Securing Your Digital Life, Part 1: Choosing a password manager

Configuring and using a password manager is a critical building block of your online security. 

facebook-login-office-laptop-business-162622.jpeg

At its most basic, a password manager is an app that stores your usernames and passwords for websites that you use. If you’re using the same login and password for every website, a password manager may not seem like a useful tool. But security professionals recommend that you use a unique password for every website, and this is a really important practice.

Imagine that I use the same login and password for every site. Then I hear that a site I used had its database hacked, and I need to change my password. Generally a company will require new passwords automatically to prevent fraudulent logins after a breach. But knowing that some people use the same login everywhere, it’s common for hackers to take the database of usernames and passwords they steal from one company and start trying those same credentials at other websites. So while I’m changing my password on Uber, someone’s using that same password to log into my credit union and start wreaking some financial havoc.

Using a password manager has a few big advantages:

  • pexels-photo-209678.jpegIt makes it easy to use a different password on every account. Without a password manager, the goal of using a different password on each website can drown in a sea of sticky notes and scraps of paper. It’s no good to use different passwords everywhere if you can’t find the password for a site when you need it. When you store all your passwords in a password manager, you no longer have to remember them all. You commit just a single password to memory — the one that unlocks your password manager.
  • It makes it easy to use strong passwords. With a password manager, you don’t have to remember strong passwords or type them. You also don’t have to choose them, as a good password manager will generate strong passwords based on criteria you specify. You can choose a combination of lowercase and capital letters, numbers, and symbols and specify the length, which is really helpful for site that limit the length of your password, or specify that it can or must contain certain types of characters. Some managers also allow you to generate a passphrase, which consists of several words strung together. For passwords that you’ll have to type in yourself, a passphrase like
    correct horse battery staple

    can be a lot easier to read and type than a randomly generated string like

    2&djU:;989-4rTB&j*32+
  • pexels-photo-92903.jpegIt ensures you have access to your passwords on any device. A password manager has apps you can install on your computer, smartphone, and tablet, no matter which brand each one is. So if you have a Windows laptop, an iPhone, and an Android tablet, a password manager will let you effortlessly sync your saved passwords between all your devices, and then access them when you need them by entering your master password.
  • It makes your passwords available on any browser. Modern web browsers like Firefox, Chrome, Edge, and Safari include utilities that will store your login information for websites you visit. However, if you store this information in one browser but then use another one, you won’t have access to passwords you stored in the first browser. Password managers also offer browser extensions, which are small apps you install in browsers to add features. These extensions allow you to access passwords in your password manager from the browser, and then autofill fields right in the browser.

A number of password managers are available, and the most widely used include

All are fine choices and come with their own specific selling points. Personally, I use 1Password.

To take the first step in getting your digital life secure, pick a password manager from the list above, install it on your computer, and follow its setup instructions to start creating and using strong, unique passwords for all of your online logins:

NOTE: I have not received payment from any of the above companies/organizations for their inclusion in this list, and I have no personal or professional relationship with any of them, other than as a customer of 1Password.