For the sake of your security, I’d like you to forget your password.
With the amount of login details we’re all increasingly forced to create, it’s becoming a nearly impossible feat to keep track of them all. And please, I beg you… put that sticky note away.
In response to the login-mania that is the modern Internet, experts report there are a lot of serial password offenders out there: those who use the same usernames and passwords all around the net.
In a 2013 UK study of adult internet users, 55% admitted to using the same password for most, if not all websites. While it’s one of the cardinal sins of e-security, password recycling may also seem inevitable for a human with an average of 100 different accounts scattered through cyberspace.
But serial offenders take note: password reuse is no longer excusable. Say hello to the password manager, one of the handiest inventions since sliced bread.
What’s a Password Manager?
A password manager stores all your login details from around the net in a highly-secure vault. When you need to sign in, your manager will have your details for that specific site ready for you.
Good password managers will even enter your usernames and passwords into websites automatically, so you don’t even have to type them! Since you no longer need to type or remember all your passwords yourself, you’re free to use very secure ones; totally random combinations of 30 or more mixed-case letters, numbers and symbols suddenly become perfectly convenient.
Password managers also relieve you of the burden of creating your own passwords. Coming up with secure, unique passwords yourself is tedious, and it’s surprisingly difficult to invent a truly random password yourself. A password manager will generate new passwords for you whenever you need them, and will save them automatically.
A quality password manager stores and transmits your library of passwords using strong encryption. Depending on which manager you opt for, this encrypted data is either stored on a cloud server or on your local machine (or both!). In any case, you can be sure that it’s protected by robust security that’s safe to depend on.
Are Password Managers Really Safe?
So, I’ve covered what password managers do, and it sure sounds convenient. But how can it possibly be safe? Aren’t password managers a terrible idea? Isn’t putting all your proverbial eggs in one basket a true disaster in the making?
No. In fact, a password manager can help to keep you more secure than ever before.
How? Consider this scenario: John reuses his password, il0v3muffins515, for his accounts at twelve different sites. He’s picked a pretty simple password and can remember it with ease. It also has numbers, so he figures it’s pretty secure. (I beg to differ, John.)
Now John has twelve ‘eggs’ in the same, poorly protected basket. If one of these sites is hacked, his accounts at the other eleven will be open to attack. He’s essentially relying on 12 different sites to keep him safe. Here at BreachAlarm, we see hundreds of sites a week falling victim to hackers.
Additionally, his password is also vulnerable to phishing and countless other exploits that might target him directly.
John, I don’t like your odds.
This brings me to my next point: password managers provide reliable phishing protection. Browser-integrated managers will only log you into a site if you are actually visiting the correct address, making sure your eyes aren’t duped by a lookalike website.
All password managers have one thing in common: a master password that protects the vault. The strength of this ‘skeleton key’ will essentially determine the safety of your vault, so ensure you choose it well.
Sensible password-picking rules apply: make it as long as you can remember reliably (8-12 characters at a minimum!) and use numbers, symbols as well as upper and lower case letters.
You might even want to write it down and put it inside a safe or other secure storage place, since if you ever forget your master password, your vault will be unrecoverable.
Choosing a Manager: Some Popular Options
There’s an almost dizzying array of great password managers out there, each catering to different systems, needs and preferences. There’s truly something for everyone.
If you’re uneasy about storing your passwords online, 1Password, KeePass and Sticky Password provide great solutions.
KeePass is open-source, and has plenty of extensions and add-ons for your browser and smartphone, giving it a huge amount of flexibility. Not to mention, it’s free! However, if you’re not a computer whiz who loves to tinker and customise, you might want to go with one of the simpler, more automated options.
1Password is another solution that stores all your passwords, fully encrypted, on your own hard drive. Because the vault is stored in a folder on your hard drive, you can easily sync it between your devices using a service like Dropbox. It also gives you the ability to securely share amongst multiple accounts, among many other features. However, up front it’s a little more expensive than its competitors, with a need to purchase a client for each device type (Mac, PC or smartphone).
For ultimate compatibility, it’s very difficult to beat Sticky Password from Lamantine Software. The easy installer offers options for not only the Big Four browsers, but also a host of mobile operating systems (Kindle Fire, Nokia X, Blackberry and more), in this way, it’s great for folks running older or more obscure OSes and devices.
While many competitors lock off two-factor authentication to ultra-premium customers only, Sticky Password offers incredible bang for your buck, boasting advanced features like biometric authentication without any additional charges. You can also choose to keep your passwords stored locally, or in the cloud.
Speaking of bridging the gap between cloud-based and hard drive stored vaults, Dashlane allows you to choose to store your password on your own computer, or use Dashlane’s cloud service and take advantage of automatic synchronisation. Though even if you go for the cloud, your master password will remain on your own computer, so the synced data is of no use to anyone who might steal it from Dashlane’s cloud storage.
In terms of popularity, LastPass might take out the prize amongst all of the managers we’ve mentioned so far. A nice set of features, support for a large range of mobile OSes and easy setup make it a solid choice. Unlike some of the other managers, it’s completely cloud-based, storing all user data on its own servers and using this to access your password vault from your various devices.
LastPass is also very reasonably priced, with premium accounts for a tiny yearly fee. However, those who like total control and aren’t fans of cloud services might find LastPass a little too “hands off” for their tastes.
I’ve covered a few of the major services, but listing them all would be a nearly impossible feat. Hopefully one of the above tools will suit your particular needs; if not, rest assured there’s probably an alternative out there that does.
Whichever solution you choose, I hope you’ll consider adding a password manager to your internet security arsenal.
Password reuse is a terrible security blunder: let’s stamp it out for good.