Almost everyone with a few website logins has a method for remembering passwords. But really, how secure is your method? This resource introduces you to password managers. We tell you why you should use a password manager. We also end with some online security tips.
About Password Managers
A password manager is a piece of software—usually cloud-based for accessibility—which lets you keep your sensitive website access information in an encrypted form. Encrypting this information makes it very difficult to steal. (Usernames and passwords are examples of sensitive website access information.)
With a password manager, you only need to remember one password—commonly known as the ‘master password’. With this, you can unlock your password vault to access and use the passwords it secures. Instead of having to memorise all your passwords, you can use a password manager to create complex passwords that are way more secure.
Password managers also let you use a unique password for every website you have a login for. This is super helpful, especially if one website gets compromised.
Most password managers are free. They also have paid features like team password sharing. With team password sharing, admins can add or remove access to passwords. This ensures team members have the most up-to-date passwords.
Most cloud-based services have mobile apps or browser extensions, letting you sync your password vault across devices. This means you can access your passwords on any device at any time.
Password Manager Examples
There are a few widely used password managers. Below, we’ll cover 1Password and LastPass. If you’re looking into other password managers, remember to make sure they don’t store your master password and encrypt your vault using the master password.
1Password’s name comes from the one password you have to remember—the master password! They have been around since 2006 and have a strong reputation among the cyber security industry. 1Password comes with all the typical features you should expect from a leading online security company. They enjoy a great track record when it comes to user data security.
LastPass is one of the most popular password managers and has also been around for many years. Among LastPass’ features are multi-factor authentication (MFA) and local password vault encryption. LastPass has bolstered their security to make it virtually impossible for attackers to decrypt sensitive user data—that’s if they even manage to get in. LastPass prioritise keeping your data encrypted and safe.
Types of Password Managers
Desktop-based password managers
A desktop password manager keeps your passwords in an encrypted file locally on your device. They don’t sync to cloud storage and most don’t sync to your other devices. Desktop-based password managers are great if you don’t want your passwords stored in an online database.
Cloud-based password managers
A password manager operating their service from the cloud gives you access whenever you have an internet connection. Your passwords are encrypted and stored on their servers. Accessibility is the key benefit of using cloud-based password managers. These types of managers usually have software for any browser—via browser extensions—and also local software that you can install into the major operating systems.
Single sign-on (SSO)
SSO is used widely on the internet and in business by letting users have a virtual ID card which they use to access the systems they need. Think of SSO as a swipe card that office workers use to access their building as well as whichever floors they have permission to access. Being able to access many things can reduce the volume of forgotten passwords, which IT departments typically dislike dealing with.
Password Manager Tips
It’s important the password manager company you choose has programmatic safeguards in place to ensure they can’t access your passwords without your master password. Here are steps you can take to get the most out of your password manager and keep general security best practices in your daily routines:
- Configure the password manager correctly on all the devices you need it to be on.
- Using two-factor authentication (2FA) via Yubikey or Google Authenticator programs is a MUST when making sure your password vault is inaccessible to anyone except yourself.
- Do not keep any MFA codes in your password manager. Not even back-up codes.
- Absolutely do not store crypto private keys or mnemonic phrases in your password manager.
- Avoid using your browser’s built-in password manager to manage passwords and credit card information. These don’t offer the same level of security as dedicated password managers.
- Don’t store high-security data in your password manager. For example, website hosting/domain registrar accounts and SSH keys to secure servers.
- If your password doesn’t auto-fill, look carefully to check you aren’t on a phishing website. Auto-fill only works if the URL is correct.
Password Best Practices
There are steps you can take to bolster your online security and ensure you don’t fall victim to hackers.
- Use a unique password for each website.
- Use 2FA for websites wherever possible AND to secure your password manager’s vault.
- Use randomly generated passwords created by your password manager.
- Never use your master password anywhere except for the vault.
- Never write down your master password.
- Use passwords which are at least 16 characters long and have a combination of upper and lower case letters, numerals and symbols.
- Try using passphrases—a password with 4 or 5 words in it—instead of singular passwords.