The Truth About Password Managers

Password problems threaten your identity, privacy, and more. The solution is simpler than you think.

If you’re frustrated trying to keep track of all your passwords, you’re not alone. A Google/Harris study found that 75% of Americans struggle with this. And no wonder: another study found that in 2020 the average person has 100 passwords to remember, 20-30 more than in 2019! With so many to manage, many people choose passwords that are absurdly easy to remember (123456, Password, and qwerty are three of the most common passwords) or because they include a person’s name or birthdate. Unfortunately, these passwords are too easy for bad actors to guess, which is one reason why 80% of hacking-related data breaches are linked to passwords.

Weak or stolen passwords put your privacy, your identity, and potentially your employer or community at risk. (For example, the Colonial Pipeline ransomware attack, which interrupted fuel supply to the whole U.S. eastern seaboard, was caused by one leaked password.) There’s a better way to manage and protect all those passwords: a password manager. And today’s password managers are simpler to use, more powerful, and more portable than ever before. Let’s look at how they work and how the right password manager can protect you from identity theft and more.

How a Password Manager Works

In a nutshell, a password manager is a virtual vault, a piece of software that stores your passwords in encrypted form. Instead of having to remember and type dozens of different passwords for different accounts, you only have to remember one strong password, and the password manager will supply the account password to the website or app you’re logging into. Password managers will create randomly generated, strong passwords for you, but some also give you the option of creating passwords yourself that they will then manage.

Features to Look for in Password Managers

Today’s password managers offer a number of features to choose from. You can use one which is cloud-based (the passwords are stored by the vendor in their data center), one where the passwords are stored locally on your device, or one where the passwords are stored on a USB device such as a thumb drive. The advantage of a cloud-based password manager is that your passwords are available anywhere, from your desktop computer to all your mobile devices. Some people feel more comfortable with device-based password managers because they worry that the password manager vendor could have a data breach, and that it possible, but devices can also be hacked or lost. What’s most important to password protection is the strength of encryption that the password manager provides. For example, a password manager with military-grade AES 256-bit encryption would take billions of years-worth of computing power to break.

Other password manager features to look for are:

• A user dashboard where you can review and manage all your passwords
• Guidance on the strength of passwords you’re using and if they’ve been re-used
• Alerts, for example, if a password has been compromised in a data breach or found exposed on the dark web, or there’s an unauthorized login attempt or someone tries to change credentials on one of your accounts
• Encryption and storage for other sensitive information such as credit card numbers
• Ability to sync your password data with your phone so you can access passwords when you don’t have another internet connection
• Secure sharing with family members

You Can Change Password Managers

Another good thing about today’s password managers is that hackers are locked out, but you’re not locked in. You can choose a password manager that has import and export capabilities. That allows you to back up your password database, and it also allows you to move from one password manager to another if your needs change.

The Best Security is Strong Password Protection. . . Plus

Passwords today are a major security headache for individuals, businesses, and our society. Security experts keep predicting a password-free future, but so far, alternatives such as biometrics have privacy and security problems, too. For now, the best way to protect yourself is to use a password manager in combination with these measures:

• Put password protection on your devices.
• Set up two-factor authentication on every account that offers it. The best option is a single-use code sent to your mobile phone or email that you then enter to verify your login or transaction.
• Set up activity alerts for your bank account, credit cards, and payment apps so that you know right away if someone else is using your account.
• Use a password detective to see if your passwords have been found in a known data breach or password cracking system. (Ideally, your password manager will do this and alert you if there are problems.)

Someday, there may be a post-password world where it’s simpler to keep our lives private and secure. But in this world, where even IT professionals are guilty of reusing passwords and 42% of organizations admit to using sticky notes to manage them, it’s understandable if you’re struggling. That said, criminals have no sympathy and no qualms about taking advantage of your password woes. So, stop struggling and get a password manager to help