Why everyone should use a password manager

In this article, we will discuss an essential tool in our quest for online privacy: the password manager.

NO. A password manager is not reserved for a special category of geeks, IT gurus or similar outcasts. It is designed to be used by everyone and it should be used by everyone. And here is why.

Disclaimer: the password manager that I will cover the most in this article is LastPass. There are other solid password manager solutions in the market and this article is nothing close to a promotion of one particular tool. LastPass is just the password manager that I use personally.

This tool has weirdly transformed my whole vision of online privacy by simply using it. It is extremely rare to find a piece of software that basically educates you as you use it, but it was my case with LastPass.

If you are not yet convinced about the importance of a password manager, let's do a small experiment.

Visit the site: https://haveibeenpwned.com/, input your email address and look at the results.

Have you been pwned? What does that mean?

The website haveibeenpwned.com offers Internet users to verify whether their personal data has been exposed to security breaches.

Security breaches happen every day on the Internet. Cyber-criminals are constantly attacking online services in an attempt to infiltrate and steal user data. They are not only looking for credit card number as people commonly think. They are also looking for any data that may be related to your personal life such as health records, bank account details, tax ID, passport scan. Everything can be sold on the Internet.

If you have used the same email address for years, you have certainly been “pwned” and haveibeenpwned.com will give you a frightening list of databases that contain your email address.

I have been pwned, what should I do?

The very first thing to do would be to look up the date of the breach and if you haven’t changed your password since, to go to this specific website and manually change your password.

But it is too late!

Your password has been exposed! This means that hackers are already trying to login to other websites or services leveraging the very same password.

Hopefully, you are a very careful person and you don’t use the same password everywhere.

Do you?

Do you remember every single site where you left the very same password?

If you do use consistently the same password across multiple websites, how could you deal with this data breach?

How many passwords do you need to reset to be on the safe side?

The answer is: too many.

Tomorrow, a new data breach will pop-up and you will have to change all your passwords again. This is endless.

Here comes the password manager

I have tried many password manager tools in the past: Dashlane, Roboform, KeePass… UI for a password manager is quite tricky as a good piece of software will have to pop up at the right time on your browser or application to suggest a password. That is definitely something complex to achieve. A good password manager shall be smart enough to know when and where to step in.

When you first create your password manager account, you will have to create a master password. The master password is the key that encrypts your password database. Be careful it is absolutely impossible to recover this password. So make sure you remember it.

A few best practices when it comes to password management:

The post-it on the screen

Do you know Larry from accounting?

Yes, you know him, that is this guy that sticks his password on the computer screen.

But is it really a bad idea? Is Larry actually the smartest guy in the room?

If you are in an office environment, it is probably not a good idea to let your password on display.

But in the comfort of your home, there is a limited risk that anyone would steal a password from your desk drawer.

It could happen, yes.

But between having a complex password stored on a piece of paper in your desk drawer or having a dummy password on the top of your head, I would definitely choose the post-it.

Why?

What is the probability that someone break into your home?

What is the probability that this person would be interested in this password more than in your jewelry?

On the other hand, what is the probability that someone try to break into your online account? I can tell you it has already happened ten times since you start reading this article. Hackers are brute-forcing accounts on the Internet ALL THE TIME.

My personal tips for a great password

If you are an English native, no luck. Cyber-criminals usually leverage password dictionaries which are basically databases of the most popular passwords. Therefore, your password should not be a word that you can find in a dictionary. And forget as well leet speak too common these days.

Password databases usually list popular keywords and all their deviations.

Example: Hello, He11o, Hello123, Hello2019

The best way to choose a password is to go for a language which is not widely spoken over the world. It is even better if it is not your own language. An experienced hacker will first find out your native language before attacking your account with the relevant dictionary.

Better than a minor language, pick a word in a minor language which does not use the Latin alphabet.

Why? Because these words once written down in the Latin alphabet are usually subject to variation of spelling that make the use of a dictionary nearly impossible.

Finally decorate your words with capital letters, special characters and one or two numbers and you should get a very strong password!

The Vault

Coming back to your password manager, you have now created your account and LastPass or Dashlane -whatever you are using- will now suck up all your existing passwords from your browser and applications.

All your passwords will be stored in a vault. This vault before it goes to the server using 256-bit AES encryption. Since the vault is already encrypted before it leaves your computer and reaches the server, not even the password manager company can have access to your sensitive data!

Then, get ready for an instant upgrade of your online privacy hygiene.

LastPass Security Challenge

LastPass has a very cool feature called Security Challenge. This feature audits all your passwords and flag the weaknesses. Dashlane has an equivalent feature called Password Health.

The security challenge or password health gives you your security score. If you use a password manager for the first time, I bet it is terrible.

This assessment is performed by analyzing your password database and spot:

• Old passwords
• Duplicate passwords
• Well-known security breaches
• Weak passwords

When you look at the list, it can be overwhelming but don’t give up.

Think about it, it is always better to update it once than to do this change blindly at every data breach.

So take one step at a time, set a reasonable target of five passwords updated per day and you will soon see the end of your misery. Forever.

Conclusion

If you wish to protect your online privacy, you need to look seriously at the complexity and diversity of your passwords. It is stupid to have a dumb password but it is not a smart idea either to have a very complex password spread all over the Internet.

Like me once, you may not yet see the importance of having a strong password manager but give it a try, run LastPass security challenge and unveil the risks you are currently running online.

A password manager will not prevent one of your passwords from being stolen by cyber-criminals. But if you go through a security challenge and continue to use a password manager on a regular basis, you will reduce the risk of having the same password spread across multiple platforms. Mitigating the breach will therefore be easy and straightforward. In a nutshell, a password manager gives you confidence and peace of mind. You are one step further in your quest for a complete online privacy.