It's 2018, and the most commonly used password is still "123456." Close behind it are favourites like "qwerty," "abc123," and "password." With dozens of online accounts to remember login information for, it's tempting to use and reuse easy-to-remember passwords like these. But easy-to-remember is also easy-to-guess, and cybercriminals are counting on you to make a password they can easily crack.
Luckily, there's a simple solution that falls in between "use the same insecure password repeatedly" and "burn yourself out keeping track of a hundred passwords." That solution is a password manager.
What is a password manager?
A password manager is a tool that stores and retrieves all your passwords in an encrypted cyber vault. Your password manager can only be opened by your master password, which acts as the decryption key. Without the key, your other passwords remain encrypted and safe from hackers.
Most password managers use a zero-knowledge model, which means they do not know your master password and they do not store it anywhere. The only place your master password lives is in your memory.
Why should I use a password manager?
Many users suffer from password fatigue, the confusion and frustration people feel when they have to remember a multitude of unique passwords. Unfortunately, that's when the bad habits start: recycling the same password over and over, writing passwords down on sticky notes, and creating easy passwords that anyone can guess.
A password manager alleviates that fatigue. Once you have your password manager set up, you don't have to remember dozens of long passwords that are a complex mix of letters, numbers, and characters. You just have to remember one master password, and the rest of those secure passwords are at your fingertips.
How do I use a password manager?
Password managers can be accessed online through a web platform or on your mobile devices through an app. But however you use your password manager, keep these tips in mind:
- Never forget your master password. Because password managers don't store that information anywhere, a forgotten master password means you're locked out of your account and you can't access the passwords stored inside.
- Choose a strong and unique master password. Your password manager is only as strong as the master password you give it. A password like k9Z$2mq7R!c is almost impossible to guess, whereas Password123 would be cracked in seconds. Create a master password that's complex, and make sure it's not a password you've used for another account.
- Explore all options and tiers. Each password manager has its own perks and tiers of service. Some will sync across all your devices, others will notify you if any of your accounts have been involved in a data breach. Choose the features that work for you, but whatever password manager you decide on, make sure it uses a zero-knowledge model and AES-256 encryption.
- Take the time to strengthen your passwords. Setting up a password manager is a great opportunity to create a new set of strong and unique passwords for all your accounts. Take the time to retire old or reused passwords and create entirely new ones. Find more tips on creating secure passwords.
- Be patient. Using a password manager might take some adjusting. After all, it's an entirely new organization system. But once it's set up, your life will be simpler. All your passwords will be at your fingertips, and you can use the manager's password generator to create any new passwords you need.
Which password manager should I use?
The password manager you decide on will come down to personal preference. Cost, features, and security are all important factors to weigh, along with general useability.
To get you started, the Office of the Chief Information Security Officer (CISO) has investigated four top-rated password managers and created a comparison chart:
