Should I Use a Password Manager?

by | 14 Jan, 2022 | Security

16 Minute Read

If the thought of storing all of your sensitive passwords in one place leaves you feeling nervous, then I am sure like many you have asked the question should I use a password manager? Along with which password manager should I use?

Anyone using the Internet can be vulnerable to hackers, scammers, and ID thieves because many are still using the same password for multiple online accounts rather than changing them regularly and strengthening their credentials. This makes it easier for criminals to access personal information.

A password manager is a tool which generates, stores and manages your passwords.  They encrypt the data so that when the data is not being accessed it cannot be read or used by anyone else outside of your own personal vault.

To address these risks, you may want to consider downloading software known as a password manager. A password manager adds a high level of authentication to your digital life which cannot be achieved using manual methods such as writing your passcodes down on paper. This software allows you to store all of your logins in one (secure) place while keeping track of similar passwords, so they are easily replaceable when required. They also provide security tips as well as tools to further protect you.

 

what is a password manager

What is a Password Manager?

Throughout your day, you will log in and out of numerous apps, software, and cloud services. This might be accessing your email, accessing work files, social media accounts, eCommerce websites and banking services to name just a few. Each site will most likely request a username and login credential to authenticate you so that you can be identified as the account holder.

Remembering every username and account detail for every account is just not humanly possible unless you use the same credentials for each site.  This is extremely risky and in some work environments very dangerous as gaining access to one account means hackers gain access to everything.

Your passwords, therefore, need to be stored somewhere. Even today, many people still write their passwords down on paper and store them in notebooks. They feel this is the safest way to keep secure as no one else has access to them. But in doing this, anyone can pick them up and have access to your world. Equally, what if you lose the pieces of paper, spill drinks onto them or worse, encounter a fire. The passwords you write down may not even be that secure, and if you have written down symbols and strange characters, then they take ages to type back in.

There are other problems with writing down your passwords too:

Problems at Work:

The knock on effect of poor credential management at work can often escalate quickly. Some of these problems include:

  • If you are at work you may be in breach of company policy to write down your passwords on paper.
  • If your password is used and your accounts are breached, you could be dismissed.
  • How will you protect your passwords securely from cleaning staff who may work late?
  • You may take your secure book home, but you might now leave it on the train or have it stolen.
  • You could be in breach of data security which may result in reputational damage for you and your company.

Problems at Home:

The same issues also exist at home too and bring with them similar but different issues. Some of these include:

  • Someone at home may access your PC and gain access to your social media profiles and access sensitive information.
  • If somebody breaks into your house, one of the most valuable things they can now steal is your data which may give them access to private medical information, identity details and more.
  • You may be at risk of identity theft if someone accesses your bank details or email accounts as they can reset your accounts and email access without your knowledge until it’s too late.

A password manager is a tool that generates, stores and manages your passwords.  They encrypt the data so that when the data is not being accessed it cannot be read or used by anyone else outside of your own personal vault.  The standard data encryption level is AES-256 encryption, but some even offer more than this.

You can use some password managers for free. Some of them come free with other premium security services, such as if you were to purchase a VPN you might receive a free password manager as part of the package offering. The better ones offer premium features for a fee and offer improved security features on top. To be honest, they are never too expensive, and you are likely to use them every time you use the internet or device so the cost is well worth it. It may cost you much more in time and money not to use one.

Once your password manager is downloaded, you will set up an account and they will walk you through setting up a master password. This master password will unlock your personal ‘vault’ where your passwords will be fully encrypted and secured. Once entering the vault your passwords will become accessible only to you. On leaving, they will become re-encrypted so no one else can access them.

The password managers will generally come with a desktop application so you can access your passwords on the desktop of your computer easily, or the more commonly used functionality is the browser add-on or extension. These extensions sit in your browser and work in the background. You can set them to either automatically log in when you access your device or better practice, for you to log in once you have logged in using the addon itself.

This means that if someone does access your device for any reason, they still can’t get to your vault. All you must do is remember your master password – but please don’t write that down in a book!

They will also come with an app too which you can download so you can access them on your electronic devices no matter where you are. The added benefit is that all of your passwords will automatically update across devices the moment you change them. Some password managers may require the premium version for this to happen.

As you don’t need to remember all of your passwords with a password manager, password managers make it really easy to set up secure passwords using built-in password generators. Password generators,  you can choose how long they are and how complex too. The longer and more complex the better.

For example, you could set your Facebook password to:

x5*7Kr&TXdRIp4zIp!CS

This might be a lot harder to remember than password123 but that’s a good thing because now you don’t need to remember it using a password manager. You simply store this passcode, with the URL to Facebook login and you can enable the option to auto-fill in this password each time you are logged into your password manager.

Now your passwords can become much harder, if not impossible, to guess and it means that if an account was compromised, your other accounts remain secure.  You can also create unique passwords per account, which makes your digital life much more secure.

password manager features

Password Management Features

Different service providers offer different variations on the following core password manager features:

Master Password

The master password is the one password you will use to access all your information. You enter the password once and it will open your vault. You could be storing an unlimited number of passwords in the account and this one password will provide you secure access to them.

Random Password Generator

This is a tool that will create a random password. This means that it has no human logic applied to it and you can choose what to include in its generation. You can’t even blink and a random password will be generated, even over 100 characters long. They are incredibly hard if not impossible at this time to break.

Cloud-Based Password Management

This is where your information is stored. They are held to the highest levels of security and sync your information via the internet to your secured devices. Cloud-based management is safer as they provide additional features than what you would ordinarily have on your own computer. This might include a backup for example of the vault to a much higher level than you can with two copies of a written down password.

Auto-Fill Password Feature

This feature pre-fills your account details when you go to log in. It means you don’t have to remember your username or password. You can have the form automatically filled in, or you can right-click and select the manager to fill in the account details once selected.

Password Vault

A password vault is the software and server configuration that keeps your passwords and account information in a secure digital location. The vault is encrypted to the highest standards and keeps everything secured.

Encryption

Encryption is the method of scrambling the information stored so that it cannot be read or accessed. This will include a strong encryption key that will use a strong encryption algorithm to secure your personal vault. Your encryption key will be managed by the service and handed back to you each time you log in to access your information.

Audit Feature

This is a helpful feature to see if anyone is trying to guess your passwords. This will also provide you with a detailed account of who has accessed your information, when and where. Of course, unless you are sharing then this should only be you. You will also be notified of any suspicious activity.

are password managers safe

Are Password Managers Really That Safe?

There are a lot of password managers to choose from. What most people don’t realise is that all major browsers have security and code managers built into them. Each time you log in to a cloud service on your browser, you are likely to get prompted about whether you wish to save your password or not. That’s the password manager in action within the browser. This means that you might be using one without even realising it.

Security experts and especially any cybersecurity expert will recommend using password managers as the best means of keeping all your passwords safe. Of course, this means putting our trust in the company and teams behind the password managers. Therefore, we recommend using reputable firms with a strong history of cyber security and reliability. You can always reach out to them and ask them about any of the concerns you may have. It’s likely they will have their bases covered. It’s also a good way of comparing offerings and allaying any fears you might have.

The Government’s National Cyber Security Centre (NCSC) states that people should use a password manager. Their view is that password managers are much more robust than putting passwords in one place on paper for the very reasons mentioned above.

Despite advice in previous years that we should memorise our passwords, there are just too many to remember today. Times have changed. The way we access information and share information has changed. Our very accounts have become targets of fraudsters and cybercriminals. It’s another reason your passwords should be taken seriously so that you don’t become a soft target.

password storage in one place

Should I Really Store All My Passwords in One Place?

The biggest fear of anyone using a password manager is that it gets hacked. That all their eggs are in one basket (though I suppose you could use multiple password managers but that might become inefficient).

The good news is that to date, there have been no known attacks and breaches to the major password management providers. They did get as far as breaching the password hints functionality on one service, but that was quickly squashed, and people were immediately informed and asked to change their password hint and master password. The hackers never actually got anywhere near any of the users’ passwords in the secure vaults.

Could there be a breach one day of such a service? Of course. You are much more likely to be targeted by an email scam or a phishing attack than be the victim of a password manager hack. Using a password manager makes you less likely to be a victim of these cybercrimes though ironically. But yes, it could happen. Password managers are built to be extremely robust.

Have a look through LastPass security architecture and see if you can match it at home.

As you can see, there is a lot going on, and yes, a lot of it is techy, but they explain it relatively well in simple terms (because it is much more complicated than they make it sound), and you can see that this offers much more protection than writing things down.

That said, not every type of device is guaranteed secure from hackers. Web applications are often accessed using the same exploited weakness, allowing hackers to steal identical login credentials. Any sensitive credential management software is vulnerable if your computer has spyware. In this case, you will be locked out of your account, and any credentials will be recorded, often without you knowing.  This means your overall computer security has to be to a high level too, using a manager won’t solve every threat to your digital life.

At the end of the day, where you store your sensitive information, really depends on the place it’s stored.  You need to remain vigilant and adapt to changes in the markets and security situations as they happen.  Keep your eye on local and international news along with any technology and security news y8ou might follow too.  You can easily set up alerts for this type of information to remain “in the know”.

password manager benefits

Why Should I Use a Password Manager?

For a safer, securer, digital life, password managers are the best thing you can use. They provide more advantages than disadvantages.  Why should I use a password manager will become a question of the past after reading this list below:

  • You can generate long, complex, unique passwords across any account you use.
  • You only have one password to remember.
  • You can generate new passwords instantly and frequently so that your password never remains the same for long – this is good practice and often thwarts any hack attempts as usually any data stolen is often out of date if you change your passwords frequently.
  • You can quickly copy and paste your usernames and passwords into your cloud services.
  • You can enable automatic fill options so that they fill out your passwords whenever you use a login form.
  • You can add additional biometric and two-factor authentication on top of your master password to ensure additional security.
  • You can sync all your accounts across all your devices.
  • You can press a ‘kill switch’ to destroy all your data.
  • You can store more than passwords and keep further information secure in the highest encryption levels, such as notes.
  • You can store helpful passwords such as Wi-Fi passwords which helps you set up strong Wi-Fi passwords at home or in the office, so you don’t need to keep using the password shown on your router. This is another major way of protecting yourself against cyber attacks.
  • You can receive alerts to any passwords which are easy to break or that you have used more than once.
  • You can store frequently used passwords and favourite accounts near the top of your password lists.
  • You can categorise your passwords so that they can be easily found.
  • You can ensure your entire family and work teams are maintaining strong password hygiene to minimise any chance of an online attack or data breach.
  • You can use a virtual keyboard to login into your account so that keylogging software doesn’t know what you are typing on your keyboard.
  • You can quickly change your master password so that all of your stored information is re-encrypted instantly.

They give you huge advantages in a world where there are far too many passwords for anyone to remember. For example:

  • they make it easy for you to use long, complex, unique passwords across different sites and services, with no memory burden.
  • they are better than humans at spotting fake websites, so they can help prevent you from falling for phishing attacks.
  • they can generate new passwords when you need them and automatically paste them into the right places.
  • they can sync your passwords across all your devices, so you’ll have them with you whether you’re on your laptop, phone, or tablet.
  • A password manager will make you more productive as you will not need to keep signing in and signing out of your accounts using the autofill function.
  • If your device is compromised your passwords aren’t as they are stored off your devices.
  • Creating new, secure passwords for all your accounts is fast. You don’t have to think about creating a secure password, it will be done for you and be completely random. You minimise any way someone could potentially guess your password.
  • You don’t need to use password hints for your accounts removing a major area of weakness.

The biggest benefit is the peace of mind that you have done everything you can to protect yourself from a password perspective. If you follow the advice and guidance of the password manager, you are setting yourself up for a much more stress-free digital life. You will be able to become proactive if you are ever notified of any security breach or potential breach on your accounts, you can swiftly update them.

risks to password managers

What Are the Risks of Using a Password Manager?

Of course, nothing is 100% safe in the world of computing. Even using a professional password management service there are still risks that need to be considered, and best practices to be followed.

The biggest risk, and barrier to entry for people wishing to use a password manager, is that all your passwords are in one place.

The information stored here becomes convenient and won’t necessarily just be passcodes. It could include bank details, pin codes, personal information, and even medical details you wouldn’t want to be made public. If you are a person of high public interest, you may yourself be a direct target. It’s a risk for anyone to use. If an attacker did gain access they could go through and potentially change your account information.

You need to ensure you create a strong master password. if your master code is weak, or guessable, or you make your password hint really easy for someone that knows you to guess what it is, your password security just went down a notch.

There is no backup. You might still copy all your passwords down onto paper just to protect yourself if the password management service went down and you couldn’t access vital information. It’s true, sometimes cloud services go down – though again, this is extremely rare and rarer still for password managers to go down. Most providers now use backup features and additional vaults.

The device that you use your password manager on could become infected with malware without your knowledge, or keylogging software could be installed on your computer. That said, reputable services will come with a virtual keyboard if you are worried about this happening on your device so that they cannot see what you are typing.

Another risk that is more user-based, is forgetting to use biometric logins and two-factor authentication. You might find it too annoying to keep using it to log in each time. You may also forget to change your passwords often, which is the reason it’s good for you to use a service that sends you these reminders and provides you with a security score.

You might choose a poor or unestablished password manager. They don’t always have the same level of security as the more professional established services. Saving some money on a service should not be a concern when it comes to choosing which password manager to use.

A password manager is reliant upon you using your master password to access your account. You might forget this password thus locking you out of your account. If the service doesn’t have a reset function it may result in your having to go through and resetting all your accounts.

Whilst this might be annoying, it’s still better than being hacked. Most managers though now come equipped with a recovery process. Some offer more recovery options than others so keep this in mind when choosing which service to use. It depends on what risk you are willing to take. The more recovery options are given, the potentially less secure the service is.

Some services will not let you use a password manager. Not all, but some banks for example don’t support the use of password managers. If your account is compromised and you had a password written down or stored, you may not get your money back if you are a victim of cybercrime. That said, we can all remember the odd pin code or password versus having to remember all of them. With the majority in a secure vault, it makes it much easier to remember ones that are vital to your finances (if you are required to).

Some might find it difficult to set up the password manager in the first place. They might find the process daunting or difficult to understand. This can prevent the password manager from being set up securely enough in the first instance. If this is the case, you should always reach out to a person within the IT industry for help that you know and trust. You could also contact your password manager provider too for help with getting set up and best practices.

Sometimes you might find that some of the password management functions are a bit hit and miss. For example, some web forms won’t let you use an auto-filling service or the forms themselves might not get recognised. In this instance, it’s best to use the copy and paste functionality. When you’re so used to using auto-filling on forms, this can be quite frustrating – but hey – more of a good problem to have all things considered!

safe password management

Am I Safer Using a Password Manager than Not Using One?

Yes. It does come down to personal preference. If you only have 3 passwords you need to remember for perhaps your email and social media and a Wi-Fi password, would you need a password manager? Probably not, but then, you can use it to set a secure password and not have to worry. You can of course enable two-factor authentication or multi-factor authentication on top of your cloud services too. Multi-factor authentication is the best way to go as you’re adding additional walls of security in between your services.

The risk of using the same password and even username for accounts is the main reason for using a password manager. We’ve all done it just so we can access the same services easily. No one will get me we say, I’m not that important.

The thing is, an attacker doesn’t know you, they’re not after you as such, they just see you as a target. Not even a person but just some data. So, in that respect, you are just as important to them as everyone else. In using a password manager, you stop yourself from being a soft target so that sadly they will likely move on to someone else who hasn’t taken the time to secure their accounts.

Look at using a password manager as a security task to make sure that your digital life is as secure as it can be. It should be part of your cybersecurity arsenal.

how to create a strong password

How Can I Make a Strong Master Password?

The master password becomes your first line of defence, so it’s important to create a good one. But how can you go about creating a password which isn’t easily guessable, secure yet still memorable?

The best advice is to make up a long password that includes numbers and dashes.

For example, and don’t use this, but if you like football, you could do something like:

Football rocks becomes: [email protected]!$
or Man United win becomes: [email protected]$-W1ll-win

You get the idea … just make sure you can remember it.

best password manager

Which Password Manager Should I Use?

With many more people working in hybrid roles at home and in the office and many devices now connected to the Internet, we are now using more cloud services and passwords than we ever have before.  This means without using a password manager we run the risk of using the same password for all our services or one that’s easy to remember and thus hackable.

The trouble is that there is more than one password manager on the market.  So which one should you use to make sure you remain safe and secure online?

To help you decide which password manager you should use, here’s a list of the best ones available. At the time of writing these are the ones I would recommend you investigate:

Last Pass

If you asked me outright, which one should I use, I would tell you LastPass. I have found LastPass to be excellent. Not only does it ensure I remember to update passwords, but it means I am able to secure everything properly and change access immediately to sites from any device.

The time-saving function of being able to auto-fill forms (and switch off the auto-login function), means that I can navigate quickly without having to type out very long complex passwords. Some passwords I have are 75 characters in length and full of symbols.

Here’s just a list of some of the reasons LastPass is so good:

  • LastPass is convenient,
  • You can block access to only certain devices and locations,
  • New passwords can be created instantly using the password generator which creates a random password at the click of a button,
  • Secure passwords are easy to create,
  • Login URLs can be saved so you can launch websites from LastPass without having to manually visit the website,
  • It saves a lot of time both from a security perspective and from a workflow perspective,
  • You can increase the standard security levels with ease,
  • I can update accounts from any device,
  • Biometric security can be easily added,
  • It comes with a security dashboard that is easy to use which lets me know if anything has been breached on the Internet,
  • It comes with a desktop, app and browser plugins. The browser plugin is the one I use most.

Despite the controversy over the purchase by LogMeIn for $125million in 2015, the company is going out again on its own independently. This means that they are taking the product more seriously than ever.

Visit lastpass.com

Although I have not used them as much as LastPass, other reputable password managers include:

Dashlane

Dashlane will allow you to sync all of your passwords across devices. When I tried it it was a bit more cumbersome than LastPass but it did the job. It offers excellent password management features and includes VPN protection if you are looking for this too. You will also be informed of any breaches to accounts from them as well.

It comes with a desktop app and browser plugin. As standard, it comes with a password generator that creates a random password that can be set to your desired length and level. To date, they claim they are yet to have a security breach.

Visit Dashlane

NordPass

Another password manager to look at is NordPass. They are the same team as the one behind the well-known VPN service called NordVPN. It has added many new features and offers a nice simple user interface. Other password managers offer more advanced features currently at a lower price. They too offer a password generator and random password management.

Visit NordPass

Should I Use a Password Manager Summary

Hopefully, this article has provided some insights into the benefits and risks associated with using a password manager and answered the two key questions everyone is faced with:

  • Why should I use a password manager?
  • and which password manager should I use?

As we have outlined in this article, no one is 100% safe online, but using a password manager will:

  • Keep you more secure.
  • Allow you to be proactive.
  • Save you time.
  • Create unique passwords for all of your accounts.
  • Keep you secure across your devices.

The best thing you can do is to make sure you use a strong master password that will provide you with a strong level of authentication to keep your services safe.

Before we go, here are some quick tips to take away regarding password hygiene and account management:

  • Make sure you generate long passwords, not short ones – length matters more than symbols.
  • Change your passwords regularly, ideally each month but definitely at least 3 times a year.
  • If you ever hand out your password to anyone, make sure you change it once an issue has been resolved.
  • Enable two-factor authentication or multi-factor authentication on any accounts you use where you can.
  • Don’t mix personal and work emails when creating accounts.

If you have any further questions about any of the topics raised in this article, then please don’t hesitate to get in touch.