is click a button to tell Bitwarden to do it.
Authy comes into play if the website (or I) want to verify I am the only person authorized to use that account. This is in place on everything from Gmail to PayPal to my blog. And if I don’t have my phone on me, I can still safely log into everything.
You should use password management in this age of Russian hacking, especially if and when using easy-to-guess passwords that might include dictionary words. Password managers such as Bitwarden, LastPass, 1Password, etc. will create and store your hard-to-guess website passwords and you only need to know the master password to access the application.
As for two-factor authentication, that might not be for you. But if you’re frequently (or rarely, for that matter) logging into websites or apps that can control your money or identity, then you should definitely set it up.