Who this is for: anyone tired of being locked out, and the families fielding the reset calls Reading time: about 5 minutes In one line: you do not need to remember forty passwords. You need one good system, and it is simpler than you fear.
If passwords make you feel anxious, defeated, or quietly furious, you are not the problem. The system is the problem. Humans were asked to memorise dozens of unique, complicated, ever-changing secrets, and then blamed for failing at a task no human can do. Half the lockouts, resets, and "I just can't deal with this today" moments we see in homes trace back to passwords.
The good news: this is the most fixable problem in this entire guide series. Here is a realistic system, in plain English, with versions for different comfort levels.
First, lower the stakes
Not all passwords matter equally, and pretending they do is what makes the whole thing overwhelming. There are really only three tiers:
The crown jewels. Your email password and your banking passwords. Email is the big one, and most people underrate it: whoever controls your email can reset almost everything else you own. These few passwords deserve real care.
The important middle. MyGov, your device login or PIN, anything holding your cards or health records.
Everything else. The newspaper, the recipe site, the shopping login. If one of these is compromised, you have lost very little, provided it does not share a password with the crown jewels.
Most password panic comes from treating all forty accounts like crown jewels. Stop. Protect the few that matter enormously, be sensible about the middle, and relax about the rest.
The two rules that do most of the work
Rule one: your email password is used for email and nothing else. Reusing your best password everywhere means the day some minor website leaks its database, strangers hold the keys to your whole life. One account, one password, starting with email.
Rule two: longer beats cleverer. Forget Tr0ub4dor!7. The strongest passwords ordinary people can actually use are passphrases: three or four random words strung together. CorrectBatteryHorseLamington is vastly stronger than any eight-character puzzle, and you can actually type it. Make one for your email, a different one for banking, and you have done the most important security work of your year.
Now, where do the rest live?
Choose the option that matches your comfort. Each one is honest about its trade-offs.
Option one: the password book. Yes, a physical notebook, written in pen, kept at home somewhere sensible. Security people sneered at this for years and have largely stopped, because the realistic threat to most people is a criminal on the other side of the world, not a burglar reading your bookshelf. A password book cannot be hacked. Its weaknesses are fire, loss, and visitors, so keep it discreet and tell one trusted person where it lives. If a book is what you will actually use, a book is a good system.
Option two: let your device remember. Your phone, tablet, and browser offer to save passwords and fill them in automatically, locked behind your device PIN, fingerprint, or face. For many people this is the sweet spot: no typing, no memorising, works invisibly. Its weakness is that it ties you to your device, which is why the crown jewels also live somewhere else, like the book.
Option three: a password manager. One app holds every password, locked behind a single master passphrase, available on all your devices. This is what security professionals use and the strongest option of the three. It is also the most confronting to set up alone, which is the honest reason most people who would benefit never start. It is an ideal thing to set up with patient help rather than instead of it.
There is no prize for choosing the fanciest option. The best system is the one you will still be using in a year. For plenty of our clients, the winning combination is the book for the crown jewels plus the device remembering the rest, and it works beautifully.
The reset, demystified
Here is a secret that deflates a lot of password fear: forgetting a password is usually a thirty-second problem, not a crisis. Nearly every login has a "forgot password" link that sends a reset to your email or phone. This is also why your email password is the crown jewel: it is the master key to every reset.
So the realistic safety net looks like this. Protect email above all. Keep your phone number current with your bank and MyGov, because that is where reset codes go. And when a code arrives by text, use it yourself and never read it out to anyone who rings you, no matter who they claim to be. A reset code spoken aloud to a caller is how accounts get stolen.
One more layer for the things that matter
When a bank or email account offers "two-factor authentication", say yes. It simply means a code goes to your phone when you log in somewhere new, so a thief with your password still cannot get in. It is the single biggest security upgrade available to ordinary people, and it is free.
The afternoon that fixes it
This whole mess is genuinely an afternoon's work to clean up: new passphrases for email and banking, two-factor turned on, a home chosen for everything else, and a written record that makes sense. Then the resets stop, the lockouts stop, and the low hum of password dread goes quiet.
It is also precisely the kind of afternoon we do with clients, at the kitchen table, at whatever pace suits. Nobody gets talked down to, and you keep a plain-language record of everything we set up.
Locked out more than you would like? Start with a free 15-minute call. Email phil@graymatter.team or visit graymatter.team.
Gray Matter Solutions Pty Ltd, ABN 24 678 904 231. In-home technology support across Sydney's Northern Beaches, North Shore, and Inner West. NDIS, Support at Home, or private.
Want a hand with this?
Gray Matter Solutions provides patient, in-home technology support across the Northern Beaches, North Shore, and Inner West of Sydney. The easiest way to start is a free 15-minute call.