Cybersecurity 101: Why You Need To Use A Password Manager
If you thought passwords will soon be dead, think again. They’re here to stay — for now. Passwords are cumbersome and hard to remember — and just when you did, you’re told to change it again. And sometimes passwords can be guessed and are easily hackable.
Nobody likes passwords but they’re a fact of life. And while some have tried to kill them off by replacing them with fingerprints and face-scanning technology, neither are perfect and many still resort back to the trusty (but frustrating) password.
How do you make them better? You need a password manager.
What is a password manager?
Think of a password manager like a book of your passwords, locked by a master key that only you know.
Some of you think that might sound bad. What if someone gets my master password? That’s a reasonable and rational fear. But assuming that you’ve chosen a strong and unique, but rememberable, master password that you’ve not used anywhere else is a near-perfect way to protect the rest of your passwords from improper access.
Password managers don’t just store your passwords — they help you generate and save strong, unique passwords when you sign up to new websites. That means whenever you go to a website or app, you can pull up your password manager, copy your password, paste it into the login box, and you’re in. Often, password managers come with browser extensions that automatically fill in your password for you.
And because many of the password managers out there have encrypted sync across devices, you can take your passwords anywhere with you — even on your phone.
Why do you need to use one?
Password managers take the hassle out of creating and remembering strong passwords. It’s that simple. But there are three good reasons why you should care.
Passwords are stolen all the time. Sites and services are at risk of breaches as much as you are to phishing attacks that try to trick you into turning over your password. Although companies are meant to scramble your password whenever you enter it — known as hashing — not all use strong or modern algorithms, making it easy for hackers to reverse that hashing and read your password in plain text. Some companies don’t bother to hash at all! That puts your accounts at risk of fraud or your data at risk of being used against you for identity theft.
But the longer and more complex your password is — a mix of uppercase and lowercase characters, numbers, symbols and punctuation — the longer it takes for hackers to unscramble your password.
The other problem is the sheer number of passwords we have to remember. Banks, social media accounts, our email and utilities — it’s easy to just use one password across the board. But that makes “credential stuffing” easier. That’s when hackers take your password from one breached site and try to log in to your account on other sites. Using a password manager makes it so much easier to generate and store stronger passwords that are unique to each site, preventing credential stuffing attacks.
And, for the times you’re in a crowded or busy place — like a coffee shop or an airplane — think of who is around you. Typing in passwords can be seen, copied and later used by nearby eavesdroppers. Using a password manager in many cases removes the need to type any passwords in at all.
Which password manager should you use?
The simple answer is that it’s up to you. All password managers perform largely the same duties — but different apps will have more or relevant features to you than others.
Anyone running iOS 11 or later — which is most iPhone and iPad users — will have a password manager by default — so there’s no excuse. You can sync your passwords across devices using iCloud Keychain.
For anyone else — most password managers are free, with the option to upgrade to get better features.
If you want your passwords to sync across devices for example, LastPass is a good option. 1Password is widely used and integrates with Troy Hunt’s Pwned Passwords database, so you can tell if (and avoid!) a password that has been previously leaked or exposed in a data breach.
Many password managers are cross-platform, like Dashlane, which also work on mobile devices, allowing you to take your passwords wherever you go.
And, some are open source, like KeePass, allowing anyone to read the source code. KeePass doesn’t use the cloud so it never leaves your computer unless you move it. That’s much better for the super paranoid, but also for those who might face a wider range of threats — such as those who work in government.
What you might find useful is this evaluation of five password managers, which offers a breakdown by features.
Like all software, vulnerabilities and weaknesses in any password manager can make put your data at risk. But so long as you keep your password manager up to date — most browser extensions are automatically updated — your risk is significantly reduced.
Simply put: using a password manager is far better for your overall security than not using one.