Why You Need a Password Manager (and How to Get Started)
If you like trying new apps and online services, chances are good that you’re accumulating an ever-growing list of passwords to get in to those apps. Even the most savvy Internet user can fall prey to a wide range of privacy myths and misconceptions, but perhaps the worst is the idea that you can start repeating passwords, or using insecure passwords, when you start having trouble remembering all of the logins you need everyday. And the popularity of truly terrible passwords, like “123456,” “password,” “12345678,” and “qwerty,” makes it clear that most users need to start paying more attention to their privacy and stop putting themselves at risk of hacking and identity theft. One of the best and simplest ways to do that is to start using a password manager.
As April Glaser reports for Wired, it’s a good thing that subscribing to a lot of different services requires you to generate a lot of passwords. That’s especially true when you consider how many of those accounts link to your bank account information, and the sensitive information that companies gather when they compile things like your purchase history, media browsing habits, and other private data that you probably want to be protected.
But if you can’t remember your passwords, constantly reset your login credentials, or recycle the same few passwords that you’ve been using for years, it’s time to get serious about protecting your privacy and improving your password situation. The best way to do that is to use a password manager, which will help you create and use strong, unpredictable passwords that are unique to each of the sites or services that you use, without struggling to remember them when you need to log in.
What’s a password manager?
A password manager is a piece of software that will generate strong passwords, store those passwords, and reduce the number of passwords you have to remember down to one: the one you need to unlock the password manager. As Glaser notes, password managers aren’t just convenient, but should be considered an integral part of “good online hygiene.” Because a password manager will generate and save secure passwords for you, the only password you’re going to have worry about is the one that unlocks access to the password manager (and yes, you really need to make sure that that one is strong and secure).
As J.D. Biersdorfer reports for The New York Times, most password managers work the same way. They prompt you to create a master password for the program, and then add the usernames and passwords for the various accounts you use online to its database. During the setup process, some programs can help you find and add all of your logins to their databases. Later, when you visit a site that needs your login information, you’ll simply enter your master password, and the program will consult its database and fill in the correct username and password to log you in.
Which password managers should you try?
Once you’ve warmed up to the idea of using a password manager, you just need to take a look at the options to figure out which one you want to use. You have your pick of a vast array of different password managers, most of which make it pretty easy to take better control of your security online.
LastPass is a popular free option, and works both on your computer and on your Android or iOS devices (though if you want to sync passwords between desktop and mobile you’ll need to pay $1 per month). LastPass automatically populates your passwords on the sites you visit, and has a password generator that creates strong passwords (and remembers them for you). It also audits the passwords that you have stored, and lets you know when it finds duplicates or determines that it’s time to change an old password. It’s worth noting that LastPass was hacked in 2015, though the company responded promptly and most users were protected.
Dashlane is another free password manager for mobile and desktop. It’s also capable of creating strong passwords for you, saving them, and autofilling online forms with your saved personal information. You can install Dashlane for free on multiple devices, but if you want your data to sync across those devices, you’ll need to pay $3 per month. Another good reason to choose Dashlane is its digital wallet feature, which stores your bank account information for easy but secure online shopping and enables you to capture and save receipts from your purchases. Glaser notes that Dashlane won’t store master passwords or password hints, which could protect it against the vulnerabilities that have surfaced with LastPass.
KeePassX is an open-source password manager, one that should give you some significant peace of mind because it discloses its source code for independent researchers to audit. KeePassX is compatible with a number of free password apps for your smartphone, thought to sync your passwords across devices, you’ll need to upload your encrypted password file to a cloud storage service like Google Drive or DropBox. While KeePassX is recommended by security professionals, it isn’t quite as user-friendly as other password managers, though it does generate strong passwords and gets frequent updates.
Sticky Password is like LastPass and Dashlane in that you can use it for free on multiple devices, but will need to pay for a subscription to get cloud syncing. Unlike other options, though, it enables you to set up biometric confirmation. You can use your fingerprint to authenticate your identity on your smartphone. And if you opt for the $20-per-year subscription that turns on the biometric authentication option, you can also enable Wi-Fi syncing across devices so that your encrypted data doesn’t have to leave your device, and you don’t have to send it via the cloud. If you’d prefer to trust your passwords to the cloud, Sticky Password can also host an encrypted backup database online, just in case you lose your device.
Using a password manager will free up your brain to remember things other than a list of passwords, and you’ll be able to generate stronger passwords than you’d otherwise be capable of creating. Even if you’re already using a browser-based password manager — like the ones integrated in Chrome, Firefox, and other web browsers — you’ll stand to benefit by using a password manager that prioritizes security, enables you to generate strong passwords, and helps you to sync passwords across the devices you use.