Using a password manager
If you’re not using a password manager already I’m going to try here and explain why you absolutely should be, because one of the single most important things you can do to protect yourself in terms of online security and to actually make your online experience much smoother is to use a password manager (sometimes known as password vaults).
What is a password manager and why are they so good?
A password manager is a place for you to store all your passwords in a heavily encrypted format. Think of it as a safe, or a heavily armoured bank vault, only better than that! Imagine if you had gold bars stored inside a bank vault, but a high-level super-thief managed to get into the bank vault to steal your gold. If your bank vault worked the way that password managers work, the thief in our example, would be walking out with worthless bags of sand!
The reason for this is that because your data is stored in a heavily encrypted format, this means that anyone who was skilled enough to steal that encrypted data in the first place won’t any time in the foreseeable future have the computing power to break the encryption of any data they could technically steal. To give you an idea just how long it would take to break encrypted data even with the most powerful super-computers in the world right now, it would currently take longer than the current age of the universe to unencrypt a single AES-256 encryption.
If you want to learn more, there’s a good explanation of the mathematics of attempting to crack AES-256 Encryption here.
In short, password encryption is a good thing!
What is the point of a password manager when nobody else knows my passwords anyway!
Most websites nowadays are using the same high-level encryption we just touched upon (look for the padlock icon in your browser’s address bar) to encrypt communications between user and website. So in terms of hacking, the web is certainly a safer place than it used to be; web developers and admins are for the most part are employing high level encryption as a standard now – in fact a lot of search engines do penalise sites that do not use strong encryption to transfer data between server and user, so there is extra incentive for web site owners to make sure their sites are properly secure if they even want to be found on search engines.
This doesn’t make the web completely risk free however, the user (you) should always be doing your best and still be playing your part to make things harder for wannabe scammers & hackers.
The two main ways you can do this is by:
- Making your passwords as complicated as possible
- Using different complicated passwords for each site you use!
The rationale behind this is; if a scammer manages to get hold of your password (and there are lots of ways this can be done, not just hacking), and you’re using the same login name password for multiple different sites, then you just gave the scammer access to most of your online life – Facebook, Linked In, Bank Accounts, Shopping Websites… anything with the same or similar password.
This is where your password manager comes into its own.
Password managers come in all sorts of different flavours, from built in on your web browser, Chrome, Firefox, Edge etc all have ways of saving your password for future use, but these tend to be limited in scope. Both Windows and Mac Operating systems come with built in key managers, but these reside on only one computer and are more suited towards developers storing passwords etc for a logging on to servers etc. They do require a specific knowledge to use them properly and get the best out of them.
The type of password manager I am recommending here are the online managers which are free to use – although most have optional payment subscriptions that open more features for heavy and business users, most I will list further down this article are pretty user friendly for everyday users.
But am I putting all my eggs in one basket?
Well yes, there is an element of that, hence you should secure your password manager with 2 factor authentication (all of them allow you to do this) you should also, where possible also add in a trusted friend or relative as a recovery contact should you ever lose access to your account, you can work with your friend to recover your access. Also, in most password managers there should be an option to download all your data should you wish to move to a different service, or even put your passwords in another manager as a backup.
Password managers are relatively simple to use.
- Sign up for your account – Remember to use a unique password you have never used before
- Confirm your account by clicking the link in the email they send you
- Add in any extra security (2 Factor login etc) recovery emails & telephone number etc
- Install browser extensions to connect your browser to your password manager
- Start saving passwords securely in your vault
Password manager recomendations
This isn’t any sort of sponsored blog so I’m not going to recommend any password manager over the other (I’m not even going to link to their websites), however with that said the one I use regularly every day for my password management is LastPass and I love it! I hear good things about the others, but I can’t comment on them personally, so if you do some searching and take a look at their websites, you’ll get a feel for which one is best for you, but by and large, they all do the same thing.
List of Popular password Managers
- Password Boss
- Sticky Password
- Zoho Vault
- True Key
I’d recommend maybe trying a few of them with a couple of passwords and see which you like the best – some might be easier for you to use than others. Let me know if I missed any, I will happily update the list.
Once you have found your password manager of choice and have created an account, you now only need to remember the one single password to access your vault containing all your passwords.
To remember a password for any website, you will from now on, simply logging into your password manager and getting your password for each website you log in to.
Speed up my online life
As I briefly mentioned earlier, most of these password managers make your online life very easy for you – certainly in the case of LastPass, there is a simple extension for Web Browsers which recognise if a site you are on is stored in the vault and will automatically fill in the login details for you. They’re quick and easy to install and will help using your Password Manager be a much speedier and pain-free experience. In fact, certainly for me, I know that going to any site on the web where I have a login, I can usually login now with one click – I don’t even have to type the password any more because of the usefulness of password manager browser plugins
Most password managers also have mobile apps that allow you to access your passwords easily from your mobile device also and work in much the same way as they do on the desktop in that they can fill in login information and remember passwords for your apps on your phone, too.
Store more than just passwords
Password managers are just very good at storing encrypted/private information full-stop. With that in mind, LastPass (and probably most of the others) give you the option to store important notes, Credit Cards details, WiFI Passwords, Addresses, SSH keys (for techies) etc etc. You don’t have to use those features, but it is good to know they’re there if you want to use them once you become more confident in using a password manager
Generate new passwords
Password managers will help you generate new passwords for you to use for your online accounts. It is worth taking a little time out to spend some time updating passwords for all your favourite and most used sites at least initially so that you can be more confident of your web security.
As an example, I used Lastpass’ generator interface here to create a strong password to be stored in my vault with a couple of clicks. You can see how much flexilility there is and just how long you can make your new passwords which I think you can agree is better than “fluffy123“
Share passwords and logins securely
A nice feature of password managers is that they allow you to securely share logins with others, so for example, here at Tech-Mag towers, I have the login for various accounts we use stored in my vault and because my colleagues all use the same password manager as me, I can share the logins to those account with them. The extra nice bit is, I don’t actually have to give them the password. My colleagues can log into our shared accounts and they don’t even get to see the password.
We’ve been through the benefits of using a password manager, they help keep your passwords secure, safe and allow you to easily generate complicated passwords without having to memorise them and generally make your online browsing (especially when logging in and out of various different websites) so much easier with those handy browser extensions and mobile apps. Here’s my summary of some of the key points for you to remember.
- Password managers store your login details and passwords securely using high-level encryption
- Always secure your password manager with a strong password you can remember, but importantly, have never used before anywhere else
- Further secure your password manager with two factor authentication. Some password managers even have their own 2 factor app for you to use. LastPass certainly does.
- Add in close friends or relatives as recovery contacts. Should you ever lose access to your account then they can help recover the account with you
- As soon as you start using your password manager, start to change your commonly used passwords with your most visited sites
- Install Mobile versions of the app for more flexibility
Further information & reading:
(Don’t just take our word for it!)
A great video explanation by computerphile on how and why you should use Password Managers
Has my password been pwned
Hackers often put out the information they find from various websites around the internet. Some very big and famous sites have been hacked in the past and have had user details including usernames and passwords, pasted out onto the internet into massive spreadsheet files.
There is a useful site out there called Have I been pwned! The guys who run this site, collate together all the leaked passwords and user logins from various sites into one searchable database.
In short, you can simply type your email address and it will tell you how many websites have been hacked exposing your data.
Using my personal email addresses, I was listed on at least ten hacked websites.
If your details are on the list, then whether someone has used your details YET is the main question.
As an aside, you’ll probably notice the guys from Have I been Pwned recommending password managers on their site also.
Diffie Hellman Key Exchange – Computerphile
A nice video explaining how encryption works in layman’s terms which really does illustrate the simplicity and genius of the way that encrypted key exchange works in the background of a password manager.