How many sites and services do you log into on a regular basis? Take a moment to think about everywhere you put in a username (usually your email address, but not always) and a password. At work, on social media sites (how many are you a part of?), shopping sites, banks, email, hobby and interest sites, wireless carrier sites (AT&T, Verizon), cloud storage (DropBox, Google Drive, OneDrive), medical and insurance portals, tax return sites… the list can be endless. Do you have twenty? Thirty? Forty?
Now, how many passwords do you have? As in, create and use on a regular basis. Two? Four? Ten?
Did you know that these two numbers should be equal?
Yes, best practice says you should have a unique password for EVERY site and service that you use. Doing so means your other information is safe when a password is exposed on one site, which seems to happen more and more. Only the data one that one site is affected by the exposed password, not the information on the dozens of other sites and services you access.
THAT’S RIDICULOUS! Right? There’s no way you can keep ten or fifteen passwords in your head, much less one for every site and service you use. You are absolutely right. It’s not possible for most people. There are those gifted (or cursed) with remembering almost everything they see, hear, or experience, but that’s not you, most likely. This is definitely one of those “first-world problems” we joke about between friends.
So how do you create and remember a unique password for every site and service? You don’t! You use a password manager.
Password managers are the solution to this problem. There are many different password managers available, some free, some inexpensive, some ridiculously expensive, but all, at their core, do the same thing. They help you create and store passwords and allow you to copy and paste them into your login screens. How they do it and what price is charged for this capability are the basic differences between products. If you want to skip the introduction and go straight for the dessert, at the end of this article is a short list of password managers along with their costs, platforms supported, and a usability rating. If you have no idea what password managers are or do, then continue reading.
As already mentioned, all password managers do the same thing. They help with the creation and secure storage of your passwords. How they accomplish this will be unique to each program. Features of different programs vary, but here are some to look for:
- The ability to store more than just username and password. To varying degrees, different password managers allow you to store more information about an account or service, like the website address, or backup codes to allow you to log in if you lose your password or device, or other pertinent information.
- The ability to store software license numbers, prescriptions, padlock combinations, or other sensitive information. Because password managers use strong encryption, your data is safer stored there than on your hard drive or worse, written down on paper that can be lost or stolen.
- The ability to organize your passwords, like separating work from personal, websites from cloud storage, hobby sites from banks, or any kind of group you want to use.
- The ability to automatically rotate passwords for sites that require password rotation, or at least a way to indicate a password is expired based on information you input when you create the entry.
Password managers come in different forms. By that, I mean some password managers are browser add-ins, some are desktop or mobile apps, some are just websites, and others incorporate some or all of these forms. This is important, since you will authenticate to sites from your desktop, laptop, phone, tablet, and even your TV in some cases (although I am unaware of any password managers that run on the Amazon Fire TV, Roku or similar platforms).
All password managers should use strong encryption to protect your information. Better ones allow you to use two-factor or multi-factor authentication to make them even more secure. This means that in addition to your master password, which we will discuss shortly, you would need a device or an additional code to fully unlock your password collection. More on that in a bit.
To use a password manager, you will have to create a good, strong password that you can remember as a master password. This password should be at least twelve characters, twenty would be better. It should include upper and lower case letters, numbers, spaces, and symbols or punctuation. The easiest way to do this is to create what is called a passphrase. This would be a sentence you could remember, ideally that you would modify by substituting numbers and symbols for some of the letters.
The next step is to get all your various accounts into the password manager. Once you have put your passwords into the manager, either by typing them all in or, in some cases, allowing the browser plugin to capture them as you enter them manually, you never have to type out passwords again. Or remember them. This is where the real bonus of using a password manager shines. I have upwards of 150 passwords to remember, and I don’t know over half of them. Some I’ve never typed. Some I’ve never even seen. How?
A good password manager will generate long, random passwords for you and allow you to use those for your accounts and services. It should also allow you to manage the complexity of these passwords, as some sites still don’t allow special characters or even spaces in passwords. With the password manager remembering all your passwords, you don’t have to reuse passwords, which is the very unsafe practice we are trying to avoid. Note – This is particularly true in regard to passwords used for banking accounts, medical/doctor office portals, or other sensitive information. If you store your credit card information with any site, such as Amazon or Google, you should have a unique, strong password for it as well.
I mentioned two-factor or multi-factor authentication earlier. You may be asking – what is a factor? A factor is simply a way to prove you are who you say you are. First, understand that there are really only three different factors:
- Something you know – a password, a passphrase, a PIN, a secret code, a handshake, etc.
- Something you have – a smartphone (with an app), a physical key, a USB token or fob, an identification card with a magnetic strip, chip or RFID embedded in it.
- Something you are – a fingerprint, your voice, your retina, even the pattern of your veins under your skin
The combination of two, or all of these factors increases your security. Some are inexpensive to employ. Some are expensive to acquire, distribute, and support. Unfortunately, even the most expensive versions of these factors are not totally secure. Regardless, using two-factor or multi-factor authentication means that after entering your username and password, you must provide the second factor to complete the authentication, whether that means plugging in a USB key, using an app on your smartphone, or providing your fingerprint.
So here’s the dessert… a list of password managers I am comfortable recommending, including their price, formats, a usability rating, and a short blurb about them. I don’t take any responsibility for errors in this information. I pulled it directly from the websites of the various password manager on February 5th, 2019. If you want to use any of these, you will need to visit the site and read the documentation.
KeePass – https://keepass.info – Free – Windows, MacOS, Linux, Android, iOS, Chromebook, Windows Phone, Browser Extension – Intermediate to Advanced User
Requires the user to provide storage location for the secured password vault. This could simply be on a single computer, but then would only be accessible from that computer. Many who use this put the vault on cloud storage to have universal access. Also, the wide platform support is somewhat of a deception – there are a ton of compatible apps because the specifications for handling the vault are easy to code.
BitWarden – https://bitwarden.com – Free or more features for $10/yr – Windows, MacOS, Linux, Android, iOS, Browser Extension, Web Interface – Novice User
Wide platform support and inexpensive for premium features. This password manager is a “new kid on the block”, but I use it personally and have been pleased with the free features. The premium license offers encrypted file storage for items like tax documents and other sensitive digital documents.
1Password – https://1password.com – $36/yr – Windows, MacOS, Linux, Android, iOS, Chromebook, Browser Extension – Novice User
A veteran password manager, which means it also has some bad history, but still a solid choice. The only one in this list with no free version. The added security is still worth the price.
LastPass – https://lastpass.com – Free or more features for $24/yr – Windows, MacOS, Linux, Android, iOS, Browser Extension, Web Interface – Novice User
Another veteran, LastPass has a free version and also starts at a reasonable price for premium features. The premium features are not necessary, but does provide encrypted file storage for things like tax returns and other sensitive electronic documents.
There are lots of others, this is just a small sample.
I hope this article has been informative. Feel free to email me any questions and I’ll be happy to answer them for you.