Should you use a Password Manager?

Should you use a Password Manager?

A password manager is generally a good thing. Unless you have a photographic memory you’ll find it hard to remember every password for every site you’ve got a login for, especially if it’s not a site you visit frequently.

The usual shortcuts we hear of are people collecting all of their passwords into a file on their desktop, usually called ‘Passwords.doc’, or using the same password across multiple sites.

Neither are good practice and could land you in serious trouble if your device is ever compromised, or your password and email are leaked online.

It happens more often than you’d probably like to think. If you’ve not run your email addresses through the HaveIBeenPwned online tool, now is the time.

Here we are talking about personal accounts rather than businesses. The challenges for larger companies are well-documented but they will have markedly different options than those available to you and me.

Alternatives to passwords

We live in an age where you can unlock an iPhone with your face or fingerprint, and biometric security is gaining steam.

The drawbacks of such technologies lie in the fact that they are part of a nascent industry and there are vulnerabilities and compromises everywhere.

For the most part, if you want to get access to any social media, online forums or shopping accounts then you’ll have to use a password of some sort.

What does a password manager do?

  • Generates new passwords for any site on command
  • Creates long, complex passwords unique to each website or login form
  • Synchronises all of your passwords across all your devices, so you’ll never have to check your phone or tablet if you need to login to a service on your laptop, or vice-versa

Why is a password manager better?

  • Easy to setup and use
  • Ends the need to remember long-string passwords or to write them down anywhere else
  • Come at the recommendation of the UK’s National Cyber Security Centre, who say: “They reduce security friction – making security easier and more convenient. If security is difficult, tedious, appears to add no value or gets in the way of the main task we’re trying to do, then we tend to find (insecure) ways around it.”
  • Can flag up fake or phishing websites and spot them better than humans can

Browser-based, or freestanding?

Password managers come in two main types: ones based inside your browser, and those which you can download as a separate program.

In general, freestanding password managers that you can download will serve you better than a browser-based one.

That’s simply because standalone programs will make you create a master passphrase for access, which browser-based managers don’t do. They also include more sophisticated protections including

  • flagging up potentially compromised websites or those with out of date security certificates
  • notify you about passwords which are too weak or too short
  • remind you to change passwords that are older than a certain age

Problems with password managers

  • You shouldn’t use a password manager to remember your UK banking logins. Banks and building societies prefer you not to use a password manager.
  • Some even have it in their terms and conditions, like Halifax, who explain in this May 2017 Twitter conversation that they don’t allow customers to paste passwords from a separate program.
  • If you lose your master passphrase, you’ll be up the creek without a paddle and you won’t be able to access any of your generated passwords.
  • In conclusion

    A password manager is a good first step to help you move away from an ad-hoc approach to your personal security.

    We’d recommend a standalone program rather than browser-based to get the best results, but note the places where you shouldn’t use them (above) so you don’t run into difficulties.

    MAIN IMAGE: Automobilia Italia/Flickr/CC-BY-2.0

    Leave a Reply

    Your email address will not be published. Required fields are marked *