E-mail account, social media profiles, online banking, random travel, gaming apps. Do you feel like you’re creating a new account every single day? Yeah, me too.
All of these new accounts come with a big problem, though. How the hell do you keep track of them?
With data breaches on the rise, using the same password everywhere is a huge risk. It’s vital to create unique, complex passwords for every service you use, but that comes with its own set of issues.
Trying to remember dozens of individual passwords and where you used them all is almost impossible. So what should you do instead? Write them down in a notebook? Keep them in a text document on your computer? Just wing it, and hope you don’t forget which password you used where?
The answer is: none of the above. They’re all terrible options that risk your account information falling into the wrong hands, or locking yourself out of important services right when you need them.
No, it’s time to start using a password manager.
What Are Password Managers?
Put simply, password managers are local and/or online services that store login details for the websites, apps, and other services you use in a secure, encrypted form.
The only password you need to remember is the one for the password manager itself. Once you’ve entered it, your password “vault” is unlocked, and you can log into any site or app, typically with a single click or tap.
All of the main ones work on Windows, macOS, Android, iOS, and most browsers. Linux is usually supported as well, but it’s worth checking the details if you’re running a less-common operating system or browser.
Setting up a password manager takes a bit of effort, but it’s nothing compared to dealing with the fallout from a data breach. If you use the same email address and password on multiple sites, a breach in one place leaves you exposed everywhere else.
Not having to remember all those passwords makes proper security much easier to achieve. Here’s what you need to know.
Benefits of Having a Password Manager
- No more lost passwords! There’s no more fumbling around for login info, locking yourself out of accounts, or dealing with text messages and e-mails to recover the details.
- The best passwords are long, complicated, and very hard to guess. As a result, they’re hard to come up with and even harder to remember. Password managers can generate and save these types of passwords automatically.
- Some password managers can keep an eye on your e-mail addresses, and notify you straight away if they appear in any data breaches.
Are There Any Risks?
Password managers, as you’d imagine, are designed to be extremely secure. Most popular versions, including LastPass, Dashlane, and 1Password below, use an approach known as “zero-knowledge.”
This type of service strongly encrypts the user’s master password using a key stored on the local device. As a result, the services themselves have “zero knowledge” of the passwords, and can’t decrypt them even if they want to.
Like any online tool, though, there’s still some inherent risk of security breaches or data loss. Given the zero-knowledge approach, master passwords shouldn’t be compromised, but other sensitive info might.
This was the case in the LastPass data breach of 2015. Master passwords and password vaults didn’t appear to be compromised, but hackers managed to get hold of users’ e-mail addresses and password reminders.
Armed with this info, hackers could devise targeted attacks on specific individuals. Overall, the security risk is still significantly lower than not using strong, unique passwords everywhere, but it’s something to bear in mind.
Another risk, this one specific to travelers, is the fact that all passwords are stored in one place. If you’re forced to give access to anybody, they’ve potentially got full access to all of your login details and the services they provide access to.
This is troublesome when crossing borders, including coming into the US, Australia, New Zealand, and other countries that are now demanding greater access to electronic devices. New Zealand even goes so far as to threaten fines and imprisonment for not unlocking your devices when asked.
In response, some password managers such as 1Password have introduced a specific travel mode. Once enabled, this mode removes any password vault not previously marked as “safe” from the app. As a result, you won’t be able to access any of those accounts even if you’re compelled to, and neither will anyone else.
For other password managers without a travel mode, considering deleting the password manager app and browser extension from your devices before crossing a border you’re worried about, at least until you’re safely in your hotel
Which Password Manager to Choose?
LastPass is a giant of the password manager space, and it’s easy to see why. No other service offers such rich features in its free version: password generation, one-to-one sharing of notes and login details, regular password quality tests, unlimited password storage, and more.
For most people, these free features will be more than enough. Upgrading to the Premium version ($36/year) gives 1GB storage, credential storage for desktop apps, advanced two-factor authentication options including hardware keys, emergency access, and one-to-many sharing.
As mentioned, LastPass has had security issues in the past but handled them well, notifying users quickly with concrete advice on what to do. As far as anyone knows, password vaults themselves have never been breached.
A fairly recent addition to the market, Dashlane has grown rapidly. The free version’s features are more limited than LastPass, but covers the basics with storage of up to 50 passwords, a secure password generator, browser extensions, and security alerts.
For $39.99, the Premium version upgrades your account in several ways. You’ll be able to sync across multiple devices, use a simple but effective VPN, store unlimited numbers of passwords, get access to the system’s “dark web” monitoring service for early notification of data breaches, and more.
Throw in a sleek and intuitive interface, and Dashlane’s premium version in particular makes for an excellent password manager.
1Password is one of the pioneers of the password management world, and we reviewed it all the way back in 2013. The service is just as useful these days, with a straightforward interface, robust support, multi-device sync, and 1GB of storage.
The service has a wide range of syncing options available. As well as 1Password’s own services, you can also sync via Dropbox, iCloud, or even your own internal network if you don’t want your password vault anywhere on the internet, even in encrypted form.
As mentioned, 1Password’s “travel mode” lets you quickly remove sensitive account details before crossing borders, or other situations where you’re at risk of having your devices searched by the authorities.
There’s no free version of the service, however. If you like the look of it, you’ll have to pony up a minimum of $2.99 per month for an individual plan, or $4.99/month for the Family plan (up to five users).
The Business plan costs $7.99/month per user, but includes 5GB storage and VIP support, so if you’re looking for a password manager for your company, 1Password is highly recommended.
My First-Hand Experience
For a long time, I was as bad as anyone else when it came to managing my accounts. Finally getting sick of being locked out, and realizing that using variations of the same three passwords everywhere wasn’t the brightest idea I’ve ever had, it was time for a better approach.
I considered all of the password managers mentioned above and realized they’d likely all meet my needs pretty well. In the end I decided to try out Dashlane, simply because I got a promo code to try its premium subscription for free.
Fast-forward three months, and I honestly have no idea how I managed beforehand. Well, I do, I guess: by not having very secure passwords. Keeping track of subscriptions, membership details (such as frequent flyer numbers, which I’ve always struggled with in the past,) and passwords is now a breeze.
I’ve already changed every single one of the passwords I regularly use to secure, unique versions that I don’t need to memorize. Every online service also gets its own complex password, as do mobile apps, since Dashlane seamlessly syncs between my iPhone and my laptop in real-time.
I’ve also checked all my email addresses for breaches, including old ones I haven’t used in years, and regularly use the VPN when connecting to public networks, both on my laptop and smartphone.
When it comes to convenience, security, and freed-up brain cells, I’m now a total convert to using a password manager. Maybe it’s time you did the same?