How do you feel whenever you hear yet another news report about a data breach, theft, or hack that exposes millions of passwords? If your honest answer includes words like anxious, nervous, worried, or helpless, you have a potentially serious problem on your hands. You also have a problem if you have a password like
password1
or
baseball
, if you use the same password (or just a few passwords) everywhere, or if you keep passwords written on a sticky note on your monitor. And by “problem” I mean you risk losing time, data, money, your reputation, and possibly much more.
I think we can all agree that passwords are a major pain. Despite the breathless stories I read every so often about how some major tech company plans to somehow “kill the password,” the world’s security geniuses have yet to come up with a better scheme that’s safe, easy, and universal. Passwords—with all their problems—are going to be with us for a long, long time. You can’t change that, but you can change the way you interact with passwords, making it all but painless, thanks to a type of app called a password manager.
Let an App Do All the Hard Work
Imagine you’ve just signed up for an account with some website, and it asks you to create a password. If you reuse a password you’ve already used on other sites, you increase your risk dramatically, because if any one of those sites has a data breach and your password gets out, the attacker can then log in to your account at each of the other sites too. If you choose a simple, easy-to-remember password, it’s also going to be easy for a hacker to guess. You could pick a long, random, and unique password that would solve those two problems, but then you’d have to remember it—and laboriously retype it—every time you visit that site. Yuck.
Well, a password manager is an app that does all that for you. Whenever you need a new password, the app will create one for you. It’ll remember that password (along with your username and the URL of the site it goes with), sync it with your other devices, and fill it in for you automatically whenever you need it. Whether you have a dozen passwords or a thousand, it’s all the same to your password manager, and you have to remember just one, extra-good password to unlock your password manager itself. Unlock it once, and every login form on every site where you have an account just disappears with a click or a keystroke. It’s a thing of beauty.
I have more than 1,000 unique passwords, but because I’ve been using a password manager for well over a decade—and I always have the app create long, random passwords for me–I honestly have no idea what any but a handful of my passwords are. But I never worry about my passwords, either. I know they’re all quite strong, and I can access them from any device I may be using (my smartphone, tablet, computer, or smartwatch—or a browser on a device that’s not my own). If a site where I have an account is hacked and the passwords leak, I can change just that one password and get on with my life, not worrying that other accounts may be at risk.
Choosing a Password Manager
Everyone who uses a computing device or accesses the internet ought to use a password manager. There are lots to choose from, and I always recommend finding one that runs on the platforms you use, that fits your budget, and that you feel comfortable with. Although they’re not all created equal, using any password manager is way better than using none.
But, of course, I do have opinions—indeed, rather well-informed opinions, if I do say so myself, coming as they do from many hours of research and testing. In my Wirecutter article The Best Password Managers, I recommend LastPass as a good choice for most people. It’s a solid app, but most importantly, it’s free, so the barrier to entry is as low as it can be. However, that’s not what I use myself. My upgrade pick, particularly for people who use Apple devices, is 1Password. It’s fancier, more secure, and more flexible than LastPass—though not free. Other fine choices include Dashlane, Keeper, and RoboForm—and there are plenty of others, too.
The Rest of the Story
I must, however, temper my enthusiasm by pointing out that even the best password manager can’t, by itself, address all your password needs. There will be situations, for example, in which you’ll need to enter a password without the aid of an app. Almost everyone will have to memorize at least a few passwords, and figuring out how to make them both strong and memorable takes some explanation. There are also a bunch of related topics you should be aware of, such as two-factor authentication, security questions, and password reset procedures that can either save the day or make matters much worse, depending on how you use them.
So, I wrote a book that covers all of the above, called Take Control of Your Passwords. It explains in easy-to-understand language how passwords work, what makes a password stronger or weaker, what you should (and shouldn’t) worry about when it comes to passwords, and how to develop a complete password strategy, in which a password manager will play a major role. (There’s even an appendix that spells out the math of how to compute a password’s strength, for those who are into that sort of thing.) If you feel like passwords are out of control, I think you’ll find my book helpful and reassuring.
And, if you happen to choose 1Password as your password manager, I have another book for you: Take Control of 1Password. This book walks you through the whole process of using it, step by step, and also reveals plenty of tips, tricks, and power-user features. If you want to squeeze every ounce of value out of 1Password, this book is for you.
Both books come in three popular digital formats: PDF, EPUB (great for iBooks), and Mobipocket (for Kindle devices).
