Using a Password Manager

September 28, 2016

Don’t Reuse Passwords!

Password reuse is a serious problem because of the many password leaks that occur each year, even on large websites. When your password leaks, malicious individuals have an email address, username, and password combination they can try on other websites. If you use the same login information everywhere, a leak at one website could give people access to all your accounts. If someone gains access to your email account in this way, they could use password-reset links to access other websites, like your online banking or PayPal account.

To prevent password leaks from being so damaging, you need to use unique passwords on every website. These should also be strong passwords – long, unpredictable passwords that contain numbers and symbols.

Web geeks have hundreds of accounts to keep track of, while even the average person likely has tens of different passwords. Remembering such strong passwords is nearly impossible without resorting to some sort of trick. The ideal trick is a password manager that generates secure, random passwords for you and remembers them so you don’t have to.

Why Browser-Based Password Managers Aren’t Ideal

Web browsers – Chrome, Firefox, Internet Explorer, and others – all have integrated password managers. Each browser’s built-in password manager can’t compete with dedicated password managers. For one thing, Chrome and Internet Explorer store your passwords on your computer in an unencrypted form. People could access the password files on your computer and view them, unless you encrypt your computer’s hard drive.

Mozilla Firefox has a “master password” feature that allows you to encrypt your saved passwords with a single “master” password, storing them on your computer in an encrypted format. However, Firefox’s password manager isn’t the ideal solution, either. The interface doesn’t help you generate random passwords and it lacks various features, such as cross-platform syncing (Firefox can’t sync to iOS devices).

What Using a Password Manager is Like

A password manager will take a load off your mind, freeing up brain power for doing productive things rather than remembering a long list of passwords.

When you use a password manager and need to log into a website, you will first visit that website normally. Instead of typing your password into the website, you type your master password into the password manager, which automatically fills the appropriate login information into the website. (If you’re already logged into your password manager, it will automatically fill the data for you). You don’t have to think about what email address, username, and password you used for the website – your password manager does the dirty work for you.

If you’re creating a new account, your password manager will offer to generate a secure random password for you, so you don’t have to think about that, either. It can also be configured to automatically fill information like your address, name, and email address into web forms.

Getting Started with Your Password Manager

The first big decision you will need to make with a password manager is choosing your master password. This master password controls access to your entire password manager database, so you should make it particularly strong – it’s the only password you’ll need to remember, after all. You may want to write down the password and store it somewhere safe after choosing it, just in case – for example, if you’re really serious, you could store your master password in a vault at the bank. You can change this password later, but only if you remember it – if you lose your master password, you won’t be able to view your saved passwords. This is essential, as it ensures no one else can view your secure password database without the master password.

Password managers also allow you to store other types of data in a secure form – everything from credit card numbers to secure notes. All data you store in a password manager is encrypted with your master password.

Password managers can even help against phishing, as they fill account information into websites based on their web address (URL). if you think you’re on your bank’s website and your password manager doesn’t automatically fill your login information, it’s possible that you’re on a phishing website with a different URL.