I have a confession to make. I’ve never used a password manager. This should be shocking to you, since I work for an IT company whose job is to make sure our clients are following best practices. Securing your private information is our top concern, but personally, I’ve been a long-time hold out. I don’t even know why. I guess I’m afraid that LastPass or Bitwarden will get hacked at some point. I think my little scraps of paper with passwords jotted on them must be safer, right? That password I buried in an obscure email folder must be safe behind our many levels of network security, right? The password manager built into my web browser works great and required no effort on my part. Excuses, excuses.
So, I’ve decided to investigate this and take the plunge for you. I did my research to learn why all my IT friends and colleagues told me I should trust a password manager. Here’s what happened.
First, I needed to understand exactly what password managers do. A dedicated password manager stores your passwords in an encrypted form. They also help you generate secure, random passwords that you don’t have to remember. They offer a powerful interface, allowing you to easily access your passwords across all your different computers, smartphones, and tablets. A password manager will automatically fill in your passwords in your browser and mobile apps a lot like web browsers do if not better.
Second, I needed to know why my passwords are at risk. If you use the same passwords over and over (you know you do this), a breach on one website means that your email and password are out there. Attackers will try to use that information to log into other sites. The solution to this is to use strong, unique passwords everywhere. But who can remember all that? Not me. A password manager remembers it for you. You only have to remember your one master password that unlocks your vault.
Third, I needed to know why my web browser’s password manager isn’t good enough. Web browsers have been able to remember usernames and passwords for years and they are finally getting more sophisticated. However, experts still recommend skipping them and using a dedicated manager. Third-party password managers are cross-platform and cross-browser. If you use Google Chrome on your laptop and Safari on your iPhone, apps like LastPass will work with both. If you rely on your browser’s password manager, anyone who can access your web browser will have access to all your goodies. Even if it’s just your kid or your husband, do you really want a bunch of Pokémon cards or a subscription to the beer of the month club charged to your Amazon account?
Turns out there are other benefits, too. Password managers let you store more than just passwords. You can create notes containing text such as building codes and Wi-Fi passphrases. You can add file attachments to your vault, which is a good place to store tax documents or scanned copies of your passport and driver’s license.
Password managers can even help against phishing because they fill account information into websites based on their web address (URL). If you think you’re on your bank’s website and your password manager doesn’t automatically fill your login information, it’s possible that you’re on a phishing website with a different URL. That’s a big red flag!
Are you still thinking it will be painful to switch? You can switch to a password manager and it will import all your usernames and passwords from your web browser’s built-in manager.
But is it truly safer? A password manager stores your passwords in a secure vault, which you can unlock with a single master password. You can also choose an added two-factor authentication method for extra security. The most highly recommended password managers, such as LastPass and 1Password, use strong encryption when storing data in the cloud or on your devices. On your smartphone, you can also unlock your vault with biometric authentication like Face ID or Touch ID. These companies say that the master password never leaves your device, and they couldn’t access your passwords if they wanted to. They have “zero knowledge” of your passwords. They’ve undergone third-party audits and code reviews. Neither of these companies has suffered a serious breach and both are up-front and transparent about how they protect your data.
So, what happened when I enrolled? I chose LastPass. I installed the app on my phone. I created a master passphrase that would be easy for me to remember. Then it prompted me to add at least one password. From my work PC, I went to the LastPass website and signed in. It had stored the password I entered on my phone. Yay, one small success! It wasn’t quite as easy as I had hoped. I thought it would automatically import all the passwords stored in the Chrome password manager, but it did not. I searched through LastPass Help and figured it out easily. It is going to take some time to completely transfer all my usernames and passwords from the many websites I use, but I do believe it’s worth the effort.
Now I feel accomplished! I learned a few new things and overcame my fear and hesitation. It’s good to learn new things, especially when it comes to technology. It’s an ever-changing world we need to embrace. I also know that if I have questions or run into any issues, I have my team of trusted IT professionals who can guide me.