These days every website you visit requires you to setup an account. Every single one wants to remember who you are and attempt to personalize the experience as much as humanly possible. There is also a lot to be said for getting a user to commit a little time and effort towards the experience as well. While this last bit is beyond the scope of this post, the point is clear. You’re using passwords everywhere you go on the internet.
This becomes a big issue because you honestly can’t trust everyone with securing your passwords. Big data leaks happen all the time and often to companies and websites we would normally assume completely responsible with things like our money. However, on the Internet nothing is guaranteed.
So having a strong password, one that is very difficult to guess is important, but if the people you trust the most can lose these passwords and allow them to be sold on the dark web, then all it takes is for one of them to slip up and potentially every account you ever created is at risk.
That’s where password managers come in. While there is a lot of value in remembering all your passwords in a secure location that can be recovered if someone steals your little notebook of passwords, there is even more value in generating secure passwords efficiently so that you never use the same password twice.
This way, if your laptop is stolen, or your little book of passwords goes up in flames you can recover your passwords. Also, if your bank, school, work, or favorite forum gets hacked and the passwords leaked on the Dark web, all your other accounts are safe and secure.
Choosing a Password Manager
Password Managers inherently need to be secure. Always do your research and try to find a solution recommended by security professionals you trust.
With that in mind it’s also important to get the features you need to ensure you’ll use your password manager as much as possible. If you aren’t going to use your password manager, then it’s not going to protect you and becomes a potential liability more than anything else.
Extensions & Apps
Password Managers need to meet you where you’re at. Whether that is on your laptop, desktop, phone or tablet. Make sure you choose a manager that has extension for the browsers you use & apps for the devices that need them.
Make sure your password manager can generate passwords for you, on the spot, easily AND remember them all at the same time. Remember, this is the real value of a password manager as it obfuscates the attack vector that is your password. If you’re not using a unique password for every website then a password manager can’t help you when the password you are using winds up for sale on the dark web.
If your password manager checks the first two boxes then this one is essential. If you’re using a strong, unique password on every website and app you use, then it’s going to become VERY tedious if you have to copy-paste every password from your vault into these forms every time you open your browser. This might get so annoying you’ll stop generating unique passwords, or worse, stop using the password manager altogether. Make sure your password manager can Auto-Fill these forms for you or at least make it very easy to copy what you need to your clipboard for pasting.
Anything that consolidates and protects your passwords must support 2nd-factor authentication. These days 2nd-factor authentication is the strongest method of authenticating users on the Internet and any application that doesn’t support it is putting it’s users at a huge disadvantage.
Let’s say your passwords do get leaked and sold on the dark web. If your accounts have 2nd-factor authentication enabled, even if the bad actor tries to use your password, they will still need that 2nd authentication method to get into your account. This gives you plenty of time to change your password if you become aware of such an event. You should be enabling 2nd-factor authentication on every account that offers it period, but 100% on your password manager.
Storing Other Notes
Some password managers, especially the ones that are highly integrated and come with auto-fill, allow you to store more than just passwords. This can be convenient if you need to write something down behind lock & key like and Address, or Credit Card information. Even better if you’re using your password manager to store the recovery keys to your accounts that use 2nd-factor authentication. Once you get familiar, there are all sorts of things you might want to keep encrypted. In the past we might encrypt specific files on our hard drive, or the entire hard drive, but its generally more secure behind a solid password manager.
Some passwords you might need to share with others. This is very handy for system administrators or families. This can be handy, but not a common case so generally password managers don’t offer this for free. It’s also usually assumed the recipient also has an account with the same password manager.
There are a lot of other features a good password manager might offer. LastPass for instance, provides free security audits where they provide a report of your passwords, their overall strength, time since last updated, and a list of accounts that might have been involved in data breaches.
Don’t be a #digitalserf Secure your passwords today!