Yes, I know you have a lot of them. And yes, I also know that you hate when you have to change them, or when the site refuses to accept your repeated attempts to create one because the one you want to use doesn’t match their password rules. To make matters worse, the next time you visit that site, your chances of remembering that new password are practically nil. The unfortunate result of all of this frustration is that most people reuse the same weak passwords over and over.
You shouldn’t do that. Why? Because web sites get breached all the time, and sooner or later, one of those breaches will expose an account and password that belongs to you. In some cases, the hackers will get passwords in the clear, which obviously makes their job easy. However, even if they don’t, weak passwords are very easy to crack and they will have them in no time.
You say: “So hackers got my Yahoo! account. I don’t use Yahoo! anymore. What’s the worst that could happen?” Well, I’m glad you asked!
The worst that could happen, is that particular password is the same one you use on your banking site, email, Facebook, etc. So, now the Bad Guys have your master key, and you are left scrambling to remember every site where you use it so you can change the password before they get to something that is important to you.
So what’s the answer? Use a strong, unique password for everything that asks for one, and change it on a regular basis to make sure you stay one step ahead of the Bad Guys. Of course, this creates a new problem: how to manage an ever growing list of complex, hard to remember passwords that change on a regular basis.
The solution? Use a password manager.
Password managers are just what they sound like. They are special software that act like a secure vault where you can store all of your passwords in one place. In addition, many have features that can auto-fill your passwords when you log into web sites, can help you generate random complex passwords, and can be synchronized across all of your devices, including phones and tablets.
There are many to choose from, but since not all password managers are created equal, ensure that the one you choose meets the following criteria, at a minimum:
- Encryption: Make sure the one you choose uses strong encryption for the password vault. Since you will be keeping all of your passwords in one place, it is critically important that it is well protected.
- Two-factor authentication for the master password: I plan to dedicate a future post to explaining two-factor authentication in detail, but in brief it means using an extra piece of information in addition to your password when you log into your account. This can be anything from a security code sent to you via text, to a device you plug into your computer that proves it’s you accessing your account and not someone who stole your password. This is especially important for your vault password, since it is now your master key to all of your accounts. Which leads to the next point…
- A method for master password recovery: A password manager that uses strong encryption means that only you can access your passwords. Which is a good thing…unless you forget the master one. Even the company’s support staff won’t be able to recover an encrypted master password, so you need to have a strategy for recovering it in case it is ever lost or forgotten.
- Auto-password generation: As I said before, weak passwords are no match for hackers. It’s important to create strong unique passwords, that are long and complex. Password managers can make this easier by generating the password and storing it for you, so you don’t have to type it.
- Password synchronization across devices: This is more convenience than requirement, but most people use multiple devices, and having a manager take care of your passwords will encourage you to create better ones.
While it’s true that most modern browsers have the ability to store passwords for you, they don’t typically provide all of the features above.
There are many password managers out there, so you will have to do some reading and decide which one suits you best. Look for the features that matter to you most. Also, consider the various pricing options. Some have free versions, but you may have to pay for more features or more device support.
The manager I use is Last Pass. It has all of the features I listed above, has a very functional free option, and a reasonably priced premium one ($12 per year). Another regularly well-reviewed one is called Dash Lane. You would be well served by either of these.
Of course there are others, and everyone you talk to will have their favorite. If you use one now, and you love it (or hate it), I’d like to hear about it. Let me know what you think.