Why You Need to Be Using a Password Manager, Period

16870840125_cf8e0fd94e_oYou need to be using a password manager. There, I said it. “But, but….,” you say. NO! YOU NEED TO BE USING A PASSWORD MANAGER!! I don’t care that your system of sticky notes and napkins has served you for years. I don’t care that you don’t have that many passwords to remember (yeah, right). I don’t care that you always use the same password for everything. Actually, I take that back, I do care about that. STOP USING THE SAME PASSWORD FOR EVERYTHING!! There is a better alternative and it’s called a password manager. You need to be using one.

Now that we have that out of the way, let’s talk about what a password manager is —  it’s simple, a password manager is a piece of software that generates, securely stores and gives you access to your passwords, wherever you might be.

Here, then, is some info and tips on how to choose the best password manager for you.

Wait, Really, Why Do I Need A Password Manager?

Because you aren’t safe without one. Every time you sign up for a service, even one you intend to use sparingly, you create another access point to your data for the malicious people who want to get at it. Every time you use a password you have already used, you make it easier for people who comprise one of your accounts to get at the others. Every time you use a password that doesn’t meet modern security standards, you haven’t really protected yourself at all. Using a password manager solves all of these problems, plus makes it so you won’t ever have to remember a password again, especially the super-strong, difficult to remember ones you should be using.

System Specific is Bad

You’ve probably run into one in some form or another. All the major browsers and operating systems have at least rudimentary password management built in, but I don’t recommend using them in the long run. The problem with these browser/system specific managers are that they don’t transfer with you if you want to switch to a different environment. Using Chrome to store your passwords? Then you have to use Chrome everywhere. Using Apple’s Keychain service? Good luck on Windows machines. This is no good, your passwords need to be as mobile and adaptive as you are. If at any point, you can’t access or create a password you need, then your manager has failed you.

Bad, Bad Passwords

Chances are, you’ve adapted your passwords as the years have gone by and sites have upped their own requirements. “heartpuppies” became “HeartPuppies” became “HeartPuppies<3”. The problem is, even though that final one has upper and lower case characters, numbers and a special character, it is not truly secure. It may meet a sites’ specific requirements, but it is breakable. The problem is technical, but stay with me. Let’s say the site you are signing up for uses MD5 encryption. When your password is encrypted, it creates a long string of characters to replace it called a “hash”, which is visible to hackers. If someone using the same password as you has theirs cracked, then their cracked hash is the same as yours. That means, once a password is cracked for one person, then that password is vulnerable for anyone else using the same password anywhere in the world. Hackers keep vast searchable databases of cracked hashes that are available for anyone who wants to look. Because of this, if you want secure passwords, it is important for you to do a few things:

  • Use super-long passwords with nonsense strings of characters, or use super-long passphrases of unrelated words like “Kitten banana sock angry toenail!”.
  • Use a different password for every site. This way, if one is compromised, all of your others are safe.

It is very difficult and supremely annoying to do both of those things unless, of course, you use a password manager.

Ok, Ok, I’ll Use a Password Manager, Gah!!

Thank you. I promise you’ll be so much happier once you do. And secure. And fabulously attractive!! The question now is, which password manager should you use? Well, lucky you, I happen to have a few suggestions. Here are the password managers I think are worth a look. All of them are available for Mac, Windows, iOS and Android.

1Password

1password1Password is my favorite of all of these choices, and is currently the manager that I use personally. It looks fantastic, functions wonderfully and has a really strong password generator. Even better, unlike many of these other services, it is a one-time fee of $50, rather than an ongoing monthly fee. It’s best new unique feature is one that is only good for iOS users, but boy it’s a doozy — 1Password integrates with TouchID (the iOS fingerprint scanner) so that all you need to do on an iOS device to access a password is stick your thumb on the home button. So easy!!

LastPass

lastpassOne of the first password managers on the market, and still an industry leader, LastPass has some really great features, including the ability to automatically change a password if its service gets hacked and the ability to “audit” your existing passwords for security vulnerabilities. It’s free to start, has an attractive interface and has a paid premium plan for $12 a year, which you’ll need to pay for if you want to use the mobile apps (hint: you do).

There are plenty of other options that are pretty good, but didn’t quite make the cut for this list for one reason or another. DashLane is just as attractive and functional, but at $40 a year for the premium version with sync it is significantly more expensive than other options without providing enough extra functionality to be worth it. RoboForm hasn’t been updated in a few years, and has a clunky interface. KeePass is open source and completely free, but lacks built in sync (though using third-party cloud sync like Dropbox is possible), official mobile apps (there are third-party ones) and has a very unattractive interface.

So there you have it! You’re ready to wrangle your passwords in a truly secure and highly enjoyable fashion. Want more tips on how to simplify your life with technology? Make sure you’re signed up to receive our weekly newsletter!

Want blog updates sent to you like magic?

Just enter your email below.

3 thoughts on “Why You Need to Be Using a Password Manager, Period

  1. Hi Sam,

    I’m Megan and I work for AgileBits, the makers of 1Password.

    I just wanted to thank you for taking the time to educate your users on the importance of password managers, and for including 1Password in your discussion!

    In this day and age, it is so important that we all use strong and unique passwords for every site that we visit, and password managers can help make it much more convenient to be secure.

    Keep sharing the secure word – you rock!

    Megan O’Brien
    Level 60 Support Sorceress at AgileBits
    support.1password.com

  2. Hi Sam,
    Thanks for the helpful article; I’ve been thinking about this recently, but I still have a few reservations about using a password manager:
    1. I’ve worried that if someone managed to hack the password manager itself, they would then have access to ALL of my passwords. Is this true?
    2. Do people working for the password manager companies have access to my passwords and data? I hope not…
    3. This is a smaller concern… what if the password manager site goes down? Would this eliminate my ability to access my accounts? I assume they have some safeguards in place.
    Looking forward to your responses!

    1. Hi Paul!

      To answer your questions:

      1. The managers I’ve recommended use best-in-class security to encrypt your passwords as they sync, after all, their entire business is security, so they take it a little more seriously than a non-security related company. However, if you are still concerned, you don’t need to use the cloud sync. All your info will then be stored locally, and never touch external servers. If you choose this approach, you will lose the benefit of having your passwords available across devices automatically, and will need to input them per device.

      2. Nope!

      3. I have never experienced any downtime for sync, and since your passwords are stored locally, the only thing that would interrupt you would be that sync, not access to the passwords themselves.

Leave a Reply

Your email address will not be published. Required fields are marked *