Security

Ultimate Guide to Password Managers

Why You Should Start Using a Password Manager

Do you use the same password across many or all of your accounts online (social media, email, games, shopping etc.)? Then it’s time to get a password manager ASAP.

Reusing passwords is a huge problem! This is especially true if your password is predictable. One of the most commonly used and insecure passwords online is the word “Password.” If that’s you, don’t hang your head in shame (ok maybe just a little), all is not lost. You are reading this because you want to redeem yourself and correct past mistakes!

What is a Password Manager?

Imagine an encrypted vault that generates strong and unique passwords automatically. It securely stores them. And it helps you use them by filling out forms automatically. You only need to remember one master password for the app itself. That is what a password manager does.

Why do you need a different strong password for each account? Think of it like this. What happens if you only have one password for all accounts and one of them gets stolen or hacked? Now all your other accounts are at risk. That means hackers can easily open all your other accounts (email, bank, etc.).

Password managers help you create, store, and organize your login details across different websites and apps. They can also store other important information. Think credit card numbers, mailing addresses, phone numbers, and more.

Whenever you need to log in, you only need to remember your master password for the Password Manager.

How do Password Managers Work?

Password managers use a Master Password to allow access to your vault of passwords. Think of it as a combination to a safe.

Ready to log into a website or account?

Simply type in your master password when the password manager prompts for it. The password manager will then automatically fill in the login form and log you in. No more guessing which password you used for that website or account.

They also generate long, unpredictable and most importantly unique passwords for every account. You don’t need to think of a strong password.

It’s all done for you in the click of a button and prevents the lazy password monster in us all from using a password like those on the world’s worst password list!

Behind the scenes, these tools use encryption to protect user login information. Think of encryption as a digital bank vault. It would take even the best hackers years to break into if somehow they did get their hands on the file itself.

But My Browser Already Saves My Passwords

Browsers such as Chrome, Firefox, and Safari have built-in password manager features. These browsers prompt users to save their passwords, and you can choose whether you want to.

Chrome saves users’ saved passwords in your Google account. If hackers compromise your Google account, they then have access to all your accounts. They can also easily see the saved username details for each account in the browser’s Settings.

Firefox and Safari store passwords in your browser setting. If someone gets ahold of your physical device, your data is compromised.

A password manager is more secure. It does everything your browser does. But it also does things your browser doesn’t do.

Password managers generate secure random passwords. It stores them with encryption locally or on the apps’ web servers. Then it lets you access your passwords and other information across all your devices.

Why You Need to Use a Password Manager

Never before has it has been easier for users to expose their passwords online and offline.

All of us know someone who keeps their passwords in a planner or their phone’s note-taking app. Or you may know someone who sends their passwords via messaging apps or email. Some companies still have teams who send passwords through project management software. These are risky activities!

In May of 2018, KrebsOnSecurity notified companies of a security threat. Their teams were sharing passwords in online project management apps such as Trello. They report many employees continue to share passwords intended for internal purposes.

This is still happening despite the constant news of new data breaches. The largest data breach to date was at Yahoo. The hackers stole 3 billion users accounts from Yahoo in 2013.

A survey conducted by the password management app LastPass had surprising results. Only 55% of their 2,000 respondents said that they would change their passwords after an account hack. Most users seem unfazed by hackers stealing their sensitive information.

This leads us to the question: How safe is your data?

HaveIBeenPwned is a website created by Troy Hunt from Microsoft. It tells you if you have had an account exposed in a data breach using your email address. Give it a spin. The results might shock you!

If your account had been “pwned,” (as hackers like to call it) the next question would be: What should you do?

Simple, change all your passwords ASAP. Start with your most sensitive accounts like banking and email. Then move on to less sensitive accounts.

I can hear the groans now. But that’s so much work!

And you would be correct if you did it all manually. That’s the point of a password manager. It doesn’t have to be any more work than pointing and clicking a button. Just like magic, your accounts each have their own strong and unique password.

And if your information has not been compromised, yet? It’s only a matter of time. So now is the time to take action before it’s too late.

All this talk of security probably has your eyes glazing over by now. So let’s consider the convenience factor. Doesn’t the idea of having a tool to automatically save and log you into your accounts without needing to remember logins sound like a thing of beauty?

Are Password Managers Safe

The simple answer is YES!

There is no safer way to store and manage your login information than with a password manager!

The tools use AES-256 encryption, the world’s leading standard for encryption.

And let’s pretend somehow your password manager’s file did end up in the hands of hackers. The odds of them being able to decrypt and see your information is very slim.

How to Choose a Password Manager

We’re hoping that by now you are already convinced to use a password manager. Now let’s discuss which password manager to use.

There are plenty of password managers out there. But security experts recommended a few most often. For today, let’s cover three of their recommendations: LastPass, Dashlane, and KeePass.

LastPass

LastPass is one of the most well-known password managers. The great news is most of its features are available to users for free.

Upgrading to the paid versions adds extra features. The most notable is the ability to share passwords with friends and family. It also gives you 1 GB of encrypted file storage, priority tech support, and other advanced options.

The app generates strong passwords that are also customizable. You can choose if you want to allow all character types or you only want numbers and letters in your password. You can also choose a certain number of characters to be generated.

Your passwords and other information are stored in a vault on LastPass’ web servers. Data is stored using “AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud.”

LastPass is both supported in web browsers and as a mobile app.

Dashlane

Dashlane is a password manager that offers two plans for their users: Free and Premium

Users of the paid Premium plan can manage unlimited passwords on multiple devices. You also get dark web monitoring where Dashlane tracks your information on the Dark Web. You get alerts if your data is being sold or traded by hackers online. Plus, you get a secure VPN for use on unprotected Wi-Fi connections.

Dashlane is unique in that it lets you decide where you want your encrypted vault stored. You can choose to store the data on their web servers. This allows syncing of all information across multiple devices. You can also choose to store the information stored on your local device. It adds an extra layer of security. A nice feature to have for those users who are super sensitive to security threats.

Like LastPass, Dashlane can also generate complex passwords that are hard to compromise. It also automatically saves and fills your login details and other information.

Both desktop and mobile app versions of the tool are available.

KeePassXC

KeePassXC is a free open source password manager. Its databases use AES and Twofish secure encryption.

Like the other password managers, KeePassXC lets you store your passwords and use them with a master password.

That said, it is meant for use by a technically savvy user. Many features which come standard in other tools, require extra plugins or apps.

Currently, you can download KeePassXC for Windows, Mac, and Linux. KeePassDroid is available for Android and MiniKeePass for iOS.

KeePassXC is different to other password managers because it runs locally and not an online service. That means you store the KeePassXC vault in your hard drive or a USB drive. Anywhere that is convenient for you would be fine.

To sync KeePassXC across all your devices requires you upload the vault to a cloud storage provider such as Google Drive or Dropbox.

You can also download browser extensions for Chrome and Firefox.

The Best Password Manager

So, “What is the best password manager?” you ask? Our answer: It all comes down to preference. Try one and if you didn’t like it, switch to another one. You will have to transfer all your data from one password manager to another. Luckily, most password managers have an export/import feature; switching takes no time.

Now stop procrastinating and download a password manager today!