We often recommend using a password manager, but we’ve gotten a few questions asking why we’re so adamant about this. Lots of people think that all they need to do to keep their online accounts secure is create a single password with some numbers, often switching a lowercase L with a 1 and a capital E with a 3. And that’s for accounts people care about—for those that they don’t see as important, they’re likely to use a simple password like their child’s or pet’s name. Plus, most people don’t think they have much to protect or that they would be targeted by hackers, so they reuse the same password across multiple sites.
Guess what? Such an approach is extremely dangerous on today’s Internet. First off, no one is explicitly targeted. The bad guys get passwords by stealing millions at a time from Web sites with lax security. Then they use sophisticated hardware that can test over 350 billion passwords per second to decrypt as many of the stolen passwords as possible. All passwords shorter than 13 characters are easily cracked by such hardware.
Imagine you have an account on a shopping site whose passwords are stolen. The attackers can log in to that site, change your shipping address, and order items with your stored credit card. But they won’t stop there. They’ll use automated software to try that username and password combination on lots of other high-profile sites: Google, Apple, Amazon, eBay, Facebook, many banks, and so on. If they can get in anywhere, they’ll take over the account and exploit it in any way they can, which could involve stealing money, ordering goods, or using it to reset passwords and lock you out of other accounts. It can get ugly fast.
Use a password manager to generate, store, and enter strong passwords, different for each site, and you’ll never have any of these problems. A sufficiently strong password (go for 20 characters or more) will withstand cracking efforts for centuries, and by using a unique password for every site, even one password being compromised won’t expose any of your other accounts to abuse.
Here then are five reasons for using a password manager:
- Generate strong passwords: A password should be random, or it should be a long collection of words (think 30+ characters). Password managers can generate such passwords for you, so it’s easy to make a new one for each Web site.
- Store passwords securely: If you’re going to put all your eggs in one basket, you want that basket to be well protected. Password managers employ their own strong encryption and various other techniques to ensure that your passwords are safe.
- Enter passwords for you: No one can remember and type long, random passwords, but having a password manager enter the password for you is even easier than typing a weak password. Log in faster than ever before!
- Audit existing accounts: Password managers learn the credentials you use for existing accounts, and they can tell you which passwords are weak and which have been reused.
- Access passwords on all your devices: It’s even harder to type passwords on an iPhone or iPad, but good password managers have apps for mobile devices that sync with your password archive so all your passwords are available whenever you need them.
There are many different password managers, but for most people, there are three main choices. If you use only Safari on the Mac and in iOS, Apple’s built-in iCloud Keychain feature may be sufficient.
If you’re an Apple user but you prefer browsing with Chrome or Firefox, or if you want to share some passwords with family members or your workgroup, 1Password is the best choice. It costs $3 per month for an individual or $5 per month for a family, with team and business accounts as well.
If you need help choosing a password manager or setting one up, particularly in the context of a small business, get in touch with us. And if you’d like us to write more about each of these options, just drop us a note and we’ll see what we can do.