It’s the first Thursday in May, and that makes it World Password Day! Here are some fun ways to celebrate:

Check your email address at Have I Been Pwned. If you’ve got an account on a site that has been hacked (and you probably do), this will tell you about it.

Change a couple of passwords. You know that Instagram password that you set in 2014? Yeah, time to change it.

Start using a password manager. You know you’re supposed to use a different, strong password for every site and app, but that’s just hard for a human. You know who’s good at that? Computers. Your browser probably has a decent password manager built in, to generate, store, and fill in passwords like “Lfn9@0$TK”. Standalone password manager apps add additional features like filling in passwords for app logins.

Step up your two-step game. We all have to use two-step verification (aka two-factor authentication) for our WFU Google accounts, and I strongly recommend using two-step everywhere else that supports it. But be aware that hackers have gotten good at getting text messages redirected, so if they already have your password, they can get a login code sent via text, and defeat two-step verification. Many sites support authentication applications that generate those codes by themselves, with no need to receive a text.

Consider doing away with passwords (where possible). Many web sites allow you to login through your Google or Facebook account rather than setting up a new account on that site. If you do, be aware that Google or Facebook with get information on when you login to that site, so that’s just one more thing they know about you. But you should also be aware that the website you’re logging into never receives your password, you get the strong two-step verification you’ve already set up, and you can revoke that web site’s permission to log you in that way.

Yes, you may write down your important passwords! Just be smart about it. Anxiety about losing your passwords is natural, and writing them down for safekeeping can be a smart step to take. Taping them to your laptop or keeping them in your wallet is a little less smart. So lock them in a drawer or a safe – or inside the gravy boat you only use at Thanksgiving – but away from your laptop, and maybe not labelled “Important Internet Passwords”.

If you’re looking for a last-minute World Password Day present you could consider:

  • A password manager like 1Password, LastPass, or Dashlane. These are increasingly paid subscriptions, in part because the free options built into your browser are getting continually better. So shop around a little to see what meets your needs.
  • An authentication app like Authy, Microsoft Authenticator, or Google Authenticator (for Android or iOS). [Pro tip: if you run an authentication app on your phone, do a little homework on how to move it before uninstalling it or getting a new phone.]