Password managers are more critical now, than ever. Over the past week, I have had a few conversations with different people that underscore this. I still find logon passwords written on pieces of paper tucked under keyboards.
Worse, this weekend, I had someone tell me that they have so many passwords to remember, that they keep a paper list in their wallet with all of their passwords. Think about this…if this persons wallet is stolen, their identity, credit, bank accounts, every application and web site they log in to are compromised. This person represents the Holy Grail of targets for a hacker. In one simple move, they will have this persons drivers license, credit and debit cards, presumably their health insurance card and possibly even their social security number, if they also have that card in their wallet. By the way, experts recommend never carrying your social security card in your wallet. I remember when it was trendy to carry it. Don’t.
I asked this person to immediately subscribe to a password manager and get rid of that list! As in, do this immediately! I’m glad to say that they did, as I was getting calls for help getting it configured later that day. What password manager you use if far less important than using one.
So what does a password manager do? Simply put, it secures all of your web site and application usernames and passwords in a secure wallet. The key to this is that you create a single master password to access the wallet. The security of this master password becomes the single most important thing as it is the key to your security kingdom. For this reason, I recommend that the master password actually be a passphrase that is a sentence incorporating a phrase that you can easily remember, while incorporating upper and lower care letters, symbols and numbers to make it as secure from hacking as possible. For example, this would be a passphrase as opposed to a simply password:
This may seem intimidating at first, but it’s really not. Before you know it, you will be able to type this out very quickly and efficiently.
One you are logged in to your password manager, it will prompt you every time you login to a web site, to save your login credentials. This will build an encrypted database in your password manager of all your logins, so you don’t have to remember you username and password for every web site you login to. Some password managers also do this for applications that you use as well. Most are focused on doing this just for websites, but more functionality is being added all the time.
Another feature of most password managers is that they allow you to save secure notes and digital wallet information like credit card accounts and addresses. Secure notes allow to save any useful information that you need to securely keep track of. These are typically free-form notes that you can use for any purpose you have. The secure wallet information allows you to make online purchases more easily. When you are on a shopping site and checking out, instead of having to type in your billing and shipping information, including your credit card, you can simply select what card you wish to use from your password manager and it will fill all of this in with one click of your mouse. Could not be simpler or more secure.
Another great feature that many password managers are adding is a security check. This will scan all of your logins and let you know what passwords are too weak and how many times you are reusing the same password, which is strongly not recommended. You can use this analysis to quickly go to these accounts and set new, more secure passwords, where needed.
To make this all more effective, password managers include a password generator, so there is no excuse to not have a unique and complex password for every site you login to. When setting up new logins or updating the password for an existing login, just open the password generator and have it create a long and complex password. All you do is copy and paste the new password into the site and it will be saved to your password manager.
Password managers work on all platforms. Whether you use Windows, Mac OS, iOS mobile devices or Android mobile devices, password managers work on them all and sync your changes from device to device, to ensure you always have the most up to date information no matter what device or platform you are working on. Most also support two step authentication, where in addition to your amazing master password, you get prompted to enter a code that is texted to you or from an authenticator application. With this level of security, you will have you best shot at deterring any hacker who may try to target you. There will be far easier targets to hack than you.
Password managers are also very cost effective, typically in the range of $20 to $40 per year. Many also offer longer term discounts if you subscribe for several years at a time.
In terms of recommendations, there are several password managers to consider. They all offer a free version, so I would recommend testing one or two that look good to you, and see if one simply feels right for you. Here are the password managers I would recommend considering:
Watch the demos on each of the web sites and review the full feature list to help you decide which one to try. Each have similar features and each have a feature or two that set it apart from the others.
There’s just no reason not to use a password manager and to have random, complex passwords for all of your logins. This is perhaps the single, best step you can take to protect yourself online.