“NO MATTER how much alphanumeric complexity you add to passwords, chances are they’re still not strong enough. Don’t worry, mine are even weaker. Against all advice, I’m only willing to deliver the bare minimum asked of me when it comes to mixing numbers, letters and symbols. I stupidly use the same passwords for multiples sites, I rarely change them (unless forced to), and I hide them in very obvious places. Any grade-school computer nerd could hack me on most platforms were it not for an extra layer of security: my YubiKey 5 (from $45, yubico.com). This encrypted device is a unique two-factor authentication system similar to what you’re already using (right?) to bolster your online security. If you’re not, here are the basics: When logging into a site with two-factor from a new device, entering a password triggers the site to text you a randomly generated code you then type in to complete a login. It seems foolproof at first—no phone, no code. But anything digital is ultimately hackable and online criminals have already found crafty ways to intercept texts.
Here’s what’s different about the YubiKey and its competitor the Google Titan ($50, store.google.com): They must be in hand and physically connected to a device before you can access online accounts—either plugged into a USB port or pressed against a phone (which activates the key via Near Field Communication)…”