Do you love or hate the password manager? After years of helping people with password security I can tell you there is a divide. In this article I’d like to explain what they are, and what value they bring. I’ll also explore some considerations in choosing a password manager. There are also alternatives if you just can’t stand having one.
Why do we need Password Managers?
Put simply, a password is like a lock on your accounts. You use a lock is to secure your property. You put a lock on it to prevent someone else from using it or stealing it. Same goes for a password on your accounts. You may have a bank account which has very important property, so you want a strong lock (password).
We may have many accounts we need to secure and we might not want to use the same password (lock) on each of them. If someone were to fashion a key (hack your password), they might open all your your accounts!
Ok so we need separate passwords for all our accounts to protect them. There is a lot of online access to our accounts, so we are going to need a lot of passwords. It’s difficult to remember 5-6 passwords much less potentially hundreds you might need!
If only there was some way to manage the huge number of passwords we have…
What are Password Managers?
A password manager is a tool which stores your account information. There are at least 3 pieces of information you’d want to store per account.
- The link to log in, or name of the account.
- The login information, which is often a username or an email address.
- The password.
The way the password manager usually works is that there is software to install which connects to the information database. The software goes on your computer, mobile device, and/or your web browser.
When you visit the account you need to remember your password for, the software may automatically enter the login and password for your account – no typing or remembering!
The database which contains the information may be on your device and/or as a cloud-hosted service. The benefit of the cloud-hosted service is that you can have the same information on multiple devices (your mobile device and your desktop computer for example).
These databases often have encryption and the communication between the device you’re using and the cloud-hosting has encryption as well.
A Note About Trust
As a security professional, my trust has been shaken in this area. I trusted LastPass for years to secure my business passwords and I never suffered a breach. In 2021 LastPass itself was breached and some information got out of their control. From what I learned about the breach, it was avoidable, and Lastpass handled it poorly.
From this event, other password management companies have really stepped up. They have gone above and beyond many standards to ensure security. For example, 1Password (and others) have 3rd party audits done to ensure the highest standards.
In the end, we can’t expect perfect security. There are too many criminals working very hard to break the systems we rely on. They also are very adept and breaking easy passwords so we have to strike a balance.
If you have too many passwords to remember, or you have passwords protecting critical accounts, a password manager is still an excellent security choice.
Some of the key features you may want for your password manager are:
- Extra Security: You may wish to have a manager that has several levels of security access. You might have a pass code, a password, and another authentication method like Google or Microsoft Authenticator.
- Password Generation: Coming up with a unique, secure password every time can be challenging. Some managers include the ability to generate a highly secure password, and save it along with all the information with just one click.
- Password History: In the event you thought you changed a password or made a mistake, some managers store previous passwords for easy recovery.
- Secure Notes: Do you need to secure a list of information? Using a secure note within the manager can be very helpful. You might want to store a PIN for a security system or a combination lock solution. Travel information could be helpful to store as well.
- Document Storage: Some managers offer some secure file storage so important documents can be stored. Personal military records, billing statements, and other documents which might be helpful for retrieval from secure storage.
- Credit Cards: A manager can also store your credit card information to make online purchases much faster.
- Multi-Platform: If you will need get your passwords on multiple devices, you might need this feature. You might have the browser add-on, as well as one for a different computer, and even Apple or Android devices.
- Secure Sharing: Many managers offer a secure sharing feature which allows you to send someone a login without exposing the password. The share can expire as well so you can grant someone one-time access.
- Family Plans: If you have shared passwords between family members this can be an effective way to control access.
- Automated Password Updates: Need to update your passwords regularly or have a situation where you need to change many accounts? This feature allows you to select a number of accounts and have the manager automatically log in, create a new password, change the password and save the new one in your manager. Pretty slick!
- Emergency Access: This is helpful in the event of a crisis and a loved one may need to take care of your accounts for a while. This feature is also called “password inheritance”.
There are free password managers and some that have subscription costs. The free ones have limited usage and features, while the subscription versions have more robust offerings.
You won’t have a hard time finding a password manager. You may have a hard time finding a good one.
There are websites which do regular reviews of password managers. Rely on industry standard sites like CNET, PC Magazine, and others to get the best information.
As of the creation of this article, PC Magazine has a good review of password managers. This page shows options which closely match the ones I came up with a couple years ago after the LastPass breach.
Alternatives to Password Managers
Password Managers aren’t for everyone. You may not have that many passwords, or the accounts aren’t that critical.
You might wish to invest in a password book for all those important passwords you need to keep track of. Make sure you secure your password book when not in use within a locked cabinet at home.
Avoid traveling with the book, and make sure you never leave it in a car.
A password manager is still important for work passwords. If your employer doesn’t offer one, use a free password manager. There’s too much risk to your job in letting work passwords get exposed from a lost or stolen password book.
I hope you enjoyed this article about password managers. You should have a better sense of why they’re important, what they’re good for, and how to get one.