Use a Password Manager!

In the last few weeks, I've given some cheap advice about how to develop strong, memorable passwords.  Using either the "Diceware" or the "Long Sentence" method is a fool-proof way of designing unhackable passwords. But what happens when you have a dozen passwords?   Let's do a rough sketch here:

social networking sites:     5  passwords

banks:                                2

utilities and similar:            4                      

credit cards:                       3

medical:                             2

insurance:                          2  

total???                            18  passwords

Get the picture?  There are 18 passwords.  I think that is conservative for the average business or household.  Who has the time and mental capacity to memorize 18 passwords?  Not me!  That's why I use a password manager.  The password manager I use is called 1Password.  It is made by a company called Agilebits.  

This is not intended to be a product endorsement, but I will tell you that 1Password is the only one I've ever used.  I love it, but I have nothing to compare it to.  I understand that it is highly regarded by product reviewers, and I bought the jacked-up app after enjoying a free version.  1Password works perfectly well for me at home and at work.  It works for both Apple and Windows products.  1Password can be downloaded from the iTunes Store.  

Why Use a Password Manager?

The short story is this: a password manager stores all your passwords in one place.  It's like having a vault inside your computer, and the vault is stocked with your passwords.  With a password manager all you need to remember is a single password--the one that opens the vault.  Once inside the vault you have access to your entire roster of passwords.    

The advantages are overwhelming.  First of all, many password managers are free or downloaded at a marginal cost.  As with many apps today there is the free version and the jacked-up version that costs forty or fifty bucks. From a risk management perspective the choice is clear.  A password manager is cheap insurance!

But the huge advantage is this:  now you can create long passwords and store them by the dozens.  Once you begin using a password manager there is no excuse for using inferior passwords!  You can store long, strong passwords and forget them!  Clear your head and memory for more important things!  Someone could hold a gun to my head, and I couldn't tell you the password to my bank account.  It must be 25 characters long!  This is true for all my passwords.   

Here's more great news!  Now you and your employees will not have your passwords written on sticky notes on your desk.  I've known people to cleverly conceal passwords underneath their keyboards!  How sly is that?!  I recommend password managers for office use for the added security these products provide your business.  Again--how much does a single hack cost your company, customers, reputation and bank account?  

Not all password managers are the same.  Some store your passwords within the device you are using--your phone or laptop, for example. Others store your passwords in the cloud.  

Device-Based Password Managers

The value of "device-based" password managers is that they store your passwords on the device you are using.  This might be your laptop or smartphone.  For a hacker to break into your password manager they would have to hack into your device and then hack into the password manager vault.  This is not an easy task if you are securing your information correctly. 
Many of these password managers have syncing capabilities that allow you to update passwords between devices seamlessly.  

Cloud-Based Password Managers

Cloud-based password managers store your passwords in the cloud.  This provides benefits and convenience that device-based managers may not.  However, you have to trust that the company securing your password is doing it's part to safely store that information.  You have to take their word for it.  They probably are, but that's something to read detailed reviews about.  If you don't understand or don't care about details like this, don't fret.  Just use a password manager and enjoy the benefits.  You're better off having any reputable password manager than none at all.  

Hackers are not nice people.  They break into computer systems to steal things, and they are relentless.  No single system is immune to hacking, really.  Even password managers have weaknesses that can be exploited.  If those issues interest you there are plenty of articles and blogs on the internet that discuss these things.  However, using a password manager and storing long, random passwords will go a long way to thwarting hackers.  

Conclusion

In years to come passwords will be a thing of the past.  We probably won't be using passwords in 10 years, but, in the meantime, you need to secure your personal and professional information with strong, memorable passwords.  The beauty of a password manager is the combination of security and convenience you enjoy.  (My Diceware article mentions that security and convenience are always at odds.)   No longer do you have to hide passwords on sticky notes or spreadsheets.  Your passwords can be insanely long and random.  

Many password managers have added features like being able to store credit card information, banking information, drivers license and insurance data.  Photos of legal and insurance documents can be stored on these managers.  It's all a great way to keep your private information handy and secure.  

As I said in my first blog about Diceware.com, I am a 007 fan.  I love discussions about espionage and encryption, and we live in a world where knowing this stuff falls into the "best practices for business" category.  Plus, for me, it's just plain fun!       MB