I know, it’s really hard to get enthusiastic about managing passwords. However, deep down you know you need it. (Really, trust me, you do). It’s no longer sufficient to create an easy to remember “master password” and then add a few unique letters after each one dependant on the website/app, or any other hacker-friendly naming conventions.
TechCrunch makes some good points about why you need to use a password manager:
“Passwords are stolen all the time. Sites and services are at risk of breaches as much as you are to phishing attacks that try to trick you into turning over your password. Although companies are meant to scramble your password whenever you enter it — known as hashing — not all use strong or modern algorithms, making it easy for hackers to reverse that hashing and read your password in plain text. Some companies don’t bother to hash at all! That puts your accounts at risk of fraud or your data at risk of being used against you for identity theft. But the longer and more complex your password is — a mix of uppercase and lowercase characters, numbers, symbols and punctuation — the longer it takes for hackers to unscramble your password”
Trouble is this all leads to very complex passwords which are beyond most people’s ability to memorise. Plus you need a different password for each and every website, user account etc.
Many people now work in public places, using unsecured wifi which makes it easier for others to “eavesdrop” on your passwords, no matter how good they are. Using a password manager means you do not even need to type in the password, which reduces this eavesdropping risk.
So what to do?
The easiest and most basic option is to rely on the inbuilt password managers such as those found in Google Chrome and iOS / Mac Cloud Keychain. When either of these environments senses you need to create a new password it will suggest a complex and unique password to use. Assuming you are logged in to your account when online it will also offer to fill your previously saved passwords for you. Note that these inbuilt password managers are only really useful for website user id/passwords.
The worry with, for example, Google managing all your passwords is that it is only as secure as your Google password. There is no separate “master password” for user ids. Chances are that your historic and rarely changed Google password is probably the weakest of all your passwords. So the key to your password vault may be pretty flimsy. If you’re going to use Google for your password management then do consider two-factor authentication which increases your security hugely. If you are in a work environment or a public place you should also consider locking your PC when you walk away from it if you generally stay logged in to your Google account. Similar issues apply to iOS / Mac’s Cloud Keychain.
However, so long as you’re aware of the importance of protecting your Apple and Google passwords and making sure you don’t leave your computer signed in and unattended, these options are still far better than creating weak passwords or one password for all sites.
Google and Keychain only store passwords for websites. Nothing else. So you can’t store your router passwords or pin codes for office door access or any other minutiae of your digital life.
The convenience of Google Chrome and Keychain passwords has always been that they autofill passwords online. There is no need to open a separate password manager, find the website listed and copy and paste the password into the browser. However, since the latest version of the iOS operating system, iOS12, third-party password managers can also now autofill and this is the game changer. They are now as convenient to use as Keychain / Chrome password manager and offer so much more in addition. It also doesn’t have to cost you anything to use one of these packages. Basically, there are no excuses left for you not to try out third-party password manager software.
So what are the other benefits of third-party password managers?
- It is usually possible to create several vaults, for example, a private vault and a family vault. This lets you share some user ids with specific members of your family.
- You can store user id/passwords for all manner of uses, not just websites.
- You can store other important information; bank account details, credit card info, passport numbers, driving licence details, router details etc.
- You can use them to log into your various applications.
- You can also store secure notes for ad hoc text information.
- Encryption methods tend to be more complex and more secure
- Some provide a provision for a digital legacy – a method to transfer all your logins to a trusted individual in the event of your death or incapacity. Grim but practical!
Which products should you consider?
Whilst there are quite a few options, let me make life easier for you by recommending just two to consider.
Both these options work across all the major platforms. LastPass offers a free version and 1Password a trial version. Rather than create my own review of both of these, I have included a couple of reputable reviews towards the end of this post.
The bottom line
If you only need to remember website logins and you’re aware of the importance of creating secure iCloud / Google logins then the inbuilt offerings are “fine”. However, if you want any more than this (and I think you should) then consider using a dedicated password manager. If you want a free version and you don’t need family sharing or other more complex offerings then LastPass will probably suit you fine. If you want shared vaults, some extra bells and whistles and are happy to pay to keep your digital life secure, then I’d recommend 1Password.
This article compares LastPass and 1Password – 1Password is the winner
This article compares both products and prefers LastPass
This article compares LastPass, 1Password and a couple of others, and favours LastPass
Identity theft is on the rise and it is our individual responsibility to protect ourselves, and a well-thought-out approach to password security can play a big part in helping prevent this. Password Managers are no longer difficult to use and are key (literally) to protecting our digital identity and data. There really is no valid reason for us not to use tools like these.