On top of all this, there are the accounts we need to just to keep the lights on, so remembering every single password is impossible.
It’s enough to make anyone want to table-flip the internet. (I wish it was possible, I really do.) We have a heaping helping of password fatigue with a side of dread every time we try to do anything online.
Password dread usually makes us decide it’s all pointless anyway, and we just stick to whatever bad password habits we’ve already developed. Like using the same password for everything. Or never changing them. Worse, many people will make the simplest, most hacker-friendly passwords around, like “123456.” This house of cards is destined to come down in the worst ways, like identity theft, drained bank accounts, or your email and social media profiles hijacked.
It doesn’t have to be this way. Times have changed, angry-password grandpa! Turns out, you can now be lazy, cranky and stay ahead of the breach-victim herd just by using a solid, reputable password manager.
A password manager is an app for all your devices — phone, laptop, tablet and any browser you use — that autofills usernames and passwords for all of your online accounts. A password manager stores your passwords and creates an easy, secure way to access all of your accounts on any device. With a manager, your 50 million passwords are all saved and securely stored in an encrypted vault, which you can search if you need to. All you have to do is remember one master password.
Password managers have oodles of upsides. You can change all your passwords without having to remember new ones. Even for that secret Instagram account you made after a few too many beers and didn’t touch for five years. All of your passwords are kept in one extremely safe, encrypted virtual vault — but with a secure app that works on all of your devices. Password managers can help you find your weak or duplicated passwords and change them. What’s more, these handy tools can also help you make excellent passwords, following current guidelines and conventional wisdom about making them secure.
If you look around online, the long lists of things to do to help make your passwords stronger and attack-proof can be confusing and overwhelming. It doesn’t help that each dumb, little “enter your new password” box seems like it has a bizarre and sometimes contradictory set of rules for password creation. One great thing about password managers is that they can generate really strong passwords for you whenever you need one. You can also use password generators on trusted websites, like LastPass or Norton.
You’ll need to keep some password basics in mind:
- Make strong passwords that are at least 12 to 16 characters long.
- Don’t use pet or family names, your address, Social Security number, birth date or other personal information.
- It’s annoying but you must never recycle or reuse a password.
- Change your passwords every three months or if there’s a security incident.
- Don’t let Chrome, Firefox, Safari or any other browser save passwords for you.
- Use password phrases (usually six or more words long) for the best security.
- Include capital letters, numbers and symbols if the app or site allows it.
Once you’ve got your passwords set, you’ll need to protect them by having good password hygiene. If you must copy them down anywhere, make sure they are difficult to access. Don’t tell anyone your passwords, and block “shoulder surfing” by covering your screen as you enter a password to make sure no one’s watching you. And the strongest way to protect your passwords is by using a password manager.
It’s important to understand that password managers are a line of much-needed self-defense for our own security: I probably don’t need to remind you that most companies can’t be trusted with your security or privacy; every week there are headlines about a company getting its email, website, Twitter accounts or something else hacked. Many prominent sites that routinely collect consumer data have inappropriate or dangerously lax password practices. A manager helps you stay ahead of other people’s mistakes.
It’s not too good to be true, I swear. Password managers protect your info by storing it in an encrypted vault, in addition to a secure backup location of your choosing, like Dropbox or an external drive. No one can open your password vault or backup unless they have access to it (the app’s encryption keys) and know your master password. This way, no one can accidentally discover your passwords, like if you saved them on a text file. And you can make really complicated passwords, because the manager will keep track of them (and remember them) for you.
Password managers also have a cool feature where they can create a randomly generated, complex password for you with the click of a button — and they’ll remember it if you decide to use it. They can also perform password-cleanup chores, such as when you want to eliminate re-used passwords. Some, like 1Password and LastPass, will even tell you when a site you use has been breached or hacked so you can change your password before anything terrible happens.
Where do you start? Well, first, decide which one you want to use. Make sure it’s reputable and that it’s one you pay for. Free password managers are shady; if it’s free, there’s going to be a catch, like bugs, dirty data practices or a lack of support should anything go wrong. Think of it like insurance: a necessary evil, though at least it’s only a few bucks a month, and password managers are certainly more reliable and directly beneficial than making a claim after a car wreck.
When you pick one, do a little Googling for reviews and articles just to be sure it’s right for you. Most people, ourselves included, like 1Password and LastPass. Dashlane is also highly rated, though it has more limitations than the others. Both LastPass and Dashlane have free versions if you’re broke, though those plans are less flexible. (Full disclosure: I use 1Password, I have no affiliation with the company, and I am a paying customer.) Make sure you avoid scams and only download the apps directly from the company’s official website.
Password manager setup is a snap. Sign up for your account and do all the billing hoo-ha. If you’re creating a family account, you’ll invite everyone else after signing up, though if someone in your family has an account, ask them to invite you. Then download the manager’s apps to your devices, and make sure you get its extension for your browser. When you want to fill in a password, simply click the extension’s symbol next to your address bar and sign in.
Open the app and get going. Since you’ll really only need to remember your master password after this, make that one a long phrase — a short sentence, with a number and symbol thrown in for good measure. For example, you can use a dollar sign ($) in place of an “S” or a “3” in place of an “E”. Then, start using and visiting apps and websites where you have accounts. The password manager will ask you to save your login, and from that point forward it will know when you’re about to log in somewhere, and prompt you for permission to fill in your username and password. That’s one of the cool things: Password managers don’t do things without your permission.
Most managers have “quick fill” shortcuts that do the work to log in for you, after you enter your master password. If for some reason you need to enter a password by hand, you can just open the manager and view it.
Some will also offer to store your credit cards and addresses. Which, by the way, is something you should never trust to anything except a password manager. I’m not saying this to insult Apple’s keychain, or Chrome’s autofill. Those companies have incredible security teams. I just know the facts about how criminals can exploit and extract your credentials from browsers, phones and operating systems, and your trust is way better placed into a password manager. And they’re way, way safer than letting any retail site save that information.
While only a total monster makes fun of someone who ended up in some company’s breach for having “123456” as their password, you must make sure you’re not “the one.” Password managers help us with that, though we’re not trying to tell you password management is fun. A different kind of monster believes that.
But try to think of it as necessary chore like laundry or dishes, but best practices mean you should use your password manager to create and store unique passcodes for each site you care about. Some managers like LastPass know what a pain this all is, and has a security-challenge feature. This identifies old, weak or compromised passwords, and it prompts you to run the challenge every few months. Take the time to redo passwords that could be easy for hackers and attackers to crack — using password cracking programs, it’s easy to break into accounts that have short and simple (“bad”) passwords. Change passwords that are re-used on different accounts. The great thing about password managers is that they’ll tell you when passwords reoccur, and they make it easy to find and change your duplicates.
Right now it feels like there are precious few things we can actually say are good, helpful and positive about our internet experience. Password managers are one of them. They really do provide a simple solution to a glaring and ubiquitous problem. And when it comes to ourselves, our friends, families and the communities we care about, something as simple as a smart password-security tool can save us a whole lot of unnecessary stress and heartbreak.