When I first got email, I set up an account with a password that I only realised while writing this post, I was still using over a decade later. Not for the same email account (which might have actually been better), but for other multiple personal online accounts. Earlier this year I finally started using a password manager, as the number of online accounts I had was continuing to expand. I was resetting passwords on a weekly basis as I couldn’t contain them all in my head and my default was to hit the ‘forgotten password’ button to avoid the inevitable locked out message after several failed attempts. I had known I would need a password manager for a while, but had frankly been lazy.
Surprisingly (to me at least), I am far from being alone in this laziness. Many people we speak to, peers and clients included, still don’t use a password manager despite being well aware of the security risks. Furthermore, even when we strongly recommend it and highlight just how easy it is (I am a true convert now), they continue to use their existing system of storing passwords. Usually this is either written in their paper diary, kept in the notes section of their mobile or they simply use the exact same one across several different and highly sensitive sites, including ones with saved payment details.
Even listening to an episode from Podcast Reply All revealed that Alex Blumberg and Phia Bennin, from Gimlet Media, don’t have one. This is despite the episode being a follow up to another aired in March of this year, which revealed Alex Blumberg’s Uber account may have been hacked. He was recommended in that episode to get a password manager by a journalist who writes about hackers. Apparently this wasn’t much motivation:
ALEX BLUMBERG: (Laughs) Ok. Wait, should we just get one right now?
PHIA: A password manager?
ALEX BLUMBERG: I’m—I’m sitting in front of a computer.
PHIA: Oh my god, I don’t want to.
ALEX BLUMBERG: I don’t either.
Password managers are easy to use even for the technically challenged (definitely not looking at you Alex Blumberg). There are free and premium versions available, but whatever you go with, the features you should be looking for include:
- One click generation of strong passwords (or you can use another password generator tool such as vpnMentor)
- Automatic population of login information
- Automatic updates when you change a password
- Ability to share information with other users
- Multi-factor authentication
- Cross-platform use
- Digital wallet
Here are a few recommendations for password managers that you may wish to look into:
Lastpass: reputable and one of the most widely used, offering free and premium options
Dashlane: known for high security and good automatic population, but premium is one of the more expensive options available
Sticky Password: portion of subscription fee goes to charity, seen as having a lower threshold for security in comparison to others
Roboform: one of the oldest managers around and offers family accounts
KeePass: can create physical password keys and has strong auto-type functionality
1Password: can be stored locally as well as in the cloud
Remembear: new, good for beginners and from VPN provider TunnelBear
We do have a little warning - often you need a master password in order to access the manager. There is often no simple ‘forgotten password’ button for this so just make sure that you can remember this password while ensuring it isn’t too simple. And don’t write it down anywhere!