Credit to Author: Alan Henry| Date: Sun, 24 May 2020 11:00:00 +0000
Odds are that you, like the rest of us, are spending more time in front of a computer than you used to. You’re probably not looking for another addition to your digital to-do list, but allow me to make one humble recommendation: Get started with a password manager. Now is a perfect time.
Here’s why: The more you browse, the better password managers become. As you log in to your favorite apps and web sites, they ask you if you'd like to save your password to their database so you never have to remember it—or even enter it manually—again. And right now we’re all using our computers more than ever. We’re using them to work, keep in touch with family and friends, play videogames, or just kill time while in self-isolation or under stay-at-home orders.
A password manager keeps track of all of the passwords you use around the web—for your email, for online shopping, for banking or paying the bills—so you don't have to remember them. The good ones will help you identify passwords that you've reused on multiple sites, or are weak and easily broken. They can even notify you when a site you use has been breached, so you can quickly change the password and protect your account.
"Most people are not actually following all the rules for good passwords, because it is really hard to do that without a password manager," says Lorrie Cranor, director of the CyLab Security and Privacy Institute at Carnegie Mellon University. "People often cope by reusing the same password on multiple accounts. But if that password gets breached on any of your accounts, you could have a big problem, because attackers will try the same password on all your accounts."
If your passwords are already weak, she explains, odds are one of them will be breached eventually anyway. If you've been using the same password in multiple places, well, that's even more of your personal data at risk. "By using a password manager and generating random passwords for all your accounts, you significantly reduce the chance of having your password stolen, and if it does get stolen it will only impact that one account," Cranor says.
And yes, the best password managers cost money (although some good ones are free, or have a free tier), but consider this: The cost of a password manager is likely less than you'd spend trying to recover a breached account that contains all of your personal data, or what you'd spend on a subscription to an identity theft service. And it certainly takes less time to set up than dealing any of that would.
If you’re ready to make the leap, first you need to pick a password manager. There are plenty to choose from, but we have a guide to the best password managers here. Our favorite is 1Password, both for its solid reputation as a password manager and its ability to provide two-factor authentication, which you should absolutely turn on for every service that supports it. 1Password also integrates well with apps on mobile devices, and it even has a “travel mode,” where you can delete sensitive information from the database in case your devices are stolen or confiscated, and then restore it when you—and your devices—are safe again.
If 1Password isn’t your jam, there are plenty of other options in our guide, including Bitwarden, which is free, and Dashlane, which bundles a virtual private network and made that Super Bowl ad you may remember from earlier this year.
In many ways, choosing a password manager is the hard part. "Most of the top password managers can import passwords that you may have saved in your web browser. So if you’ve done that, it makes getting started with a password manager pretty easy," Cranor says. "If you haven’t, then a good option is to start using the password manager with just a few of your most frequently used passwords and then add passwords to it as you use them. There is no reason that you have to add them all at once." Pick one that works for you, set up an account, and just use your devices the way you always do; let the password manager to the rest for you. If you use a password manager that can sync across devices, every time you use a password or generate a new, secure one on one device, your others will be updated automatically.
Reused passwords are a little trickier; you'll have to change those manually for the most part. Be patient and take your time. Make it a weekend project, or just spend a few minutes here and there changing bad passwords to more secure ones when you have a moment. Once they're all done, you'll feel better about all of them, and you'll know all of those accounts are more secure. (While you're changing passwords, see if the service supports two-factor authentication as well, and turn it on!)
One thing to note: Your web browser probably already offers to save your passwords and log in to websites for you, but you’re better off with a stand-alone password manager. The convenience may be tempting, but your web browser has a lot of tasks; managing passwords may be one of them, but it's certainly not the most important. While in-browser password management has improved over the years, they still lag behind all of the tools that password managers give you to make sure your entire digital life is secure, including reminding you when you've reused a password, offering different levels of password complexity, and the option to sync across multiple devices and browsers.
Of course, password managers themselves aren't flawless—nothing is, when it comes to security—and the literal treasure trove of private information they have make them an attractive target for hackers. However, the best ones, even if there are bugs and vulnerabilities, keep your data secure and encrypted and have a singular focus. They don't have to make sure a website loads properly; they just have to make sure your data is safe.
"The major password manager companies have a good track record of fixing problems quickly and before their users actually suffer any negative consequences," Cranor says. "If you are currently reusing your passwords or using weak passwords, you are much better off with a password manager than without one, despite the fact that password managers cannot guarantee security."
As with most things, the hardest part of getting started with a password manager is getting started. Since we’re all sitting in front of our computers and on our mobile phones more now than ever, why not build a little security into your regular routine? After all, once it’s done, it’s done, and you won’t have to worry about it—or losing access to a dozen accounts just because one got hacked—ever again.