Here’s the best password advice: Use unique passwords everywhere and make sure they’re all strong passwords like j43!0ty8#@h5y9Ao. But how is that possible? Maybe you could train yourself to remember one of these strong passwords — but how do you remember them when you’ve got 50 or more?
According to my password manager, I have 264 different passwords to remember. Even if I dedicated hours each day to remembering them, it would be impossible. I couldn’t function without a password manager.
Password Managers 101
The solution to the proliferation of passwords is to give up on remembering your own passwords and use a password manager that can remember them for you. A password manager allows you to create a database of stored usernames and passwords, which it uses to automatically fill websites. Even more, when you create a new account, it automatically generates a strong, unique password and remembers it for you: You don’t have to worry about coming up strong with passwords on your own.
Depending on the password manager you choose, your password manager can sync online so it’s always available on all your computers, phones and tablets — or you can keep your password database on your local PC so you are in total control of it.
Your password database is protected with a master password — here’s where you create just one strong, unique, memorable password. You may also want to remember strong passwords for a few other important accounts, like your main email account — it’s much easier to remember a few strong passwords than hundreds of them.
But Isn’t That Insecure?
You may think it’s a security risk to store all your passwords in one place, but it’s more secure than the alternative. If you re-use the same password on multiple websites, that favorite password of yours may already be out there in the wild thanks to password database leaks at many major websites. Attack programs try these username and password combinations on other sites to attempt to compromise accounts. Many people re-use passwords, so it’s often successful.
A password manager lets you use different, strong passwords on each websites so it’s less of an issue if one website leaks your password. You can just change a single password and move on rather than changing all your passwords; your other accounts won’t be at risk.
Password Manager Options
You could use your web browser’s built-in password manager, but it’s less robust. For example, it won’t help you generate secure passwords. I recommend a dedicated password manager for more security and stability.
LastPass: LastPass is one of the most popular password managers, and for good reason. It’s available as a browser extension for any browser you prefer on Windows, Mac and Linux. It also has a large suite of mobile apps, so it supports any smartphone or tablet operating system you choose. LastPass is free on the desktop, but access from a smartphone will cost you $12 per year — a small cost for a service that can save you a huge amount of time. LastPass secures your password database with encryption on your computer, so even LastPass employees can’t read your passwords. LastPass’s Android app now allows you to fill passwords directly into other apps, too — another big time-saver.
Dashlane: Dashlane works similarly to LastPass, with browser extensions and mobile apps. It has a slicker, more polished interface some people will prefer. Unfortunately, it doesn’t offer any sync support unless you subscribe — and that costs $30 per year, which is more than LastPass.
KeePass: KeePass is LastPass’s polar opposite. It doesn’t sync online — it’s just a desktop application designed for storing and encrypting your passwords. This is a much geekier solution that’s harder to use, but it’s terrific for people who want to maintain their own password database and manage it themselves. You’ll need to back up your own password database or sync it with something like Dropbox if you go this route.
What did you do when the Heartbleed bug rolled around? Did you change your passwords on dozens of sites, using weak passwords or re-using the same passwords? Did you struggle to remember new passwords? With a password manager, you need to memorize only the master password, no other memorization is required — just generate a new password for a compromised website and get back to your life. Save your memory and brain power for more important things.
Photo Credit: RoniJJ (Flickr), Chris Hoffman