If you are not yet using a password manager, it’s time. It’s past time, actually. You are way overdue.
There are three big things you can do to protect yourself online.
- Use a different password for every website. If someone gets hold of your username and password for, say, gmail, the first thing they’ll do is try that username/password combination at more lucrative websites, such as bank websites. Having a unique password for each site guarantees they won’t be able to get into any of your other accounts.
- Use a long password—at least 16 characters—that includes lowercase letters, capital letters, numbers, and special characters, like $@%&*. (Yes, I know that looks like I’m swearing. And I am. Because pandemic.) Enter different strings of characters here, to see how the number of characters changes password strength.
- When a website has it available, use two-factor authentication. With two-factor authentication, to log into a particular website, you need something you know (factor one: your password) and something you have (factor two: such as your phone). After you enter your username/password on a given site, you’ll be prompted for that second factor, such as a number that was texted or emailed to you, or a number or approval from an authentication app on your phone.
“Hey, Sue, my web browser always asks me if it can save some new password I’ve entered. Is it okay to tell it yes?”
No. Saving passwords in your web browser is a bad idea.
If anyone gets into your computer, they’ll be able to access your browser—and have immediate access to every last one of your passwords.
Password manager features to look for
Unless your memory is way better than 99.99% of the population, there is no way for you to remember unique, 16-character passwords for every website you log into. If your memory is that good, email me. I know some memory researchers who would love to meet you.
If you’re like the rest of us, though, you need a password manager. A password manager securely stores your passwords.
In choosing a password manager, there are a few features you should look for.
- Ability to import the passwords from your browsers
- Two-factor authentication. All of your passwords will be stored here, so to be sure no one else can get in, you should have something other than just your password to access them.
- Ability to fill webforms. In your browser, you want your password manager to automatically enter the username and password. You shouldn’t have to type 16 random characters.
- Ability to securely store other information, like credit card information.
- Works across different devices—computer, phone, tablet—and across operating systems, for those of you who have both a Mac and a Windows PC.
- Password generator. Tell it how many characters you want (at least 16) and what kinds of characters you want, such as letters, numbers, and special characters, and it will generate the password and save it for you.
- Ability to share passwords with others. Even better, the ability to add people for emergency access. For example, my emergency contact can click a button in the password manager we both use, and I would have five days (time is customizable) to reply. If I don’t, because, say, I’m dead (!!!), my emergency contact would have access to all of my passwords.
Where to start
Personally, I use LastPass. Dashlane,
1Password, and BitWarden are all worth considering. Keeper is also worth a look, but some people find it less intuitive to use.
These are not the only kids on the password manager block, but they’re good options for anyone getting started. Take a look at the features of each, and pick one. Today. Do it today.