In today’s post we’ll talk about what a password manager is and why you need one. I have referred to the need for a password manager in several other posts so I felt like it was time to do a deep dive into what they are, and what they do so that we can make an informed decision.
How many passwords do you have?
Not a trick question. And please don’t say just 1. More on why in a bit, but let’s stick with how many for now. I started counting and I have hundreds. There are ones that I use regularly like my bank and brokerage sites. There are some I use infrequently like my frequent flier and hotel points accounts, and there are some I created and used once. I have a login for my oven. Why?
Most common passwords
Here is some fun reading on the most common passwords. We’ll see our usual favorites 123456, qwerty, qwerty123… I have to admit, I’m not great with typing on small keyboards and qwerty123 was my go-to for years. This was back when I had a blackberry.
Re-use
We do tend to re-use our passwords. I can’t remember 100+ passwords. I can’t even remember the 10 or so I use regularly. So why not create 1 really good one that we’ll use everywhere? Sounds like a good idea, right?
Not a good idea
Let’s talk about why this is not a good idea. Let’s say I come up with a strong password that I can remember. pfQ.iTpi_6. This looks like a beaut. There is nothing personal. No kids names, dates of birth, or anything someone might guess. I commit this to memory and start changing all my passwords to pfQ.iTpi_6.
I use fidelity.com for my banking, brokerage, bill pay, credit card and account aggregation. I change my fidelity password from qwerty123 to pfQ.iTpi_6. I’m feeling good.
Later in the day, I log in to ilovecats.com to watch some funny cat vids. I change my password to pfQ.iTpi_6 because I log in regularly and it will help me remember my new strong password.
Who spends more on security?
I spent nearly 20 years working at Fidelity. Every technology project I worked on had a security component to it. We designed for security, we tested for security, we had groups of people whose only job was to make sure our site was secure. Any type of a breach would have been catastrophic.
ilovecats.com doesn’t really have the same problem. They post high quality cat vids and are not all that concerned with security. If a hacker found a way in and stole their password database, it’s possible that the good folks at ilovecats.com might not even know.
Why is this important?
Smart and efficient hackers know that there is a goldmine of data to be found in hacking less secure sights for passwords. Get a bunch of login ids (usually emails) and passwords and then start trying them at various financial sites.
They get my email and password (remember my strong password pfQ.iTpi_6) and use it on fidelity.com, and they’re in!
Unique passwords for every site
This is the big reason you need a unique password for every site. Which unfortunately gets us back to needing to remember many many many secure passwords for all the different sites we visit. Ugh!
Password managers
Which brings us to password managers. A password manager will do all the hard work of creating unique strong passwords, storing them and entering them in websites that we visit.
A password manager has 3 main components:
- An encrypted database that stores our login ids and passwords for the websites we visit
- A component that will enter these stored ids and passwords on the websites we visit
- A user interface to allow us to view and possibly group our ids and passwords
1Password
I have been using 1Password for years so I’ll talk a bit about my experience, but then we’ll compare it with some alternatives.
One of the things I like most about 1password is that it works on my iPhone, my iPad, my iMac, and my Macbook air. Once I install the app and login, all of my information syncs. It also works with android and windows. It works in browser windows and in apps on my phone and tablet.
Storing passwords
You do not need to enter all of your passwords manually at once. Once you’ve installed the app and the browser extension, when you navigate to a website in your browser and enter the login id and password, 1password will pop-up a window that will ask you if you’d like to save that password.
All the info is prefilled. The username is what I typed into the yahoo login screen. Same for the password. The website is captured so that 1password knows to use this id and password whenever you visit that site.
1password uses a file and folder structure. el cabron is the name of my folder group. Personal is the name of the folder in that group. I also have folders for shared items (that I share with family), for credit cards, for bank accounts, and other groupings to keep my passwords organized.
That’s it
If the password for a site exists, it fills it, if it doesn’t, once you type it in, it stores it. And, when you change your password for the site, it will pop up a box that asks if you’d like to update the existing record in 1password.
Strong passwords
1password also helps create strong passwords. Going back to the yahoo login screen that preceded the pop-up above, 1 password prefilled the password with a strong suggested password
On any new or changed password, it will recommend a strong password for you so that you don’t have t think about it.
More info
Go to 1password.com for lots more info on the features and how they work. But if you’re not interested in all the features and just want to protect your internet security, it’s as simple as you’ve seen above.
Alternatives
I used the safari, firefox and chrome password managers for a while before going to 1password. These worked fine for me. They had fewer features than 1password and they were each limited in that they only work within the browser. Firefox passwords won’t fill in chrome, and none will fill passwords in phone or tablet apps. This is a big deal as we now have lots of passwords that are long and difficult to remember (and type). You don’t want to have to look them up and type them manually into another browser.
I have not tried paid alternatives, but I know there was a breach a while back where one was hacked. Read here. I’ve been happy with the security, features and support for 1password so I’ve stuck with it, but do some research.
Wrap-up
It’s important to have unique and strong passwords. A password manager can be a big help. Safari, chrome and firefox have browser password managers that do not extend to other browsers and apps but may be suitable if you stick with the same browser.
1password and other paid solutions are reasonably priced (I pay about $50 per year) and offer more robust features, as well as syncing across devices on all platforms.
Whatever you choose, it’s time to stop using 1234, and throw away your password spreadsheet and up your security game.