Passwords are the bane of our modern existence. Nearly anything you want to do, it seems, calls for a password. As the Internet’s reach extends beyond computers and into phones, TVs, appliances, and even toys, we have to enter passwords with increasing frequency and in ever more annoying ways.

To make dealing with passwords easier and more secure, everyone should use a password manager like 1Password or LastPass. Such apps generate random long passwords like kD*SSDcCl7^6FN*F, store those passwords securely, and automatically enter them for you when you need to log in to a Web site. They are essential in today’s world.

You’ll still need a few passwords you can remember and type manually—for instance, the master password for your password manager and your Apple ID password. Make sure those passwords are at least 12 characters, and we recommend going to at least 16 characters.

If you’re unsure of the best way to create a strong password, try taking the first letter of each word in a sentence you can remember, and also change a few words to digits. Then “Now is the time for all good men to come to the aid of the party!” becomes a password along the lines ofNitt4agm2c2ta0tp!. So that no eavesdroppers learn your password, avoid saying your sentence out loud whenever you enter it! Or, combine four or five unrelated dictionary words, likecorrect-horse-battery-staple, that add up to at least 28 characters. (Don’t use the examples in this paragraph!)

When possible, take advantage of two-factor authentication on sites like Apple, Google, Dropbox, Facebook, Twitter, and more. Accounts protected by two-factor authentication essentially require that you enter a second, time-expiring password as part of the login process. You’ll get that second password via text message, authenticator app, or other notification method when you log in.

But what we really want to talk about today is what you should not do with passwords. Follow these tips to avoid making mistakes that can undermine even the security provided by a password manager.

1. Don’t use the same password twice. This is key, because if the bad guys get your password—no matter how strong—for one site, they’ll try it on other sites.
2. Don’t share passwords with anyone you don’t trust completely. That’s especially true of passwords to accounts that contain sensitive information or that can be used to impersonate you, like email and social media. However, sometimes you have to share a password, such as to a club blog with multiple authors. In that case…
3. Don’t send passwords to shared sites via email or text message. If someone hacks into your recipient’s email or steals their phone, the password could be compromised. Instead, use a site like One-Time Secret to share a link that shows the password only once, after which the recipient should put the password into their password manager.
4. Don’t write your passwords on sticky notes. Yeah, it’s a cliché, but people still do it. Similarly, don’t put all your passwords in a text file on your computer. That’s what password managers are for—if someone steals your computer, they can’t break into your password manager, whereas they could open that text file easily.
5. Don’t change passwords regularly if you don’t have to. As long as every site has a strong, unique password, changing a password is a waste of time, especially if doing so makes you write down the password or communicate it insecurely. If you do have to update a password regularly, a password manager makes the task much easier.

We realize that it’s tempting to take the easy road and share a password with a friend via email or write a particularly gnarly one on a sticky note. But today’s easy road leads directly to identity theft and is paved with insecure password habits. You might think no one would pay attention to little old you, but times have changed, and organized crime is interested in any Internet account that can be cracked.

In macOS 10.13 High Sierra, Apple significantly enhanced the editing capabilities of Photos, adding tools for adjusting specific colors, fine-tuning color and contrast via curves, and even focusing an image with vignetting. But it still lacks many features found in other image editors, including applying a filter to an arbitrary portion of an image and adding text to an image. Happily, the latest version of Photos brings back a feature from iPhoto that lets you edit any image with any editor on your Mac. Just Control- or right-click a photo and choose Edit With > YourFavoriteImageEditor, and the photo opens in that app. Make your changes, and when you save, those changes are reflected in the version in Photos.

Although macOS 10.13 High Sierra was light on new features, it did bring one welcome addition to Safari—site-specific settings. Imagine that you regularly visit a blog that you prefer to read using Safari’s Reader view. Rather than invoke it each time you visit, you can now set Safari to use Reader automatically on that site. Similarly, if there’s a site whose text is too small, Safari can remember your page zoom setting for that site. Neat, eh?

Here’s how to make the most of Safari’s site-specific settings. First, load a site whose settings you’d like to customize. Then, choose Safari > Preferences and click Websites in the toolbar. You see a list of general settings in the sidebar at the left, followed by any plug-ins you’ve installed. For each setting or plug-in, you can set what happens when you visit the site you just loaded—or, if you have a bunch of sites open in different tabs, you can customize the behavior for any open site. Here are your options.

Reader

Reader view displays an article as a single page that’s formatted for easy reading, without ads, navigation, or other distractions. It’s such a significant change that it’s off by default—you enable it by clicking the Reader button to the left of the URL in the address bar. To turn it on for all of a site’s articles, in Safari’s Websites preferences, select Reader and choose On from the pop-up menu next to the site name.

Content Blockers

Another way of seeing fewer Web ads is to install a Safari content blocker. Choose Safari > Safari Extensions to open Safari’s Extension Gallery, and then scroll down slightly to find the page’s Search field, where you can search for blocker. There are lots—look for one like Adguard AdBlocker that supports Safari’s content blocking API. Once you’ve installed one, select Content Blockers in the Websites preferences. By default, Safari blocks ads on all sites, so choose Off from the pop-up menus for sites whose ad content you want to see.

Auto-Play

Little is more annoying than sites that play a video when a page loads, distracting you from the text you want to read. Even worse are those sites—Macworld, we’re looking at you—that auto-play videos that aren’t even related to the page. Safari squelches auto-playing videos by default, but for sites like YouTube, you might want to allow videos to play. You can also choose to stop only videos that have sound.

Page Zoom

It’s easy to hit Command-Plus to zoom in on a page, increasing the text and graphics proportionally, but who wants to do that every time you visit a page sporting barely readable words? With the Page Zoom setting, Safari will use your preferred zoom every time you visit a particular site. In fact, you don’t have to do anything other than set a zoom level with Command-Plus when you’re viewing a site because Safari remembers it automatically, as you can see in the Configured Websites section for Page Zoom. To tweak it manually, choose a zoom level from the site’s pop-up menu.

Camera & Microphone

Apart from Web conferencing services, you’re unlikely to run across many sites that want to access your Mac’s camera and microphone. That’s why the Camera and Microphone settings default to asking you whenever a site wants permission to record you. If you find it irritating to be asked constantly by a site you use often, choose Allow from the pop-up menu for that site. And if a site asks repeatedly but you never want to allow it, choose Deny to stop the prompts.

Location

Most Web sites that ask for your location want to determine how close you are to particular stores. If that’s information you’re interested in sharing, let them see where you are, by all means. And if you’re using a mapping service that wants your location, it’s entirely reasonable to set its pop-up menu to Allow. But if a site keeps asking and it feels creepy, set it to Deny.

Notifications

Are there sites whose new posts you’d like to know about right away? If they support Web notifications and you give them permission, they can post push notifications that appear on-screen and in Notification Center, just your other notifications.

The Notifications preferences look different from the others because they show only sites that have asked for permission in the past. Safari remembers your choice, and if the site gets annoying later, you can always take back permission by changing the Allow pop-up menu to Deny. And if you never want to be prompted for push notifications—they can be distracting—uncheck the “Allow websites to ask for permission to send push notifications” checkbox at the bottom of the pane.

Plug-ins

It’s impossible to know what plug-ins you’ve installed, but Safari is configured to make sites ask for permission to use a plug-in each time you visit. That’s the safest setting, but for any given site and plug-in, you can use the pop-up menu to give the site access (choose On) or not (choose Off). And if you can’t even remember what a plug-in does, you can deselect its checkbox to disable it.

That’s it! Some of Safari’s site-specific settings work without any interaction from you, such as your page zoom and notification preferences. Others require a tiny bit of configuration, but that’s a small price to pay for the Web working more the way you want.

File this as reason number 17 why Apple Pay is better than plastic. Let’s say your credit card expires and your bank sends you a new card with a revised expiration date. Or perhaps your bank replaces your card with one that has a new number. Either way, most credit card issuers automatically update the credit card expiration date and number in Apple Pay so you don’t have to make those changes yourself. (If your bank doesn’t do this, you’ll have to remove the old card and add the new one.) However, if you move or change your billing address, you’ll need to update that info yourself: in iOS, go to Settings > Wallet & Apple Pay; in macOS on a MacBook Pro with Touch ID, go to System Preferences > Wallet & Apple Pay.

You’ve undoubtedly seen those odd-looking square QR codes on product packaging, a business card, or a flyer. In the past, you needed a special app to scan a QR code to see what Web URL, contact card, Wi-Fi network, or other piece of information it held. In iOS 11, though, you can just point your iPhone or iPad camera at a QR code—no need to take a picture! Then tap the notification that appears at the top of the screen to display whatever data was encoded by the QR code.

All iPhones pick up fingerprints, and it’s all too easy to get your iPhone dirty with ink, lotion, makeup, dirt, food, and oil. If you’re faced with an iPhone that needs cleaning, resist the urge to spray it with window cleaner, rubbing alcohol, or ammonia, or, even worse, to scrub it with baking soda or Borax. That’s because all iPhones have oleophobic—oil repellent—coatings on their glass surfaces that make it easy to wipe off fingerprints. You don’t want to remove that coating any faster than it will wear off normally, and cleaning products will strip it quickly. Instead, Apple recommends a soft, lint-free cloth such as you would use for glasses or camera lenses. By the way, even though the iPhone 7 and later have some level of dust and water resistance, it’s important to avoid getting moisture in the openings—most of the time, a lens cloth should be all you need.