Ã¢â‚¬â€¹if you use a password manager, what do you as the user need to remember?

April 08, 2022 Post a Comment

You probably know that it's not a good idea to use "password" equally a password, or your pet'southward name, or your birthday. Just the worst affair you tin do with your passwords—and something that more than 50 pct of people are doing, according to a recent Virginia Tech study—is to reuse the same ones across multiple sites. If even one of those accounts is compromised in a data alienation, it doesn't thing how strong your password is—hackers can hands apply it to get into your other accounts.

But even though I should know better, upwardly until a few months ago I was still reusing the aforementioned dozen or so passwords across all of my everything (though at least I had turned on two-factor authentication where I could). It'southward simply besides difficult to come up with (and retrieve) unique, strong passwords for dozens of sites. That'due south why, afterward much cajoling from co-workers, I started using a countersign managing director—and it'due south why you lot should exist using one, too. Aside from using two-factor authentication and keeping your operating system and Spider web browser up to date, it's the nigh important matter you lot can do to protect yourself online.

Why y'all demand a password director

A countersign managing director is a secure, automated, all-digital replacement for the footling notepad that yous might accept all of your passwords scribbled downwards in now, but it's also more than that. Password managers generate strong new passwords when y'all create accounts or modify a password, and they store all of your passwords—and, in many cases, your credit card numbers, addresses, bank accounts, and other data—in 1 place, protecting them with a single strong master countersign. If you remember your primary countersign, your password manager volition remember everything else, filling in your username and password for you whenever y'all log in to a site or app on your telephone or computer.

Y'all can generate, save, and car-fill passwords with Google's Smart Lock (in Chrome and Android) or Apple's Keychain (in Safari and iOS), but a good password manager goes a lot further—information technology can proactively alert you when you're reusing a password or when your passwords are weak and easy to estimate or hack, and some countersign managers will even let you know when online accounts are hacked and your passwords take been exposed. For accounts that yous demand to share with family members, friends, or co-workers—a joint bank account or mortgage site, a shared Twitter account, or your insurance and medical records, for instance—many password managers offer family unit plans that make it simple to share strong, complex passwords without requiring multiple people to remember them or write them downward.

Learning to use a password manager seems intimidating, but in one case you lot first using ane to make strong random passwords that you're not on the claw to remember, you lot'll wonder how you lived without one. Usually, improving your digital security means making your devices more than abrasive to utilize; a password manager is a rare opportunity to make yourself more secure and less bellyaching.

A password manager for any budget

Wirecutter's favorite password manager is 1Password. It has smashing apps for PCs, Macs, and all kinds of tablets and phones, and those apps volition tell you exactly what'southward wrong with your passwords and how to set them, whether they're weak, reused, or fifty-fifty compromised in a hack. If you're not using two-factor hallmark to further protect your accounts already, 1Password tin can generate, store, and insert those codes for you when you lot need them. And 1Password's family program makes information technology easy to share passwords for accounts y'all share with your family members and friends (and to continue their passwords safe, too).

If y'all can't or don't want to pay the $36 per year for a 1Password subscription, you tin can detect good free options as well. Wirecutter'south favorite is LastPass Gratuitous—its apps aren't as total-featured as 1Password's, and its recommendations for fixing countersign problems aren't as clearly explained or every bit easy to act on, just information technology'south still pretty simple to employ and it withal works on just about whatsoever computer, tablet, or telephone.

These aren't the only skillful password managers out there, but these two are easy to acquire, backed by practiced customer support, and designed to store your passwords securely. You don't need to understand hashing or AES-256 encryption, except to know that it means that even if 1Password or LastPass has its servers hacked, your passwords will remain unreadable to anyone who doesn't have your master password. Both 1Password and LastPass are transparent about their security processes, and you lot can visit their sites to larn more than.

Making a practiced master countersign

Considering your principal password is responsible for protecting all of your account information, you must make it long and hard to guess. Merely because you'll demand to type it in when you start using a new computer or telephone, when you need to log in to alter business relationship settings, or when you restart your calculator or browser, information technology should also be easy for yous to retrieve; otherwise you could lock yourself out of your business relationship and lose admission to everything.

Both 1Password and LastPass take good communication on how to make a chief password, and perhaps surprisingly, they don't recommend long strings of random lowercase and uppercase messages, numbers, and symbols. Instead, you need a long merely memorable password, perhaps composed of multiple random words with dashes, periods, or some other like shooting fish in a barrel-to-think punctuation in between, similar "discard-memento-burble-pacer." 1Password's password generator is a handy way to make one of these passwords regardless of the software yous use.

No matter how memorable your master password is, you should write it downwardly and store it somewhere to make certain you don't forget or lose information technology. The most secure way to practise this is to write it on an actual slice of newspaper and go on it somewhere safe, such as a locked desk drawer or Wirecutter'southward recommended fireproof document safe. Writing it down the quondam-fashioned way is actually much more secure than storing it digitally, especially on a cloud syncing service such every bit Google Drive, Dropbox, or iCloud; 1Password even has a handy "emergency kit" printout that tells yous exactly what you demand to write down.