It seems like every other day there is a new social website or service that you have to sign up for and start a new account. While this can be great, it is hard to keep track of all your different passwords.
The simple solution for this problem is to just have one password for everything. However, this leads to an incredibly large security risk. It’s unreasonable to expect any person to remember complex passwords, so the best solution is to get a password manager.
Password Strength: What is a Password Manager?
Password managers are services that allow you to securely save all your passwords and keep them safe using one master password. While having a master password may seem like it defeats the purpose of having multiple passwords, think about it this way: if your Facebook account gets hacked and you have one password for everything, you will have to change your password for everything.
However, if your Facebook password is compromised and you have a different password for all of your other sites, you just have to change that one password. It’s easy to change your master password frequently to keep it safe rather than changing all of your passwords on a regular basis.
Before discussing too much about password managers, it’s important to mention the basics of password security. As computers improve and get more powerful, so does the ability for people to use them to crack your password. This means that having a strong and secure password is more important than ever. The general rule of thumb is to have a password that is 9 characters or more at least in length and include an uppercase letter, a number and a symbol.
In addition to that, I also suggest that you don’t use any words that could easily be found in the dictionary. I suggest this because many computerized “brute force” attacks will simply have a dictionary of common words and common tricks with words (capitalizing proper nouns and replacing ‘e’ with ’3′ for example) and just cycle through them until they get the right one.
Choosing Your Password Manager
Picking which service you would like to use can be tricky as there are a lot of options out there. There are many free as well as paid services so do your research carefully before deciding which one you want to use. Check which platforms the software is available on and make sure it works with what you use. If you only use Apple products, make sure there is an OS X and iOS app available. If you’re like me, and find yourself using multiple platforms within a day, make sure you use a service that is available on multiple platforms.
There are different types of clients out there, primarily being online and local. An online client lives mostly in the browser, where you store your passwords online. With an online service you’ll have access to your passwords no matter where you are. The biggest downside is that you are completely reliant on the company, and if they go out of business, you are out of luck. If you choose an online service, I highly recommend that you make an offline backup of your passwords periodically and keep them in a safe place.
Alternatively a local client will keep all of your passwords saved on your own machine, but you are stuck with using only the clients that the company produces, making your passwords less accessible. Even if the company goes away, you will still have the application and will be able to get your passwords out. In most cases, I prefer using a local client as it gives you more control over your passwords and a bit more flexibility.
An Online Client
There are plenty of great online services out there but there are some that really stand out. One of these in particular is LastPass. They have plugins for all of the major browsers out there. Best of all, for the standard service, it is free. For most people, the free version will be all you need since it is web based. If you want access to the mobile apps as well as some other features, you may want to consider the $1/month fee.
A Local Client
Another great service that I have tried out is 1Password. For a long time, 1Password was Mac only, but they now have clients for Windows as well (sorry, no Linux support). The interface is clear and easy to use, and like LastPass, has mobile versions. 1Password isn’t a subscription service, but you do have to pay per client and app, with prices that vary depending on the platform and number of users.
My current favorite is an application called Wallet. Unfortunately, it’s Mac only, but I’m hoping it gets ported to the web.
The iOS app is so good, it means that I can carry around all of my passwords in my pocket, pull it out, type in my excessively long master password and get my password when I need to use a service away from my own computer. It syncs with the desktop version easily using either MobileMe or Dropbox, so you never need to worry about not having access to your passwords.
Take some time to research before signing up for a password manager. This is going to hold all of your passwords to some very important information, so it’s good to make sure that you are going with a company that you trust, and that will be around for some time to come.
Don’t rely on your password manager too much. Make sure you can remember the passwords for crucial services like your email accounts and online banking. While a password manager can greatly increase your online security and help organize your online accounts, like any technology, you should never rely on it completely.