The average UK resident has 26 online profiles/accounts. As mentioned in the last password security post, it is crucial that you ensure all your accounts have separate and unique passwords. However remembering 26 individual passwords is not an easy task - I struggle to remember my mobile number! One solution which is gaining popularity is to use a password manager.
What is a Password Manager?
A password manager is designed to help you store, organise and encrypt your passwords for your online accounts. A password manager will ask you to create a strong master password - this is the only password that you will need to remember.
Many password managers have extra features, such as password generators and form fillers. The password generators create complex and unique passwords which are super secure. The form fillers will complete required fields, meaning that you don't even need to know your password.
How is your information stored?
Your passwords and personal information are all stored in an encrypted file, the file can only be accessed using the master password. There are 2 ways that they may store your password. Some will store them locally in an encrypted file on your device, others will keep your passwords encrypted in secure databases in the cloud. There are some managers that will let you choose which method you prefer (such as Dashlane).
Are they secure?
Understandably, there are some questions raised about the security of password managers. As it does feel like you are putting all your eggs in one basket. However used correctly a password manager can be extremely secure.
Last year LastPass fell victim to a hack. Email addresses, password reminders and security information were obtained. However, the complexity of their encryption meant that no passwords were actually stolen. As long as the master passwords were not too simple, it's unlikely that any were cracked. So far there haven't been any major compromises; all due to the complexity of the encryption.
This highlights how important it is to create a strong master password. Take a look at our last password security post for some tips on creating a strong password. Many password managers will also allow you to set up 2 stage authentication, to add yet another level of security.
Picking a Password Manager
You should look for one which is well known, reputable and has a high rate of encryption. You will also need to consider what is most important to you, and pick your manager accordingly. It is worth considering whether you are happy to pay, store your information in the cloud and what devices you are using it on. Listed below are a few of the most popular password managers (with some key features):
- LastPass: has an extensive range of features, including a regular password strength review (checking for old, duplicated, weak and compromised passwords). Stored in the cloud. Free and paid versions.
- Dashlane: often complimented for its ease of use and simple but elegant user interface. Free and paid versions.
- KeePass: highly customisable with a number of plugins available. Not as easy to use. All free.
- RoboForm: praised for its form filling capabilities and customer service. A limited free version (up to 10 logins).
- 1Password: easy setup and great performance on Mac and iOS. Features like watchtower are good. There are no free versions and comparatively is quite expensive.
Should I use a Password Manager?
The general consensus is that you should (just try typing that question into Google). Password managers not only make life easier; but many also offer an array of useful features, such as password generators, form fillers and strength reviews.
Unless you have a phenomenal memory, the only other solution to keep track of so many passwords is to write them down. Although it's unlikely someone would break into your home looking for your passwords - there are still security issues with this method. There is always the danger of losing your notepad/piece of paper, as well as the danger of prying eyes. However, if you don't feel comfortable using a piece of software - then writing them down will suffice - just make sure that you generate strong passwords, and keep the passwords in a secure place.