Why you 100% need a Password Manager in your life

There was a suggestion by XKCD, that the best password to have is CorrectHorseBatteryStaple because it is harder to crack but easy for you to remember.

While this may be the case, what tools are available for you to keep your passwords safe?

It’s very tempting to have the same password for every one of your accounts but it is also very dangerous in terms of security because if someone finds out your password for one website, they then have it for every other website.

Reports have shown that there have been a reported 300+ websites breached. This has resulted in 7 billion user names and passwords out in the open for everyone to use.

Will yours be one of them?

The above data comes from http://haveibeenpwned.com. This website can help you to find out if any of your accounts have been compromised.

What can you do to make your accounts safer?

If you’re worried about remembering all the different passwords that you have set for your accounts then you can use a password manager. Then you only have to remember the one password to log in!

What is a password manager?

A password manager is a helpful piece of software that can do many things including:

  1. It can securely save all of your different passwords in one place
  2. A password manager can generate unique and random passwords for every website that you use
  3. It synchronizes your passwords between multiple devices (Windows, Mac, iPhone and Android)
  4. If there is a breach on any of your accounts, the password manager will alert you and then lets you change your password for the breached account, using the app.
  5. Generate 2-Factor Authentication codes for added security
  6. Show you which of your passwords are being overused
  7. See which passwords are classified as weak i.e. Password1 or 123123

So now you’re wondering why you need one…

Not only does having a password manager make your life easier, it makes all of your accounts secure. If you’re using a password manager for all of your different passwords, there is no need to worry if one of them should get breached.

For example, someone manages to find your log in details for one of your social media platforms. As this is a unique password there is no need to worry about your other log in details. You can simply change the details for that one account and not have to worry about your online banking, emails or any shopping accounts as these won’t be able to be accessed maliciously. If the breach is a known breach, your password manager software will alert you to the breach and tell you to change your password.

As the password manager is synced across all of your devices, you can “set and forget”, knowing that if you do some shopping on your PC, you can finish it using your phone because the password is available on both devices at the same time.

I bet you’re wondering if there are any downsides?

Whilst using a password manager is great there are some downsides to them:

Ø The master password – if you forget it then you can’t get back in to use any of the stored passwords. Some of the providers wipe the data when you do a password reset. This is to protect the account but means you lose everything. You need to ensure that it’s a password that you remember.

Ø Due to the fact that a password manager holds all of your passwords, they can be the target of breaches – people hacking them to get your passwords! So, whilst you need to be able to remember your master password, you need to make sure it is a strong one that people cannot hack!

Ø There are services such as banks, that do not allow you to use a password manager. However, services like banks, offer a 2-factor authentication .i.e. a security key.

But I thought that companies do their best to protect my information?

They do! But the news have been sharing some very serious breaches lately! Based on information published by https://haveibeenpwned.com/PwnedWebsites the following breaches have happened:

  • LinkedIn – 164m accounts breached
  • MySpace – 359m accounts breached
  • Adobe – 153m accounts breached
  • Tesco – 2000 accounts breached

These are a few of the companies that have been reported in the news recently about being breached. Others haven’t been fully investigated yet so we won’t go into them here.

Whilst some of these breaches happened a while ago, it is still a sharp reminder to change your password regularly – when did you last do it?

Hackers are always looking for new ways to exploit major companies and end users.

You have me convinced so what are my choices?

There are a few different options for you and we’ve explored some of them here:

  1. Keeper Security (https://keepersecurity.com/ ) People like to use Keeper Security because it is easy to use. It’s interface works on everything – laptops, tablets, smartphones etc. It has great flexibility with all of it’s admin permissions and has 24/7 customer support!
  2. Dashlane (https://dashlane.com) Dashlane like others has the password storage, so that you can safely autofill your log in forms but it also has a password generator so that in one click you can create strong and unique passwords. With Dashlane you can also use the secure notes area to keep sensitive data encrypted.
  3. Lastpass (https://lastpass.com) Lastpass can give you similar functions to the previous two options but it can also give you a Browser extension so that you can safely save and store your passwords and at the same time you can create one strong master password to remember and store all of your other passwords safely.
  4. Zoho Password Manager (https://zoho.com) Zoho do many different products but one of them is a Password Manager. Using Zoho means that you can safely store passwords, safely share any common passwords among the team that you work with, directly log into any site without having to type in your log in details and control access including sending out bulk passwords, safely when needed.

I want a bit more information before I make a decision

To learn more about Password Managers, take a look at the UK’s National Cyber Security Centre for their views:

https://www.ncsc.gov.uk/blog-post/what-does-ncsc-think-password-managers