This 5 minute fix will show you how to choose and use a password manager.
Thanks to Duck and his video below, we now know all the rules for creating and using passwords. No more excuses!
→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.
In the video, Duck advises you to “consider using a password manager”. Let’s dig into that to see how we can use them to our benefit.
A long time ago, I used to have all my passwords in an encrypted text file.
As the number of online services grew, so did my file. Finding, updating and using my passwords became increasingly cumbersome.
Fortunately, it wasn’t long before the first password managers came along.
There are many other options available so you are bound to find one to fit your needs.
How do they work?
Password managers provide a variety of services.
They serve as a secure place to store all of your passwords so you don’t have to remember them.
They increase your security by not allowing you to put the right password in the wrong site (i.e. a phishing site) or giving your passwords away to a keylogger.
They make password generation much easier by letting you specify your parameters and randomly creating strong passwords on your behalf.
They also let you easily create and manage individual passwords for every site you log into.
Other handy features can include things like two-factor authentication (2FA), secure notes and secure sharing.
I use 2FA – true two-factor authentication using a Yubikey – with my password manager on both my laptop and my Android device.
Some are now supporting the new FIDO Universal 2nd Factor (U2F) authentication system as well.
Secure notes are where you can store other types of information that you might need.
For example, this is where you can store things like bank account information, passport information, and software license keys.
Secure sharing allows me to share my password with another user and select whether I will allow them to see or modify the password. This way I can share a password with my wife but the password remains a secret – in many cases even from me!
The quality, security and feature set will vary with each password manager.
Where are your passwords kept and who holds the key? Some password managers store the information locally, while others store it in the cloud.
This might be important to you if you prefer to keep the information under your control and not risk it getting stolen in a potential breach.
How is the information protected? Regardless of where it is stored, is it encrypted?
→ I’m not going to go into a lengthy discussion about the different encryption algotrithms and their relative strengths and weaknesses. Rather, when it comes to making sure your password manager provides adequate protection, I would suggest doing some research around the subject, and if possible, consult someone you know who is knowledgeable on the topic.
Does the password manager have a timeout feature that logs you out after a period of inactivity or when you close your browser?
Can you “authorize” devices? Many allow you to decide which devices are permitted to access/store the password database and where they can be accessed (based on geo-IP).
While I don’t explicitly endorse any particular password manager, I currently use LastPass.
Prior to using it I reviewed the security elements and feature set. It satisfied my needs and supported all my platforms.
I compared it to other available products and it also came highly recommended by peers in the industry whom I trust.
I suggest you do the same thing when choosing your password manager.
Get yours today!