In having to juggle many different accounts across the internet, many of us simply pick one password to remember and reuse everywhere. However, this is the least secure way to go about things – which is where password managers come in to help.
Most websites you visit nowadays require you to create an account to access all their features. It would be cumbersome and unrealistic to remember a new password for every account, especially one complex enough to be secure. The common strategy of reusing a password across the web does mean you only need to remember one complex phrase. But this ultimately reduces security across all your accounts, as the details of just one account being leaked will compromise all your accounts linked to the same email.
Password managers securely store your passwords and will insert your account details into web forms for you. This keeps you safe from keylogging malware, which learns your passwords by harvesting your keyboard inputs. Most managers also encrypt your password before it leaves your device, meaning even the service provider (and any potential server hackers) cannot access your passwords.
These services also come with password generators, which will create strong, unique keys for each account. Since a human doesn’t need to remember them, they can be as complex as needed. All you need to remember is the master password, which is also linked to some kind of multi-factor authentication, such as SMS or biometrics.
Password managers come in three types: browser, cloud, and desktop. Many of us already use in-built browser password managers, when we let a web browser such as Google Chrome or Microsoft Edge remember our details for a site, and auto-fill them when we want to log in.
Some browsers also come with password generators, which will create a strong key when you open an account, which it remembers and will insert for you in the future. However, most people do not use this feature and end up getting the browser to pointlessly fill in the same password (or a slight variation) everywhere.
When utilised well, browser-based password managers can be powerful free tools. That said, some do not even come with password generators, and using one will mean you have to use the same browser, at all times, across all devices. They also won’t be able to fill in details for anything that doesn’t happen right in your browser.
Cloud-based managers, such as Zoho Vault and LastPass, allow you to access your passwords from any number of browsers or devices. These services will often also come with features, such as scanning leak registries to check if any of your accounts have been exposed, or allowing for secure password sharing. But keep in mind that you will need an internet connection whenever you want to access your details.
Desktop-based managers, such as Bitwarden and KeePass, are installed on your device itself. This means you don’t need an internet connection and also makes it one of the most secure approaches. However, this means you won’t have access to your vault from multiple devices and you will likely have to take care of backups yourself, lest your laptop die and take all your passwords with it.
For those on a budget, many paid password managers offer a free version of the service. These will have the same base level of security, but lack any extra features – such as multiple device support and biometrics. Assuming you use the same browser on your mobile device and PC, browser managers are likely the best free option.
Password managers do have their own security risks. All your sensitive information is stored in one place, which could be compromised by someone stealing (or you forgetting) your master password. However, these concerns are easily addressed with biometrics or two-factor authentication, and are far outweighed by the security benefits of using a password manager to create unique and complex keys for your accounts.
IOL Business