I’m using 184 unique passwords for 199 different websites. The average length of these passwords is 15,7 characters. Using a different password for each site is a choice I made a few years ago. As soon as you use a password for one site, that site can see that password and try to use that password on other sites. Imagen you sign up with your gmail email address on a malicious site. Wouldn’t it be easy enough for that malicious site to try to login with that password on your actual gmail account?
You probably wonder how I deal with 184 unique passwords. Well, it’s easy, you can use a password manager. I use LastPass as password manager. It stores your passwords in an online vault. The vault is encrypted on your local computer/device, so the LastPass company does not have your actual passwords, only the encrypted ones.
It is integrated in your browser with a plugin. This means that as soon as you hit a website with a login form, it fills in your username and passwords, that way you only have to press the submit button to login, or it can even auto-login if you prefer that. Whenever you are register on a website, it sees the password field and suggest to generate a password. I usually use that. You can also generate a password with a keystroke (alt-g).
Actually that means I don’t really care about passwords anymore, they are (if the site allows it) 20 characters long, auto generated by LastPass and when i visit the site it automatically logs me in. You basically never get to see most of them. You can also share passwords with friends and family, auto fill in forms, store notes safely, maintain records of important documents (id numbers to block if they get stolen for example) and it won’t fill in your password in phising sites if you ever make a mistake and end up there.
LastPass needs a master password to function, you better pick a safe one for that, but it can limit logins to a certain country, use several different types of 2 factor authentication and can use One Time Passwords if you like. I’m not saying LastPass is perfect, I’m not saying I can not be hacked, but I know for sure that it’s a lot safer than using only a handful of passwords on 199 sites.