Password managers are one of those things know-it-all nerds love to admonish you for not using. I am one of those know-it-all nerds, and I am telling you that you really should use a password manager! They can be a hassle to set up, but when used properly, they improve your online safety and security, and can make life a little easier.
Strong Passwords are Future Proof
You've probably had to make an online account and create a password for that account, but the password requirements are really frustrating to comply with (a lowercase letter, uppercase letter, a digit, a symbol, but not that symbol, no repeating characters). Why do they make it so hard? Don't they know how annoying it is?
Complicated password requirements aren't there to mess with us, they’re complicated because when passwords are short and basic, it’s easier for a hacker with a powerful computer to try thousands of different combinations, with both speed and ease, to gain access to your account.
To put password strength into perspective, a password with 10 characters but only uppercase and lowercase numbers and letters (e.g: BHvd9xLjd8) can be guessed by a modern computer within 5 days. Add an extra 3 characters (e.g: BHzvd9xLjd8A4) and it'll take 3,000 years. Slap a few symbols in there (e.g: BHzvd&xLjd?A4) and even the fastest computer on the market will be waiting 15,000 years to guess that password.
Password managers are one of those things know-it-all nerds love to admonish you for not using.
Server administrators and software developers don't only need to worry about the strength of a password now, but also how that password could hold up in the future. Sure, it might take 15,000 years to crack that password today, but as computers get more powerful that same password could only take a few months, then eventually only a few days to crack.
By making a password as long as possible - at least 18 random uppercase and lowercase characters - you're making it more difficult not only for hackers now, but for hackers in the future too.
Unique Passwords Limit the Damage
It's not enough to have a complicated password, but you should really be using different passwords on every service you use. Using the same password everywhere, even if it’s a good password, is a recipe for disaster.
Let’s say you've got a nice complicated password such as: P5/B<=RauQ_An4*$~G3+@-. You've managed to memorise that beast and use it everywhere because it meets even the strictest password requirements.
Well, I have bad news, if one poorly run website you use that password with has been compromised, and if the operator of that site didn't protect their passwords properly, a hacker managed to get not only your password, but your email address too.
Now the hacker knows the password and email address you use everywhere and can go around to common websites and try logging in with them. This is called "credential stuffing" and it's incredibly common thanks to how common it is for people to use the same email and password all over the internet, as well as how many services are routinely compromised.
Using the same password everywhere, even if it’s a good password, is a recipe for disaster.
By using a unique password on every app and website, you inoculate yourself from this credential stuffing.
How Do I Remember All These Passwords?
Now you know why you need longer passwords and why you need a different one for each service, but this introduces a practical problem - how do you remember all these details?! That's what password managers are for.
Think of a password manager like a secure digital notepad, where you keep all your passwords, along with the website or app they're for, in a dedicated password app. That app is then secured by a master password, encrypted and typically accessed with two-step login.
By using a password manager you can create as many unique passwords as you like, as you need, and they can be super long, because you don't need to remember them! The password manager will do that for you.
Password managers can also protect against phishing. If the website or app asking you to login is different than the one you created the password on, the password manager won't hand any information over, giving you a chance to assess if the website is legitimate.
By using a password manager you can create as many unique passwords as you like, as you need, and they can be super long.
It might sound unsafe to have all your passwords in one spot, but the odds of someone getting into your password manager and successfully obtaining the passwords inside it are way lower than the risk of an account being compromised because you used a weak password or used the same password all over the place.
How Do I Use A Password Manager?
You might already be using one - Google Chrome, Android, Apple iOS/macOS and iCloud have password managers built-in and are free to use. If you've been prompted by your phone or computer to save a password when either logging in or creating an account somewhere, that's the built-in password manager doing its thing.
- Apple has a website explaining how to enable iCloud Keychain so all your passwords are synchronised across all your Apple devices and backed up on iCloud should you lose access to your device.
- Google also has instructions on how to enable Google Password Manager in Chrome and Android, which will sychronise your passwords on any device you're using Chrome on, as well as Android devices.
While the built-in password managers are better than nothing, they aren't very good at communicating between each other. You might have passwords in Chrome that your iPhone's apps can't access and you might have passwords on your Mac that your Android phone doesn't know about because Apple and Google don't really get along. This is why it's a good idea to use a third party password manager, like one of the following:
- 1Password - USD$2.99/m
- Proton Pass - free, with extra features starting at €3.99/m
- Bitwarden - free, with extra features starting at US$10/yr
The benefit of using these services instead of the built-in password managers is that regardless of the computer, smartphone or web browser you use, they’ll sync your passwords across all of them. There's also the bonus of not putting all your digital eggs in the one basket should you get locked out of your iCloud or Google account, which would also have the disastrous side effect of being locked out of all your passwords too.
To learn more about these 3rd party password managers, check out their getting started guides:
Got a tech question for Ada? She wants to hear from you!
Ada answers all your questions about tech, the online world, and staying safe in it. No question is too silly, no hypothetical is too far-fetched! Learn to leverage devices, systems, and platforms to your benefit.