Overcome password frustration with Joe Kissell's expert advice!

Take Control of
Your Passwords

Fourth Edition
Joe Kissell

Password overload has driven many of us to take dangerous shortcuts. If you think ZombieCat12 is a secure password, that you can safely reuse a password, or that no one would try to steal your password, think again! Overcome password frustration with expert advice from Joe Kissell!

All Take Control books are delivered in two ebook formats—PDF and EPUB—and can be read on nearly any device.


Passwords have become a truly maddening aspect of modern life, but with this book, you can discover how the experts handle all manner of password situations, including multi-factor authentication that can protect you even if your password is hacked or stolen.

The book explains what makes a password secure and helps you create a strategy that includes using a password manager, working with oddball security questions like “What is your pet’s favorite movie?”, and making sure your passwords are always available when needed.

Bundle special! Save 33% when you buy this along with Take Control of 1Password for just $20.

Joe helps you choose a password manager (or switch to a better one) in a chapter that discusses desirable features and describes nine different apps, with a focus on those that work in macOS, iOS, Windows, and Android. The book also looks at how you can audit your passwords to keep them in tip-top shape, use two-step verification and two-factor authentication, and deal with situations where a password manager can’t help.

New in the Fourth Edition is complete coverage of passkeys, which offer a way to log in without passwords and are rapidly gaining popularity—but also come with a new set of challenges and complications. The book also now says more about passcodes for mobile devices.

An appendix shows you how to help a friend or relative set up a reasonable password strategy if they’re unable or unwilling to follow the recommended security steps, and an extended explanation of password entropy is provided for those who want to consider the math behind passwords.

“Awesome. You did an amazing job breaking it down. This should be mandatory reading.” –Rich Mogull, CEO at Securosis

This book shows you exactly why:

  • 9-character passwords with upper- and lowercase letters, digits, and punctuation are not strong enough.
  • You cannot turn a so-so password into a great one by tacking a punctuation character and number on the end.
  • It is not safe to use the same password everywhere, even if it’s a great password.
  • A password is not immune to automated cracking because there’s a delay between login attempts.
  • Even if you’re an ordinary person without valuable data, your account may still be hacked, causing you problems.
  • You cannot manually devise “random” passwords that will defeat potential attackers.
  • Just because a password doesn’t appear in a dictionary, that does not necessarily mean that it’s adequate.
  • It is not a smart idea to change your passwords every month.
  • Truthfully answering security questions like “What is your mother’s maiden name?” does not keep your data more secure.
  • Adding a character to a 10-character password does not make it 10% stronger.
  • Easy-to-remember passwords like “correct horse battery staple” will not solve all your password problems.
  • All password managers are not pretty much the same.
  • Passkeys are beginning to make inroads, and may one day replace most—but not all!—of your passwords.
  • Your passwords will not be safest if you never write them down and keep them only in your head.

But don’t worry, the book also teaches you a straightforward strategy for handling your passwords that will keep your data safe without driving you batty.

“Joe handles a confusing and scary subject more clearly and calmly than I would have thought possible. I’ll be recommending this book to just about everybody I know.” –William Porter, database developer, author, photographer

Joe Kissell

About Joe Kissell

Take Control publisher Joe Kissell has written more than 60 books about technology, including many popular Take Control books. He formerly wrote for publications such as Macworld, Wirecutter, and TidBITS. He lives in Saskatoon with his wife and their two sons.

What’s New in the Fourth Edition

Since the previous edition of this book, the topic of password security has grown considerably more complex. Version 4.0 updates the book to cover the latest technologies, including the following significant changes:

  • Updated “Usernames and Passwords: an Outdated Model” with information on passkeys, magic links (see the sidebar “What About Magic Links?”), and software changes.
  • Mentioned Sign in with Apple and Hide My Email in “Should Usernames Be Unique and Random Too?.”
  • Added a new topic that addresses the normally short, numeric passcodes used to unlock phones and tablets; see “What About Mobile Device Passcodes?.”
  • In “Physical Keys,” I now discuss newer security key variants.
  • Thoroughly updated “Example Password Managers” to cover the latest app versions, capabilities, and prices. I also updated the “Missing Managers” sidebar to talk about why some password managers no longer appear in the book, and I added an entirely new sidebar to more fully explain the situation with LastPass; see “The Decline and Fall of LastPass.”
  • Removed the topic “Use Wireless Networks Safely,” which was too tangential to the topic of the book, and didn’t accurately reflect modern security norms.
  • Added a big new chapter, “Authenticate Without Passwords,” that provides detailed information on passkeys—the up-and-coming technology that may eventually replace passwords for good.
  • Read Me First
    • Updates and More
    • Basics
    • What’s New in the Fourth Edition
  • Introduction
  • Passwords Quick Start
  • Understand the Problems with Passwords
    • Simple for You, Simple for Them
    • The One and the Many
    • The Major Threats
    • Timeworn Tricks
    • Usernames and Passwords: an Outdated Model
  • Learn About Password Security
    • What Makes a Good Password?
    • All About Entropy
    • Why a Great Password Isn’t Enough
    • What About Mobile Device Passcodes?
    • Understanding Security Questions and Reset Procedures
    • Multi-Factor Authentication
    • Authenticating with Another Site’s Credentials
  • Apply Joe’s Password Strategy
    • Figure Out Which Passwords You Must Memorize
    • Create Strong but Memorable Passwords
    • Use a Password Manager for Everything Else
    • Handle Security Questions
    • Manage Email Options
    • Deal with Exceptions and Surprises
  • Pick a Password Manager
    • Features to Look For
    • Example Password Managers
    • Joe’s Recommendations
  • Keep Your Passwords Secure
    • Avoid the “Weakest Link” Problem
    • Back Up Your Passwords
    • Prepare an Emergency Password Plan
  • Audit Your Passwords
    • Understand the Overall Process
    • Look for Weak Passwords
    • Triage Your Passwords
    • Update a Password
    • Check for Compromised and Vulnerable Passwords
  • Authenticate Without Passwords
    • How Passkeys Work
    • Operating System & Browser Integration
    • How to Create and Use a Passkey
    • Syncing Passkeys Across Devices
  • Appendix A: Use Two-Factor Authentication
    • Two-Step Verification Basics
    • Use Apple’s Enhanced Security Options
    • Use Dropbox’s Two-Step Verification
    • Use Facebook’s Two-Step Verification
    • Use Google’s Two-Step Verification
    • Use Microsoft’s Two-Step Verification
    • Use Twitter’s Two-Factor Authentication
  • Appendix B: Help Your Uncle with His Passwords
    • Password Manager Compromises
    • Password Reuse Compromises
    • Password Complexity Compromises
  • Appendix C: Calculate Password Strength
    • The Entropy Formula
    • An Aside: Doing Math with Google
    • Why That Entropy Formula Is Wrong
    • Back to zxcvbn
    • Password Strength Summary
    • For Further Reading
  • About This Book
    • Ebook Extras
    • About the Author and Publisher
    • Credits
  • Also by Joe Kissell
  • Copyright and Fine Print

Joe Kissell Discusses Passwords on MacVoices

Posted by Joe Kissell on June 26, 2023

Joe Kissell joined host Chuck Joiner on MacVoices to talk about Take Control of Your Passwords, Fourth Edition.

In part one, Joe discusses the continuing importance of good passwords and what’s going on with passkeys, which promise one day to replace passwords.

In part two, Joe talks more about passkeys and discusses mobile device security.

Joe Kissell delves into passwords yet again on MacVoices

Posted by Joe Kissell on August 8, 2021

Once again, Joe Kissell joined Chuck Joiner on MacVoices to discuss passwords in the context of his recently updated books Take Control of Your Passwords version 3.2 and Take Control of 1Password, Fifth Edition.

In part one, Joe talks about passwords generally, including changes that may affect your overall password strategy.

In part two, Joe covers some of the new features in 1Password.

Joe Passes the Word about Passwords on MacVoices

Posted by Michael E. Cohen on March 30, 2016

Joe and Chuck Joiner of MacVoices sit down for a wide-ranging chat about the new edition of this book and the state of passwords in this age of multi-factor authentication, password entropy, and password managers. They discuss all the myriad ways you can improve your personal online security without having to create and memorize a new password like R>preVckEf7*fh% every few weeks.

Take Control and eSellerate Unaffected by Heartbleed Bug

Posted by Adam Engst on April 15, 2014

For anyone who is wondering, neither the Take Control Web site nor the eSellerate ecommerce site that we use for purchases were ever vulnerable to the Heartbleed bug, so you don’t need to worry about the security of your Take Control transactions or account information. There’s no reason to change your Take Control password either, although it’s always a good idea to do that if your current password is weak.


There are no reviews yet.

Be the first to review “Take Control of Your Passwords”

I've purchased several of [Joe's] books and found them more than helpful... you have kept me from committing technocide and offing my computers and iPhone. I am going to purchase more of your books as soon as I'm finished with this email. —Michael Israel, performance artist

I've been reading your Take Control books for years, and this book is the best yet. Just the right amount of knowledge to inspire action. The way most people do this stuff is frightening. I, for one, am going to move my personal stuff to your new system. —Matt C.

The author provides many useful tips to assist developing passwords and password management strategies. Do you know what a VIP list is relative to password security? I didn’t, but I do now, and I’m using it! — David M. Acklam, MyMac review

You may also like…