Why you should use a password manager

PM

For years, I read many, many articles about password managers – much like this one – and despite the fact that I’ve been working in the information security field for about a decade, I still resisted trying them out. It seemed like a lot of hassle, and who needs more of that?

Instead, I kept an arsenal of passwords in my head: A few “disposable” ones for sites I didn’t care much about that I reused constantly, a couple other slightly-more complicated passwords that I used more sparingly, and for a few really crucial sites (mainly financial ones) I had long, complex, and unique passwords that I managed to remember due to sheer repetition and stubbornness.

While on a long vacation abroad a few years ago, I found myself needing to send an urgent message to family, and my email account was one of those accounts using a long, complex password. Since it had been several weeks since I’d logged in, no matter what I tried I just could not remember my password. I tried to log in so many times I locked myself out of my account.

Mea culpa.

When I got back from my trip, I knew it was time to stop this madness and use a password manager for once and for all. Now I’ve been using a password manager for several years, I can’t imagine still trying to juggle a few weak passwords in my head.

If my story about juggling a few sets of passwords in your head sounds familiar, I’m here to convince you to take the plunge and use a password manager once and for all.

Here’s why:

They’re simple to set up and easy to use

Before using my first password manager, I imagined I’d have to sit down for hours in front of a big spreadsheet, recounting every username and password for every website I frequent. Nobody would look forward to that kind of chore.

Thankfully that’s not how it works. Password managers work to capture your existing username and password credentials the first time it sees you enter them on a website, and then it stores them in a secure password vault for recall next time. The idea is that the only password you’ll ever have to remember once you set up a password manager is the vault’s master password.

As you go about your business online – for example, as you log in to your email account – the password manager will notice that you’ve typed in some credentials and will offer to save them in the password vault for you. Next time you log in, the password manager will enter your credentials for you automatically, easy as that.

And when you change your account’s password, which you really should if it’s one you’ve reused somewhere, the password manager will detect the change and update the password on file for you.

They make sure your passwords are unique and strong

I can’t emphasize it enough: you really should be using unique, strong passwords on all websites you use. Why? When a site gets hacked, hackers will often take the credential data they’ve mined – usernames and passwords – and try that data out on other websites to break in to accounts there, too. Sadly, it works because so many people reuse credential information across many websites. (You can check to see if your information has been used in an attack like this via haveibeenpwned.com.)

But as services online proliferate, creating – let alone remembering – a unique password for every single one becomes practically impossible. Thankfully, password managers can step in and help here by generating unique passwords for you.

A strong* password should be of decent length, contain a good mix of upper and lowercase letters, numbers, and unique characters. That means a good password could look something like this: Vp$lskFOyS4h^oqI.

It’s hard enough to try and think of dozens of passwords that look like that, let alone trying to remember them. Thankfully, the password manager takes care of both of these tasks for you.

So in the worst-case scenario, if your account is involved in a website breach, if you’re using a unique password, the hacker only gets access to that one account, not a treasure trove of all your other ones.

* Remember: Just because a site doesn’t require a strong password doesn’t mean you shouldn’t use one. Let’s not make an attacker’s job easy for them!

Seriously, you can’t remember all those passwords

When you use a password manager, your passwords can be mobile yet still secure. Most password managers allow you to sync your account from multiple machines (so you can have access at your home and work computers, for example). Others in addition offer a phone app (LastPass), or for you to export your encrypted key information to a secure file or to a USB key (KeePass) – either option allows you to access your secure password vault while on the go.

One of my favorite use cases is for securely sharing credentials to an account used by trusted parties. For example, while my spouse and I both have our own personal password manager accounts that we keep private, we can opt to share specific credential sets between our two accounts so we can both securely access them, and keep those credentials synced.

This makes things like accessing the monthly electricity bill or joint banking accounts much, much easier. Plus, if one of us changes the password to one of these shared accounts, since the password manager keeps track of the changes we both automatically have the updated credentials.

It might make you feel a bit wary to have all your passwords stored in one central place, but any password manager worth its salt uses heavy-duty encryption to keep your information safe. In addition, many offer two-factor authentication (2FA)!

Ready to try a password manager? Great!

If I’ve convinced you to give a password manager a try, the best way to get started is to dive right in. Most have a free version you can use, with some premium features you have to pay to unlock. Below are the four I’m most familiar with, but there are a lot of options available to you.

  • 1Password
  • Dashlane
  • LastPass
  • KeePass

So how about it, are you going to give a password manager a try or are you still not convinced? Are you already a password manager fan? Let us know in the comments.