Do You Need a Password Manager?

According to a recent Dashlane blog post, the average American has 130 online accounts—each of which needs a unique, strong password to be safe. You could write these passwords down or store them in one file, but then you’d only be creating a “key of all keys.” Imagine the damage that could be done if the wrong person had the master key to your sensitive information.

So, what should you do if you can’t remember 130 different passwords? You just might need a password manager, a solution that is actually much simpler than you probably imagine.

Password managers are programs that store all of your credentials in a single, secure place, most often in a cloud. They’re available as browser extensions and desktop and smart device apps, and they’re an easy way to protect your online activity.

It’s important to reiterate that password managers are, by nature, secure. By taking advantage of multifactor authentication (as detailed below), you can be sure that, even if an attacker nabs your master password, the chances of him or her accessing your information are slim to none.

Of course, password management service providers themselves can be breached. But with encryption and password auto-change features, the risk is incredibly low. (In a sense, the company that developed the password manager doesn’t even know your passwords!)

Let’s take a look at some of the ways a password manager can make your life easier and safer.

Once you download a password manager, it will import all of your browser-stored usernames and passwords into its database (or “vault”). Going forward, your password manager will log any new accounts you create.

Also known as two-step verification, this is one of the best strategies for keeping your information secure—and it’s essential to implement when using a password manager. Modern password managers offer a range of multifactor authentication options, including text messaging, e-mailing, fingerprinting, or a USB drive. You can also set up a backup measure—such as sending a PIN to another trusted phone—in case you lose access to your second form of verification.

Every time you register a new online account or forget your credentials, you’re tasked with inventing a brand-new password—not easy to do on the fly. Most password managers offer a simple password generator that can create a password of any length from a combination of any character types you want (i.e., uppercase letters, lowercase letters, numbers, special characters). You can even choose to create a password that can be pronounced verbally like a real word—that way, it will be easier to remember, but still nonsensical enough so that attackers can’t guess it.

Some password managers have special privileges with certain platforms, such as Facebook or Google, that bypass the traditional password-resetting process. You can change your password in just one click, like in the screenshot below.

When used as a browser extension, password managers detect fields and autofill your credentials. No need to check your vault—or even type a single character.

Sometimes you need to access your accounts from computers that aren’t yours or from networks that might not be safe. Cyber criminals are known to install keyloggers—software that tracks your keystrokes—on machines or over public Wi-Fi. To combat this, many password managers provide an on-screen virtual keyboard when entering your master password. You can click each letter, so your keystrokes can’t be monitored.

Although password managers are straightforward to use, trying something for the first time isn’t always smooth-sailing. To make the process as easy as possible, consider taking the following steps:

1. Research your options. Reviews and comparisons of password managers are widely available online. LastPass, Dashlane, RoboForm, and 1Password are some of the more popular choices.
2. Sign up for a free trial. Most password managers offer free versions for a certain number of days, usually limited to one or two devices. Premium versions can cost as little as $1 per month, but it still pays to try before you buy.
3. Set aside time. You’ll need an hour or so to get accustomed to the password manager and set up everything correctly. For example, you wouldn’t want to download one and begin using it without multifactor authentication enabled.
4. Start slow. Use a password generator for only a couple of accounts at first—say, an e-mail account and a social media account. That way, you get the feel of using a password manager every day, and it’s pain-free to undo the changes if you decide it isn’t for you.

Whatever password manager you choose, remember that they are powerful tools, but they’re effective only when used wisely: strong master password + multifactor authentication.

How do you keep track of your passwords? Have you had success with a specific password manager? Please share your thoughts with us below.