Gain sanity by managing your passwords
This post is for those of you not yet using a password manager. There are a few things you can do to help mitigate future issues, like two-step or two-factor authentication, but the smartest place to start seems to be managing our passwords.
We are all constantly signing into and out of accounts. There are personal logins, business accounts, highly-sensitive stuff like bank accounts, or less-sensitive. Often times when helping people out, we get tripped up by having to remember account information — or having to reset a password because we just can’t. In the end, what I hear is that we can’t be bothered or a flippant “who would want to steal my Consumer Reports password?”
There are a few problems:
- Forgetting a password
- Loosing track of accounts
- Using the same password across accounts (often with the same user name)
- Using a poorly constructed password (e.g. password, 12345)
- Using a password after an account or service has been hacked or compromised
- Using passwords for an account you share with others
This post is for those of you not yet using a password manager. There are a few things you can do to help mitigate future issues, like two-step or two-factor authentication, but the smartest place to start seems to be managing our passwords.
(Worth pointing out, I use log-in and sign-in interchangeably. When I say “credentials”, I am referring to your user name and password, or whatever is required by a particular service to access said account.)
What is a Password Manager?
A password manager is an app, a single place, where you can store and access your account information. You may already have a password manager in the form of a notebook or an entry in the Notes app. A password manager is like that, but on steroids. Not only does it store this information, but it allows you to easily access the information where you need it. It also helps you create new passwords, so you don’t have to come up with one on your own.
Which password manager should I use?
I am a fan of 1Password, but there are several options out there.
Two places I recommend starting are The Wirecutter and The Sweet Setup. I highly recommend reading their articles on this topic. (At the time of this writing, The Wirecutter updated their review to place 1Password as a runner up — to competitor LastPass — noting excellent security, great for macOS and iOS users, but lacking some features for non-Apple systems.)
Passphrases. Not passwords.
While we’re at it, I also want to emphasize that a strong password is not a word. It is a string of characters that best attempts to make guessing or discovering your credentials — whichever technique they employ — as difficult as possible. This is where password managers are essential. Creating a unique string for each and every account you create is seemingly exhausting and how in the world are you to remember all those? The beauty is you don’t have to.
The Six Problems
In the beginning, I listed six problems. I want to go through each of these to give a little more context and try to show how a password manager addresses each of these.
1. Forgetting a password
Mostly, this is just an annoying experience we have all gone through — before password managers that is. Remembering passwords can be tricky, especially as sites have become more proactive over the last few years in requiring you to update them periodically. You may have even been told, while updating your password, that your new password “has been used before” and you have to come up with yet another. Password managers complete solve this by not only storing this information, but also helping you to generate a new one.
2. Loosing track of accounts
Ever gone to a shopping site and decide, “sure, I’ll create an account” as you purchase those boots only to find out that your email address already exists? Do you remember making an account at LLBean? Apparently you did. Similarly as before, password managers track not only the user names and passwords, but also the names and URLs of the accounts you have created. Get to a site like this and just launch your password manager to see your previous entries. (And if you find yourself having to hit the “forgot my password” button, now you can reset it using that password manager so you’ll never have to do it again.)
3. Using the same password across accounts (often with the same user name)
Yes, you do this. It’s convenient, right? You read this and said *I already have one password*. And you use it *everywhere*, right? Now, you might not care about how secure your Yahoo! account is, it’s not like they have your credit card information or anything. But let’s look at what happens. [Yahoo! gets hacked]. (They were, in fact, in 2013 and 2014, but you didn’t find out until 2016.) Someone has your account information and not only do they use it to gain access to your account with Yahoo! they try it out on many other commonly used sites because, like you, so many of us use a single password across multiple services. Now, they have access to something you really care about. A password manager can generate unique passwords so you don’t have to come up with those passwords on your own. It will also tell you how old your password is, indicating when you might consider updating your credentials.
4. Using a poorly constructed password (e.g. password, 12345)
Not only do you need a password you can remember, you need one you can enter quickly. You’ve heard that password length is tied to how secure a password is, but you don’t have time to enter some 32-character password each time. Not only with a password manager generate these lengthier, more secure passwords, but through app integrations from the likes of 1Password, all you need to do is authenticate with 1Password and — poof! — your user name and password fills in automatically.
5. Using a password after an account or service has been hacked or compromised
You aren’t nerdy enough to be reading the internet waiting for hacker news. You might not even be reading the newspaper. That’s okay. Password managers have some features to help alert you to certain types of web security issues. 1Password launched Watch Tower to help with certain types of attacks. You can also do your best to update your passwords on a routine, annual basis. The password manager can show you passwords that are more than 1 year or 3 years old. You know, so when you set your clocks back and replace the batteries in your smoke detectors, just go in and update the passwords to some of your most used, most sensitive accounts.
6. Using passwords for an account you share with others
You don’t live alone. Or maybe you do? You share an account with a family member, then. However it happens, you may find that you share an account with someone else on a regular basis. Your spouse and your kid uses your Amazon account. Your kids and your sister use your Netflix account. What happens when you need to update your password? In a dark turn, what happens if a love one in your household passes away? How do you get to their accounts? Password managers can assist here, too. You have your own private vault, but with a family account you can create shared password vaults (like folders for your passwords) so if one of you has to update account information, you can do so without upsetting the other the next time they try to log-in and can’t. 1Password even allows you to upload secure documents, like a digital safety deposit box. (My Dad’s will is saved in mine.)