The value of password managers

I firmly believe in the value of password managers. Using a password manger is one of the most important things I can recommend that you do for your personal security. Password Managers also have immense value in a corporate context. In this article, I am going to deep dive into why you need to be using a password manager and what some of the lesser-known benefits of using one are.?

The problem?

It's time for some harsh truths. There are 2 main problems that a password manger aims to solve:?

1.????? You reuse the same passwords everywhere.?

2.????? The passwords you pick are not as secure as you think?

You may want to argue with me on these points.??

If you disagree with me on point 1 and claim that you have a 100% unique password on every single account that you use then you must have a prodigious memory. Variations of the same password don't count. E.g. MyCatsName_Email and MyCatsName_Bank do not count as unique passwords; they are variations on the same base password that are easy to guess once someone figures out your base password.?

So why is using the same password (or a variation on the same password) a bad idea? Think of it like sharing a secret. The more people you share a secret with, the less likely it is that secret will remain a secret. If you have 100 accounts across various services, it's only a matter of time until one of those services is hacked and someone steals the usernames and passwords of all users for that service. When a hacker breaks into a website and steals all of the usernames and passwords, they don't just say "well, jobs done. Nothing more I can do with all this data.". The hacker knows that people reuse passwords so is going to try that username and password everywhere they can think of (this is known as credential stuffing).?

If you disagree with me on point 2, go to https://bitwarden.com/password-strength/ and type in one of your passwords. Using my example password above I get:

Some of these passwords seem strong on their own but these estimates can’t be completely relied on. An attacker who is motivated to guess your password will be using much more powerful computers that can guess faster and will likely use more than one computer at a time, so the real amount of time to guess this passwords is probably much lower. This also assumes that your password doesn't show up in a data breach and needs to be guessed.?

How do password managers solve these problems??

I like to think of password managers as putting all of your eggs in one basket...but in a good way. If you use the same password everywhere it's like sharing your password with everyone at a party. It's not long before everyone at the party is responsible for keeping your secret and eventually someone is going to get drunk and let your password slip to the shady guy in the corner that no one likes. Using a password manager is like sharing all of your passwords with a monk who lives alone on a mountaintop and hasn't spoken to another person for the last 50 years. The monk is clearly the secure option.?

Now that I’m done mixing metaphors let's talk about what makes a password manager a secure option and what some of the benefits of password managers are. I am going to be using examples from 1password in this article as it's the password manager I use, but the features and benefits I talk about here should be available in any good password manager.?

Password generator?

The most secure password is one that is so long and complex you can't even remember it. This is one of the primary functions of a password manager. A password manager has the ability to generate a random and unique password for you to use for all of your accounts. This solves both problems 1 and 2 that I outlined above. Generating random passwords means that you are guaranteeing that every password you use is unique and the random passwords generated are going to be sufficiently complex as to not be able to be guessed by a computer in a reasonable amount of time.?

As an example below, I have generated a password using 1password and typed that password into https://bitwarden.com/password-strength/

No one is going to guess that password anytime soon.?

A good password manager will have a password generator that lets you customise the options for how a password is generated. For example, 1password lets you generate a password that is a random string of characters - like the screenshot above, a password that is a grouping of memorable words that are easy to type or a pin. Each of these types of passwords allow you to further customize the requirements to meet the password requirements of a service. For example, if a website only lets you use a password that is a maximum of 32 characters and must have a symbol and a number in it, you can set the password generator options to meet these requirements.?

All these features make it very easy to generate unique and strong passwords for each service you use.?

Autofill?

A good password manager should give you the ability to automatically fill in login forms on websites or apps. The means that anytime you need to log into a website, instead of having to manually type your username and password or copy and paste your username and password, the password manager can automatically detect what website you are on and fill in the correct password for you. This is a relief when you have a 100-character password.?

Autofill is also a lifesaver when you are working against a clock. Anyone who has ever had the stress of trying to buy concert ticket from Ticketek will know that you have a 5 minute timer to purchase your tickets. Autofill means you don’t need to manually type in your username and password when checking out, saving you precious seconds.

Weak/Compromised password notification?

Your password manager can automatically tell you if a password you are using is weak or compromised. Most of the good password managers will keep a database of passwords that are known to be commonly used or that have appeared in data breaches and will notify you if a password you are using fits either of those categories so you can change that password before bad things happen.?

Encryption?

A good password manager will encrypt your password database so that no one can access your passwords except you. Using 1password as an example, your password database is encrypted when you first set it up using a key that only you have access to. This means that even 1password can't see the data you are storing in your password database. This is great for 2 reasons. Firstly, it means that you don't need to worry about someone at 1password (or whatever company you use) going rogue and stealing all of your passwords. Secondly, it means that if someone manages to hack 1password and steal your password database, the hacker will not be able to access your password database so all of your passwords remain safe.?

Secure sharing?

There are some passwords that you may want to share with people you trust. For example, if you have a Netflix account that is used by your whole family, you will likely want to share that password with your family members. Password manager creators have made the process of sharing these passwords simple.

Good password managers have a family sharing feature that allows you to share passwords you specify with other members of your household. They also allow you to temporarily share passwords with those not in your family with limited access links. That is, you can share a link with someone and they can access the password you are sharing for a limited time once they verify themselves.

Many more?

Password managers have many other great features that I'm not going to dive into here. If you start using a password manager, you will discover many other ways that they make your life easier and more secure day to day.?

Summary

People are bad at picking strong passwords. With the number of accounts every one of us has in the modern world, it’s impossible to have a strong, unique password for every account without a tool to help you manage those passwords.

Password managers help you manage your personal security by allowing you to have strong, unique passwords for all of your accounts. Password managers make it easy to retrieve, use and change your passwords when you need to.

A good password manager is an almost essential tool for uplifting your account security.?

?