You should start using a password manager right now
It’s morning. You’re scrolling through Twitter or just any news feed of your choice and you see the following headline: “MILLIONS OF CUSTOMER RECORDS LEAKED IN DATA BREACH AT HOOLI!!”
“HOOLI…”, you think to yourself and it seems familiar. Then it strikes you. You had signed up for a free coupon on this website store a few weeks ago. You had to create an account so you used your main e-mail ID but you were too lazy to remember another password so you just put the password for your e-mail ID. You panic. You login to your email and see there were multiple login attempts from different locations. Thankfully you had 2 factor authentication set up so you were safe but now you have to change the password of your email along with tens of other websites where you had used it. There goes your weekend in which you were planning to just do nothing.
You can prevent this and other similar scenarios from happening by using a password manager. Besides just helping you generate and store secure passwords across multiple websites, there are loads of reasons to use a password manager.
What is a password manager?
Simply speaking, a password manager is a computer program that makes it easier for users to generate, store and manage their passwords.
Why do I need to use one?
In the early years of the Internet, there were only a handful of passwords which people needed to remember. But these days, with almost everything in our lives happening online, from work to personal stuff and entertainment, we need to keep track of hundreds of accounts and their passwords. According to multiple studies, on an average, the number of passwords which people have to remember are upwards of 100 and the pandemic has probably pushed that average up.
People generally use a combination of familiar things like a name, a date, a favorite team/show/movie/artist etc. and such combinations are extremely easy to brute force (a fancy word for “guess” in the computer world).
There are multiple reasons to use a password manager and some of them are listed below:
- No need to memorize all your passwords
You only need to remember one master password that unlocks your password vault. You can opt whether to go for a cloud based (online) password vault or an offline one. More on this later.
- Generate highly secure passwords
You can generate random passwords and customize everything like the length and type of characters to be used.
- Prevent identity theft
If one of your accounts get hacked or the password gets leaked, you can be assured that your other accounts are safe because all of them are using different and secure passwords. You just need to worry about changing the password for the hacked account.
- Invisible passwords
When you’re in a public place and you need to enter your password somewhere, you might be at risk of people snooping on your screen or on your keyboard. But if you’re using a password manager, you can just copy and paste or auto-fill the password and nothing will be seen.
- Digital inheritance
Kind of a weird, but still a valid reason. If you ever want someone to have full access to your passwords and online accounts, you just have a to share single password vault (which is usually a file) with the person, which means you just have to share a single password.
- Storing other credentials
You can also store other things like your passport details, your government issued IDs & numbers etc.
I haven’t gone into things like encryption, syncing across multiple operating systems etc. because they are more like “features” of password managers and not the reason to use them.
Which password manager should I use?
To answer this, we have to first understand the types of password manager. There are 2 main types:
Cloud based password managers:
These password managers store your passwords on the service provider’s database/network and they are the ones directly responsible for the security of your passwords. The security implications of these are obvious so you have to make sure the provider is trustworthy and there are no security red flags. A few of things to check before you choose:
- End to end encryption and store everything in an encrypted database
- Third party audits certifying the security of the company
- Compatibility across the platforms of your choice
- Price. Usually, you have to pay to get a good product, but make sure you aren’t getting fleeced
- Up to date security features and measures
Offline/Non cloud based password managers:
These store your passwords locally on your device (laptop, desktop, mobile etc.). It creates an encrypted file (password vault) which stores all your password and if you want to access them on other devices, you have to copy that file there and get an application to decrypt them. There’s no 3rd party server or network involved which is storing your password vault.
In theory, cloud based password managers are slightly less secure for obvious reasons; there is a 3rd party involved which is storing your data. They might claim that it’s “zero-knowledge” i.e. they have absolutely no way of knowing about your data, but that would need to be verified. So if you want absolute peace of mind and 100% guarantee that your vault is visible only to you, go for an offline password manager which might be slightly less convenient but more secure. Personally, I use KeePassXC, and it’s an offline password manager.
If you want to an in-depth comparison of different types of password managers, you can go through this article on Tom’s Guide. The scope of this article is just limited to why you should be using a password manager so we won’t go into the details of different password managers. But if that is what folks want, I can do that in a series of follow up articles.
Do let me know in the comments 🙂