Passwords form the first line of cybersecurity in most situations, and most users know to make their passwords unique, long, and a mixture of lowercase, uppercase, numbers, and special characters when possible. They also know to keep their passwords secret–so keeping them digitally stored in one place seems anathema. Here’s why you should use one.
The world of password managers comprises myriad options: free/subscription, stored locally/stored online, freestanding/integrated into another program (like your browser). The whole concept of putting your passwords into a password manager runs counter to the “don’t put all of your eggs in one basket” adage that serves so well in most situations.
No doubt, you should fully research password managers before selecting one, as they are not uniformly secure (a roundup of some of the top options, security concerns, and review criteria can be found in the Freelancer’s Guide to Cybersecurity if you want to learn more). And the Mozilla Foundation suggests that users should only consider a password manager that:
-
- Doesn’t know your master password (so hackers can never steal it)
- Only stores encrypted versions of your credentials and data on their servers
- Can generate strong, secure passwords
(from Five Myths about Password Managers)
As an aside, some password managers will also store your credit card information to facilitate online purchases, which I think is a bad idea (the fewer places your credit card information is stored, the better).
In many ways, the strongest argument for using a password manager is that not doing so usually leads users to violate the basic concepts behind strong passwords, because strong passwords are hard to remember. Eight-character combinations of letters (upper- and lower-case), numbers, and special characters don’t stick unless they are posted with a sticky note to your monitor–obviously not a secure or convenient option.
For those still concerned about using a password manager (I was slow to adopt and still keep mine on a very tight leash), I offer an additional thought. With the wide adoption of multi-factor authentication, the password maintains its stature as the first line of security for accounts, but now it has solid backup. Whether by SMS text, a physical key, or an authentication app, multi-factor authentication adds a formidable second line of security. Of course, as I write about in an earlier post, 2FA can have its limits for high-profile targets–so choose your second form of authentication based on your specific situation.