Aditi Patel
Password Manager Editor
You may have had a few passwords for a few critical web programs that you used to shop, study, remain connected, and get work done once upon a time, during the early years of the Internet. Things are a lot trickier now. According to a 2017 survey by LastPass, people have to remember an average of 191 distinct passwords at work, not to mention their personal passwords.
While technology promises to make our lives easier, and it usually does, each new website and application we sign up for requires us to remember yet another password. For most people, remembering all of them has become impossible. According to the 2019 Google Online Security Survey, 52% of people used the same password for multiple (but not all) accounts. This is a complete no-no.
Cybercriminals can brute force their way into other sites or exploit previous passwords to extort users in scams by purchasing large lists of stolen passwords (also known as “dumps”) on the dark web. This is the cascading effect of a data breach. Another breach leads to another, and so on.
According to the 2019 Verizon Data Breach Investigations report, hacked, weak, and reused passwords are responsible for 80% of data breaches. So, how did we end ourselves here, and what are our options?
Up to 70% off
It’s true. Consumers were chastised 20 years ago for forgetting to change default passwords on IoT devices (such as your Internet router) or using easy-to-guess passwords like “12345” or “password.” A frequent word with a mixture of capital and lowercase letters, at least one number, and one symbol emerged as a result of this, which xkcd mocks.
Websites need us to generate long and secure passwords when opening a new account. If it doesn’t work, we won’t be able to create an account at all. If you make it through the account creation stage, you’ll quickly forget the Enigma machine cipher you just created and resign yourself to using the “Forgot Password?” link as your default login method.
You don’t have to remember all of those passwords, thankfully. A password manager can keep track of your passwords for you. A password manager, according to Malwarebytes Labs, is “a software tool designed to store and manage internet credentials.” It can also create passwords. These passwords are often saved in an encrypted database and protected by a master password.”
After you’ve entered all of your account usernames and passwords into the vault, all you have to remember is your master password. By entering your master password, you can gain access to your password vault, from which you can retrieve any password you require.
The master password that opens your password vault is all you need to know. You can also access your password vault from any device if you use a cloud-based password manager.
When you create a new account with a website or application, most password managers will ask if you want to use an auto-generated password. These randomly generated passwords are long, alphanumeric, and nearly impossible to guess.
Up to 70% off
A basic primer on phishing scams follows. Spam emails are spoofed or manufactured to look like they’re coming from a real sender, such a friend, family member, coworker, or company you do business with. The email contains links to fake malicious websites that are designed to capture login credentials.
A digital inheritance is what this is referred to as. Your family or whoever you select to handle your estate will have access to your password vault in the case of your death.
Many password managers do more than just save passwords for you; they also auto-fill credentials for speedier access to online accounts. Some can also save and auto-fill information such as name, address, email, phone number, and payment card number. When purchasing online, for example, this can save a lot of time.
If you use Windows at work and Mac at home, switch to Android Monday through Friday and iOS on weekends, and you’ll be able to rapidly retrieve your credentials no matter which platform you’re on. All of the most popular online browsers, including Chrome, Firefox, Edge, Internet Explorer, and Safari, are similarly affected.
Password managers, in a roundabout way, assist defend against identity theft, and here’s why. You’re effectively segmenting your data across all websites and applications you use by using a different password for each one. If a criminal has access to one of your accounts, they may not be able to gain access to the others.
Although password managers have been compromised, they have a fairly solid track record when it comes to protecting user data. LastPass, a password manager, had a data breach in 2015. Cybercriminals made off with user emails during the attack, but no passwords were stolen. Even if they did, most password managers, including LastPass, protect passwords using military-grade encryption.
When compared to Facebook, Google, and Twitter, this is a significant difference. All three computer behemoths have admitted to storing user passwords in plain, accessible text for some of its users for several years, with no encryption. And, in Google’s case, all the way back to 2005.
When compared to Facebook, Google, and Twitter, this is a significant difference. All three computer behemoths have admitted to storing user passwords in plain, accessible text for some of its users for several years, with no encryption. And, in Google’s case, all the way back to 2005.
Up to 70% off
Desktop password managers keep your passwords in an encrypted vault on your device, such as your laptop. You won’t be able to access those passwords from any other device, and if you lose the device, you’ll lose all of your passwords. Password managers that are installed locally are a wonderful alternative for folks who don’t want their data kept on someone else’s network. By allowing you to create several password vaults across your devices and sync them when you connect to the Internet, some locally installed password managers achieve a compromise between privacy and convenience.
Your credentials are directly under the control of the service provider. The main advantage of cloud-based password managers, such as 1Password and LastPass, is that they allow you to access your password vault from any device with an Internet connection.
Unlike a password manager, which keeps separate passwords for each application, SSO lets you use the same password for all of them. Consider SSO to be your digital passport. When entering a foreign nation, a passport informs customs and immigration officials that your country of citizenship stands behind you and that you should be permitted to enter with minimal difficulty.
Up to 70% off
Even if you’re using a password manager. Instead, make unique passwords for each site and trust your password manager to do its job.
When you create an account for a new site, many password managers will automatically suggest strong passwords. If it doesn’t work, try a random mix of characters and numbers, alternating uppercase and lowercase. The more complicated and absurd, the better—especially since you won’t have to remember it. That will be handled by the password manager.
Enabling MFA is one of the greatest ways to secure any account, password manager or not. With an MFA-enabled password manager, you’ll have to authenticate your identity with two or more authentication factors, such as something you know, something you have, or something you are.
Many of the most popular free password managers have a freemium business model, which means you’ll have to pay for the best—and sometimes necessary—features. Do you require password synchronization across browsers and devices? Do you require digital heirlooms? Do you need to share login information with your family? Is multi-factor authentication required?
Here’s a suggestion for small and medium-sized companies: Create a password manager policy and inform employees that using a password manager to protect their work accounts is acceptable. Most data breaches begin with a weak or repeated password, and your employees are already using a jumble of potentially risky methods to keep track of their numerous passwords.