Do you need a password manager?
Passwords can be a real dilemma. The balance between convenience and security with passwords is real. You have an account with most websites you visit regularly, which easily adds up to dozens of accounts – or more. These accounts are either a pain to get into because you have unique passwords for each login or much less secure because you are essentially reusing the same three or four passwords. Yet strong, unique passwords on each account are nearly impossible without password manager tools. We simply can’t remember them all and having them written down somewhere negates the purpose.
What are the advantages of password managers?
Password managers securely store all of your passwords in one place and allow you to have strong, unique passwords for each account. It is no longer a case of ‘if’ a password leak happens, but when and which website will be hit next. By having unique passwords for each account, the damage attackers can do when the inevitable password leak happens is limited.
Most password mangers can generate complex passwords for you. Generally, websites hash passwords to store them, but some hashes can be cracked so password complexity matters. The longer and more complex a password is, the harder it is to crack.
Your passwords are encrypted. While all password managers secure your passwords somewhat differently, they are usually either encrypted in secure databases in the cloud or stored locally in an encrypted file on your computer.
Some are cross-platform, so password managers like Dashlane and LastPass will work on both your computer’s browser and your phone.
What are the disadvantages?
Password managers’ biggest advantage, that you will only have to remember one master password, is also its biggest weakness. If your master password becomes compromised, then attackers could gain access to all of your accounts. Since password managers have the keys to many users’ digital kingdoms, they are an obvious and valuable target to cyber attackers. Unfortunately, password managers are not invulnerable. LastPass, one of the most popular and well-respected password managers, has had two security breaches in four years and some security flaws have come to light. However, while some users’ information was compromised, none of the major password managers have had a hack that exposed users’ password vaults.
“Sometimes, it’s better to put all your eggs in the same basket if that basket is more secure than the one you would be able to build on your own,” said Emmanuel Schalit, CEO of Dashlane.
Don’t just protect your passwords with the single master password as that can create a single failure point. Enable two-factor authentication and, if possible, have the password manager log you out after a period of inactivity. And considering the plethora of bad passwords out there, it has to be said: your master password should be long, strong, and complex.
If you’re still worried about putting all of your eggs in one basket, even if it is secure, consider a hybrid approach. Keep the most important passwords, like online banking, your main email, and other sensitive websites out of the basket and with strong, unique passwords for each. Use the password manager for inconsequential or lower risk accounts.