Why A Password Manager Is Crucial to Staying Safe Online

HomeBlogInternetWhy A Password Manager Is Crucial to Staying Safe Online

Why A Password Manager Is Crucial to Staying Safe Online

Why A Password Manager Is Crucial to Staying Safe Online
Reading Time: 7 minutes

It has become impossible to navigate the Internet without accumulating dozens, if not hundreds, of accounts. One way to tackle this issue is simply to let your browser remember all your login data as you traverse your favourite websites. Unfortunately, although it may be convenient, this approach is far from secure. Password managers represent only a tiny extra effort that leads to a comprehensive and fortified account management solution.

What Is a Password Manager?

Although “password manager” may seem self-explanatory, it is worth going into a little detail. A password manager compiles all your passwords—your website login information—so that you don’t need to note (or remember) each one. It is like a master key unlocking a vault with all your sensitive data, whether personal or for work. A password manager requires only the memorization of a single master password or recovery phrase for your app of choice.

You might think that a single master password would make you less secure, but that’s not the case with password managers. This is because they have integrated password generators that create unique, randomized, encrypted, and very strong passwords for every website you visit. Some password managers can even do this retroactively, although they don’t all possess this feature.

Why Do You Need to Use One?

Users who rely on the default auto-fill feature of their web browsers are gravely mistaken in thinking this is the perfect balance between convenience and security. This baseline approach to password management misses key security features that everyone should use. After all, the bulk of most people’s lives continues to unfold in the digital world, where cybersecurity should be taken with utmost seriousness.

You Are Using the Same Password on Multiple Websites

According to the cybersecurity company SecureAuth, 53% of people continue the dangerous habit of reusing the same password for a wide range of accounts. In work environments, this laxity is exacerbated even further, with only 38% reporting using unique passwords. However, this is not difficult to understand; people tend to choose the path of least resistance in all areas of life.

Likewise, if given a choice between a unique, strong password for every single account or using the same password across the board, most people would choose the latter. Password managers negate this choice entirely, transforming it into a false dichotomy. No doubt, if more people took advantage of password managers or even knew of their existence, they would choose that approach to reusing passwords.

Keep in mind that cybercriminals count on people’s poor security habits. By using the same password on multiple websites, you are exposing yourself to fraud, identity theft, and personal information ransom, to name just a few of the risks involved. Moreover, even if you think your unique, long, and strong password is good enough to be used across websites, not all websites employ powerful hashing algorithms to properly scramble your passwords. This means that hackers have an easier time reversing the hashing and reading them as plain text.

Once again, this risk is nullified by password managers that employ banking-grade encryption, usually 256-bit AES(Advanced Encryption Standard). In other words, password managers ensure that the toughest encryption algorithms are employed in case a website you use is lacking in this area. 

Your Passwords Are Too Simple

What is easy to remember tends to be simple … and simple can easily be broken down if you become a target of cybercriminals. Furthermore, even multi-phrase passwords offer only an illusion of extra security. For passwords to be strong, they simply must be difficult to recall. There is no way around it. You can see this in action if you use a password manager’s random generator.

Password Managers Include Random Password Generators

There is nothing like the relief of knowing that every single password for all the websites you visit is:

  • Unique
  • Strong
  • Present without your input or recall

 

Password managers automate this process entirely, except for the master password/recovery phrase that you have to remember or store away safely. Almost every modern password manager worth noting will include a random password generator as one of its core, free features. This means that your passwords will include a variety of symbols, lowercase and uppercase characters, and numerals.

You Only Need to Remember One Password

Automating and encrypting the password generation and auto-filling process for every web portal you visit is a sure way to make you start using a password manager. The only issue you have to take care of is safely storing the master password/recovery phrase. 

Given how important this is—one key to unlock them all—people usually store the master password/recovery phrase in either a lockbox or safe or use a two-factor authentication (2FA) hardware security key with a biometric sensor. These devices are no larger than your regular USB memory stick. There are several choices at your disposal, but here are some highly recommended security keys. All have 2FA, which represents an additional security layer against potential intruders.

  • CryptoTrust OnlyKey—A rare combination of a password manager and hardware security key in one tiny package. This combination makes it possible to completely avoid malware that logs your keystrokes, because you input your master password into the device itself after plugging it into a USB port. Additionally, OnlyKey has an encrypted backup and self-destruct feature that erases all data after a given number of failed password inputs. 
  • Kensington VeriMark Fingerprint Key—Providing up to ten users with a biometric sensor, this security key is perfectly suited for small- to medium-sized businesses. No password recollection is necessary, as the device is plugged in and touched. 
  • Yubico YubiKey 5 NFC—Yubico is a highly regarded name in the security business. This key stands out from the rest by being wireless and employing near-field communication (NFC) technology. Within a very close range of about 4 cm (1.5 inches), it enables you to connect wirelessly to any device running any operating system, as long as it is NFC compatible. For extra convenience, this security key has a nifty key ring hole so you can always keep it close.

Once you integrate one of these hardware security keys into your daily routine for delivering master passwords, you will wonder how you have ever managed without them!

Types of Password Managers

Just like crypto-wallets, password managers work on any platform where they are needed: desktops, laptops, tablets, and smartphones. The feature they simply must have is automatic syncing across devices, so that you can smoothly and safely use them without hassling with manual exports and imports of login data. 

Desktop-Based Password Managers

These usually come as a browser extension or third-party app that must first be downloaded and then installed, like the sleek MYKY.

MYKY is rare among password managers by requiring phone number authentication (like Twitter), even to create a free account. However, like most desktop password managers, it stores your data locally, on the device you installed it on. 

However, MYKY will sync that locally stored data with other devices. For Android smartphones and tablets, you can find it on the Google Play Store

Cloud-Based Password Managers

Cloud-based password managers provide an extra safety cushion by storing all your data in online vaults. After all, companies with deep pockets will always ensure many more storage redundancy systems than individual users, who will rarely go to such costly lengths.

If you are already comfortable using cloud storage like Google Drive, Drop box, or OneDrive for all your personal data, then using password managers to tap into cloud storage should be of no concern. Moreover, cloud-based password managers provide one major advantage over a browser-based desktop manager.

If one password manager works on a particular browser, it may not work on another; nor would it be easy to export the data to another browser. Cloud-based password managers only use one source for all its syncing—cloud storage—for both storage and backup.

On the other hand, you place your trust in third-party servers without having direct control over your vault’s security. LastPass remains one of the most popular cloud-based password managers. 

However, LastPass recently tweaked its pricing scheme, switching from a free tier to a one-month free trial. In light of this, you may want to try other alternatives that maintain the following core features while still being free:

  • 256-bit AES encryption
  • Password generator
  • Zero-knowledge protocol; only you have access to your data vaults
  • Auto-filling web forms

Using these four pillars of password management, we can gauge alternatives to LastPass.

Where Do I Get One?

Apple Keychain

What Chrome’s password manager is to Google, iCloud Keychain is to Apple: a ready-to-go password manager that requires no extra steps other than turning it on. First introduced with Mac OS 9, it can be easily accessed via your iCloud preferences. With it, you can safely store your credit card and payment processor information, private notes, addresses, usernames, and passwords.

As a built-in part of Apple’s ecosystem, iCloud Keychain can easily tap into other services like iCloud backups, iCloud Drive, and iCloud storage. Of course, the app provides seamless cloud syncing across all Apple devices: Macs, iPads, and iPhones.

Google Password Manager

Likewise, Google Password Manager is integrated into Android’s ecosystem and takes care of passwords and form data for all Chromium-based web browsers; the most popular ones are Chrome and Brave. Unfortunately, while completely free and built in to these browsers, it doesn’t offer AES 256-bit encryption, which is the standard among password managers. 

In addition, anyone who has access to your Chrome or Brave browser will also have access to all your saved passwords simply by going into the Privacy and Security settings. This means that Google’s password manager lacks in two critical areas—encryption and authentication!

1Password

Like LastPass, 1Password is no longer a free password manager, as it only provides a free trial period. Nonetheless, it has become a favourite for many who seek an easy-to-use password manager that can be synced across all devices, regardless of operating system. Not only does it provide all four pillars listed above, but it also has multiple vaults for greater login data categorization, so you can separate your work from your personal logins.

Moreover, 1Password’s Watchtower feature will check all your existing passwords to ensure they are not weak. Watchtower even checks whether your credit card data has expired! Its Travel Mode is another nifty feature, allowing you to prevent border control officers from sniffing through your personal data.

With a wealth of such features, 1Password is definitely worth trying out before you commit to a paid plan.

Dashlane

In addition to having all four core features you would expect from a reliable password manager, Dashlane supports the biometric devices mentioned above. It is exceedingly intuitive to use thanks to its modern interface, while its auto-filling tool makes it a breeze to go through websites’ forms and payment processors.

One unique benefit of upgrading from free to paid is that Dashlane offers an unlimited VPN service, making it possible to circumvent countless geo-restricted websites and streaming platforms. Lastly, Dashlane has a mighty useful tool, Password Changer, that sifts through all your passwords and automatically turns them into strong passwords!

Bitwarden

Completely open source and free, Bitwarden may lack in the interface design department, but it still provides you with a powerful set of password management features: 

  • Unlimited vault data
  • Password generator up to 128 characters
  • Biometric login support for the most popular hardware security keys where you save your master password

Even more enticingly, Bitwarden’s paid plan is by far the cheapest of the bunch, at only $10 per year. This minimal cost comes with a time-based one-time password (TOTP) authenticator, 1 GB of encrypted storage, API access, and a wide range of other advanced features suitable for businesses. Furthermore, Bitwarden’s open-source nature ensures that no backdoors are likely to pop up under the government pressure. If that happens, whatever is found simply couldn’t be hidden, which is not the case with password managers that are not open source.

Conclusion

Dedicated password managers provide military-grade security thanks to the AES 256-bit encryption standard. Your browser’s convenient auto-fill feature lacks that level of encryption, in addition to not having a strong password generator and proper authentication. To guard yourself against online dangers, picking any of the password managers listed here will make all the difference.

Share:

Money-Saving Resources

related_product_img
Should You Upgrade Your Internet Service To Gigabit Speed?
related_product_img
Everything We Know About SpaceX’s Internet Service
related_product_img
How to Boost Your Wi-Fi For Faster Internet
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments