We are entrenched in the era of passwords. So much of our daily lives are online in the form of banking, investments, social media accounts, email and utilities websites. Although we need to drive less to get our errands done, we still need a password to get into every website that has any personal information. But as the credentials accumulate, how can we keep track of them all in a secure manner? And what happens if we're in Hawaii and left the password Rolodex in our secret spot at home? Well, if any of this resonates with you, it might be time to utilize an online password manager.
The below article is from Tech Crunch and will outline what a password manager is, why they're helpful, and which ones you might want to use for yourself. Read on below...
What is a password manager?
Think of a password manager like a book of your passwords, locked by a master key that only you know.
Some of you think that might sound bad. What if someone gets my master password? That’s a reasonable and rational fear. But assuming that you’ve chosen a strong and unique, but rememberable, master password that you’ve not used anywhere else is a near-perfect way to protect the rest of your passwords from improper access.
Password managers don’t just store your passwords — they help you generate and save strong, unique passwords when you sign up to new websites. That means whenever you go to a website or app, you can pull up your password manager, copy your password, paste it into the login box, and you’re in. Often, password managers come with browser extensions that automatically fill in your password for you.
And because many of the password managers out there have encrypted sync across devices, you can take your passwords anywhere with you — even on your phone.
Why do you need to use one?
Password managers take the hassle out of creating and remembering strong passwords. It’s that simple. But there are three good reasons why you should care.
Passwords are stolen all the time. Sites and services are at risk of breaches as much as you are to phishing attacks that try to trick you into turning over your password. Although companies are meant to scramble your password whenever you enter it — known as hashing — not all use strong or modern algorithms, making it easy for hackers to reverse that hashing and read your password in plain text. Some companies don’t bother to hash at all! That puts your accounts at risk of fraud or your data at risk of being used against you for identity theft.
But the longer and more complex your password is — a mix of uppercase and lowercase characters, numbers, symbols and punctuation — the longer it takes for hackers to unscramble your password.
The other problem is the sheer number of passwords we have to remember. Banks, social media accounts, our email and utilities — it’s easy to just use one password across the board. But that makes “credential stuffing” easier. That’s when hackers take your password from one breached site and try to log in to your account on other sites. Using a password manager makes it so much easier to generate and store stronger passwords that are unique to each site, preventing credential stuffing attacks.
And, for the times you’re in a crowded or busy place — like a coffee shop or an airplane — think of who is around you. Typing in passwords can be seen, copied and later used by nearby eavesdroppers. Using a password manager in many cases removes the need to type any passwords in at all.
Which password manager should you use?
The simple answer is that it’s up to you. All password managers perform largely the same duties — but different apps will have more or relevant features to you than others.
Anyone running iOS 11 or later — which is most iPhone and iPad users — will have a password manager by default — so there’s no excuse. You can sync your passwords across devices using iCloud Keychain.
For anyone else — most password managers are free, with the option to upgrade to get better features.
If you want your passwords to sync across devices for example, LastPass is a good option. 1Password is widely used and integrates with Troy Hunt’s Pwned Passwords database, so you can tell if (and avoid!) a password that has been previously leaked or exposed in a data breach.
Many password managers are cross-platform, like Dashlane, which also work on mobile devices, allowing you to take your passwords wherever you go.
And, some are open source, like KeePass, allowing anyone to read the source code. KeePass doesn’t use the cloud so it never leaves your computer unless you move it. That’s much better for the super paranoid, but also for those who might face a wider range of threats — such as those who work in government.
What you might find useful is this evaluation of five password managers, which offers a breakdown by features.
Like all software, vulnerabilities and weaknesses in any password manager can put your data at risk. But so long as you keep your password manager up to date — and most browser extensions are automatically updated — your risk is significantly reduced. It is highly preferable to select the option to automatically "Log Out" of your password manager every time you close your browser.
Simply put: using a password manager is far better for your overall security than not using one.
We hope you find this cybersecurity story interesting and insightful. As always, feel free to pass these articles to others or share your comments with us!