Everything You Need to Know about Password Managers [Guide]
Passwords are EVERYWHERE!
Be it, related to email, social network, work, or even entertainment, we have accounts across an array of such services, these days. And with these many accounts, the account-tally eventually ends-up in double-digits, leading to two common problems: using simple passwords and reusing passwords.
At some point in time, you might have come across various essential practices on the internet. Some of which suggest using a strong password with a lot of complexities, which is a fair ask to keep your accounts secure. But for a lot of people, creating or remembering a complex password is not that easy, and they end up with very basic passwords like – ‘monkey‘, ‘password‘, ‘qwerty‘, ‘123456‘, etc. The problem with such passwords is that they are very commonly used and can be easily cracked using a simple dictionary attack. If you do not use a complex password and are stuck with a basic password, you can head over to this website, which has a list of thousand most commonly used passwords to find out if any of your existing passwords are listed there. In which case, you might want to change your passwords right away without wasting any time.
Another problem with having so many accounts is the re-using of passwords. Apart from using a simple dictionary-type password, some people use the same password across all their accounts. The reason behind this seems obvious — it’s easier to remember a single (and simple) password as opposed to its complex counterparts for various accounts. However, this should be completely avoided. For, if one of your accounts gets compromised, you might end up losing access to all your accounts, since they share the same password.
To avoid running into such problems, it is always advised to use Password Managers, which assist you in generating and managing all your passwords in one place.
But what is a Password Manager?
A Password Manager is an application (or a service) that allows users to create, store, and manage all their passwords in one place and access them with the help of a ‘master’ password whenever and wherever required. It features a safe (and encrypted, in most instances) vault, which can be used to store other valuable information like bank details, email accounts, passport, software license, membership cards, etc.
Using a password manager, you can do everything from generating a strong password, to storing and syncing them across all your devices for easy-access, to auto-filling login forms on apps and websites. All that to save you from the hassle of not needing to brainstorm while creating a password, not having to remember all your passwords, and in some cases not having to fill in the login details, as well. And for all that convenience, the only thing that you need to do is remember the master password, which is required on two occasions: logging-in to your password manager and resetting your master password.
Since the entire vault’s security is dependent on the master password, creating a master password that is pretty strong and complex, thus, becomes the utmost priority. Not to mention the need to always remember it.
So what does a strong password look like?
Well, here’s an example of a strong password: ‘TsO5Ld3hZD3!%CjB4*vB’. It is a 20 character-long password generated using the LastPass password generator, which includes numbers, special characters, and upper-and-lower-case letters. It is a pretty strong, complex, and unique password as compared to the simple dictionary passwords that a lot of people use, which makes it comparatively less vulnerable to brute-force attacks.
According to this website (that provides an idea of how strong a password is by evaluating the time required to crack it), it would take someone around 43 quintillion years to crack this password. And that puts our Lastpass-generated password right up on the list of secure passwords.
How to choose a strong password?
Ideally, the best way to create a strong password is by using a password generator, which can be found as an added utility on a lot of password managers these days. However, in case your password manager does not have it, you can find an online tool, which works just fine. Using a password generator takes away all the hassle of creating a password yourself and adding it to the vault. Thus, offering you more convenience, and in turn, saving some time.
However, in case you do not want to use a password generator and wish to go the other-way-round and create a password yourself, here are some do’s and don’ts that you need to keep in mind while creating a master password or any other password, in general:
- Always opt for a long password — anywhere between 8 to 15 characters is considered ideal.
- Opt for complexities by including special characters, numbers, and upper-and-lower-case letters as much as possible.
- Never include your name, phone number, D.o.B, address, or any such personal information in your password.
- Never use a simple dictionary password to secure your account.
- Never re-use the same password across all your accounts.
- Never store your passwords fragmented on various notes app across several devices.
‘Pass-phrase’ is your friend!
There’s no denying the fact that a password with all the various complexities and complications included is an ideal fit for your account. But with increased complexities comes difficulty in memorizing and remembering these passwords, especially when you have to remember them for all your different accounts.
A solution to this is to replace passwords with a pass-phrase as your authentication password. This is so because a pass-phrase comprises of several words in sequence, which makes it easy to memorize and use when compared to a password. In addition to that, a pass-phrase also makes up for a better password by making it sufficiently long-and-complex. For example- the password ‘qwerty12341234‘ is short, common, easy, and more susceptible to a brute-force attack as compared to something like ‘ridiculouslysymphonicturmoil‘.
What should you look for in a Password Manager?
Now that you have decided on using a Password Manager, there are a few things that you must always keep in mind when looking for a password manager.
- Firstly, the most important thing to always be aware of is security. When looking for a password manager, always search for security details like the encryption standards used to encrypt passwords and communication and the platform used to store all your information. Subsequently, look for password managers that come with 2FA (software or hardware), which adds a second layer of security to your account, in addition to the master password. With the 2FA in place, whenever you log in to your password manager, the app asks you to enter a code, which can be either a software-based code like Google Authenticator or a hardware key-based code like YubiKey. And based on the one you use, all you need to do is enter this periodically generated key in the prompt.
- Look for a password manager that features a built-in password generator, which can come in handy to generate strong and complex passwords. That way, you don’t need to go around struggling to create passwords yourself. And once generated, you can add other details like the username, email address, website URL, etc, and save the entire set of login-credentials for use at a later time across all your devices if your password manager comes with the cross-platform sync feature.
- Apart from the ability to store passwords alone, look for password managers that provide an isolated vault, separated from the login-credentials. Such vaults can be used to store other confidential information like bank details, credit card information, health insurance, membership, passport, software license, etc — the kind of information you otherwise refrain from keeping on your notes app.
- Another excellent feature that is a must on every password manager is auto-fill, which saves you the hassle of keying-in passwords every time you come across a form on a website. Using the feature, you no longer need to fill the username and password for your account. Instead, the app itself does it for you. To make this work, while you save your passwords on the app, you also need to provide the URL (address of the website) along with the username and password. After which, whenever you are on a website, the app identifies its URL with the one stored on the app, and if a match is found it automatically fills all the details that you provided in the first place. Besides, it also prevents your accounts from being compromised with spoofing-attacks like the IDN Homograph attack, which is done by creating a clone of the website and making the URL of the website look identical to the actual URL by using characters that otherwise mean something completely different but appear to be identical. For example- ‘g00gle.com’ instead of ‘google.com’, ‘rnicrosoft.com’ instead of ‘microsoft.com’ and many more. The differences are slim and very less noticeable, especially when you haven’t come across or heard of such attacks.
- Generally speaking, a lot of us use more than one device to access various services on the internet, which arises the need to have all our login credentials synced across different devices to be able to access them wherever and whenever required. However, in case your password manager does not have the cross-platform sync capabilities, you might need to go back to the primary device that has all your passwords. The problem with this approach is that it defeats the whole purpose of using a password manager in the first place. So, when choosing a password manager, make sure it comes with the cross-platform sync functionality, so you can save and access your passwords across different devices.
Which is the best Password Manager?
While there are different password managers to choose from, there is no such thing as ‘the BEST Password Manager’, since each one of them has its own share of pros-and-cons. And therefore, it’s more of subjective preference, as what may work for you or meet your requirements may not do the same for others. However, to make the selection process simpler, here are four of the most popular and widely used Password Managers:
Get started now!
By now, you have a solid idea about how a password manager can help you with some mundane tasks while simultaneously increasing the security of all your accounts. So, without any further ado, pick a password manager and download it on all your devices (phone, computer, tablet) and start using it right away.
Pro-Tip: In addition to using a password manager, make sure you also use a 2FA (software or hardware) to add an extra layer of security to your account.