The Why and How of Password Managers
Making things both safer and easier at the same time
We all have way too much to remember. Which kid has practice tonight? Am I getting the dry cleaning or is Colin (nope, don’t ask who Colin is)? Which Spice Girl was the best one (Ginger, its not even close)? Our jobs are full of numbers and figures. We’re constantly meeting new people and supposedly remembering their names instead of just referring to them as “the loud one” or “the guy who loves Firefly too much after all this time.” On top of that, we have a constant stream of new entertainment options that I think might actually be trying to kill us. It’s data overload. And what’s more is we have people like me constantly stressing for you to take security seriously — and having different passwords for each account is a big part of that. How the heck are you supposed to keep track of it all? Well I can’t help you with your job, friends, or 1990s girl bands, I can help you manage your accounts and passwords to keep yourself safe.
I know that this may sound counter intuitive, but if you truly want to be safe and secure, you need to let go and let something built to manage such things take care of it for you. Your brain isn’t very good at remembering random (and thus secure) strings of information. Especially not these days when all of us have SO many logins, that if we want to be safe, all passwords need to be different.
Why Should Passwords Be Different?
The main reason passwords should be different is that while you may think you have a strong password, and maybe you do, if one site is compromised and “bad guys” get a hold of it, suddenly they have access to every site that you use that “strong” password on. A couple years ago, I helped someone out who due to a head injury couldn’t remember their password to get back into their main email account. After a little investigation I found that he was using essentially the same password for all of his accounts. Once I got the password to one of his accounts, I could get into them all. While in this case this setup saved the day, if I was someone looking to harm him digitally/financially, I could have.
It seems like every other week we see news about another online retailer getting hacked and all of the usernames and passwords leaking out into the world. This is the main way that people are getting compromised these days: companies with poor security practices getting hacked and their customer’s data getting strewn to the digital wind. Because of this, its our job to minimize the damage that can be done to us by having different passwords for each account. And the best way to manage all of those different logins and passwords is with a password manager.
What a Password Manager Does
A password manager, well, manages passwords. Its an encrypted database (meaning that unless you have the password to unlock the database, it is truly unreadable by anyone else) of all of your logins (usernames and passwords) to your various digital accounts. What’s more, is that it can suggest passwords for you of any length and complexity that you desire. This way you aren’t tempted to use easy to remember, short, or simple passwords that can be easily guessed (TaylorSwift1989, or BlankSpaceIsTaylorsBestSong…wait, I may need to change a couple of passwords now that I’ve published this). All of the major password managers have a plugin or extension for every major internet browser as well. This extension will offer to paste your login information when you visit a site that is saved in the database, saving you additional time and ensuring that someone can’t look over your shoulder and see what you type in.
Unless you are being extra paranoid, most all of the major password managers offer a sync service that provides you with access to that database on all of your devices — personal computers, smart phones, and tablets. It’s still encrypted, and thus password protected, but its available wherever you need it — making it much more likely to be used.
Another handy feature most major password managers offer is having multiple databases, for the express purpose of sharing logins with your spouse or others who need it. For instance, each spouse could have their own database of logins that only they need (like their Facebook login — unless you’re a part of one of those couples that awkwardly share the same one and you never know who you’re talking to… Yeah I’m talking about you FrankandLisa Johnson), and another database that they both have access to for shared logins like the electric company account or mortgage. This offers another benefit in the event of one person being out of town or unavailable for some reason or another, the other can still get to accounts that are needed.
You can also keep other information in password managers that you want to have handy but protected, like credit cards, social security numbers for your family, or bank account routing numbers. They are with you at all times, but are protected so that only you can access them.
What Password Manager to Use
Personally, I recommend Lastpass as the password manager for most people. Its completely free for what most people need it for, and if you find that you want more, like the ability to share logins with other people or more advanced features, its only $3/month. In addition, it has free apps on both Android and iPhone/iPad, plus works as a plugin/extension on all of the major internet browsers on computers.
Another great password manager is 1Password (referring to the need to only remember one password, which is pretty clever). 1Password started out as a iPhone/Mac only app, but is now available on Android and Windows as well. Its significantly prettier and nicer to use than Lastpass, but isn’t free — though not expensive, $3/month. One great feature of 1Password is that it ties into a website called HaveIBeenPwned and will tell you when one of the sites that you have an account with has been hacked (you can try that site out yourself anytime btw). Just put in your email address and it will tell you what sites that email has been compromised on — if any show up, change that password!).
Smart phone companies are starting to get into the password manager game as well with both Android and iPhone/iPad offering to suggest and save secure passwords for you in their browsers like Safari and Chrome. While I do like this in that it is getting more people to use stronger passwords, I feel as though a dedicated password manager provides better protection and availability across multiple devices.
As more and more of our lives are being tied into web, we are putting ourselves at greater risk of having our lives upended by not taking security seriously. One of the absolute best ways to be more secure is by having different logins for each account as well as having a secure system to manage those logins. I believe that using a password manager is the absolute biggest step one can take towards digital security.
Stay safe out there.
