Every time we sign up to a new service, we are asked to enter a password that we will use to access that service. This is a simple security requirement, and one we are all accustomed to. The problem is trying to keep track of all the passwords we need if we follow standard security advice. That advice includes the recommendations that you should:
- Never store your passwords and user names in a text file on your computer.
- Never write down your passwords and user names.
- Use a different password for every site you visit.
Not many people are able to remember more than a handful of passwords. Additionally, most of us are likely to forget the passwords for sites or services we rarely use.
Of course, we can ask our browsers to remember the password for any site we visit, which means we do not have to remember them. However, using browsers to store passwords can be a major security threat.
Using a Password Manager
This is one way to overcome the problem of being unable to remember passwords, because the manager will do that for us. This means we can follow the recommendation to have a unique password for every site.
With a password manager, we set a master password for the manager program, and that is the only one we need to remember. Once we successfully log in to the manager, we can use the stored passwords there to access the sites we visit.
Where Are Passwords Stored?
Password managers can store passwords on the local machine, or they can store them remotely. The latter option is preferred. When passwords are stored locally, we can lose them all if the computer crashes.
Is A Password Manager Safe?
There are many safe managers available. Many of them are open source products, meaning you do not have to pay for them. Others are commercial products that you have to pay for. Lots of them offer many good security features, so choosing one is down to a matter of personal preference. However, you do need to take some precautions.
- Be wary of new products. You will be giving the product you use the ability to access any website you add to the manager. Therefore, you need to be sure that information will not be abused. Using established products protects you from abuse.
- Make sure your master password is very strong.
- Check that the password manager encrypts your passwords, and that passwords are masked as they are input. Most products do this, but some may not have masking set as the default.
- Check online for other people’s comments about the password managers you are thinking of using.
A password is considered strong when it is difficult to crack or decipher. The longer a password is, the harder it is to decipher. You can also make it more difficult to crack by using a combination of upper and lower case letters, digits, and punctuation marks.
You should always make your master password very strong. If your computer or other device is stolen, the thieves may try to crack your master password. If they succeed, they will then be able to access everything.
Many managers can automatically generate a secure password for you. Generated passwords will be more random than those you create yourself. Look for a manager that will do this for you.
Ease of Use
You can try out open source password managers without cost. That means you can experiment to see which one you find easiest to use. It should be easy to understand the interface, to add new sites, and to retrieve saved passwords.