Why You Need A Password Manager Right Now

Apr 25, 2022 | Security | 0 comments

I have been using a password manager for years. I talk to people constantly that just use the same username and password for every single website, or maybe they think they’re being super clever with something like the same password for each site, plus some other form of easy to guess password for the site.

Let’s give some examples. Your password is something near and dear to you: Your dog’s name and your birth year. Fido1980! That’s what we’re going with. Nobody will ever guess your password since it’s got a, gasp, special character in it, will they? No, never!

Or, let’s take it one step further. Let’s really go to town. Let’s add the name of the service, so my new Amazon password is now Fido1980!Amazon which must be better than just the original, right? While you’d be correct, the second password is certainly better than the first one, I’m going to say it is just barely better.

Websites Get Hacked

Here’s why. Some site gets hacked. Let’s just say you have a free Canva account to make some graphics here and there. You use your email address and what you consider to be your super secure password of Fido1980!Canva knowing well and good that this password is unique to Canva, so if it gets hacked nobody will ever be able to guess your super secure Amazon password, right?

Wrong. Canva did get hacked, and 4 million account details went out to the public. Now anyone that knows how to torrent can get access to your password. Sure, 1 in 4 million odds aren’t bad, until you realize that people literally just go through the list with bots or teams just to crack accounts.

So now the hackers have a huge list of passwords, what do you think the first thing they’re doing is? They’re searching the file for the word “Canva” to see who’s passwords they can “guess” for other sites. So they do a quick control + f, type in “Canva” and lo and behold, your email address and password are at the top of the list. They grab your email, head over to Amazon and make an attempt to login using their logic. If your Canva password contained the word “Canva” maybe your Amazon password contains the word “Amazon” right?

So they try to login, they try Fido1980!Amazon and they’re in. I’ll take an order for 3 Macbook Pro’s and a side of $10,000 in Apple gift cards please.

Sadly, it really is that easy. I didn’t need some super secret looking DOS terminal like you see in the movies, I just needed to use my logic here. Sure, your password is different for each site, but to a human it’s pretty much the same. It would certainly deter a bot from initially cracking your password, but not for long.

How often do sites get hacked though?

Funny you should ask. According to a Forbes article from 2013, 30,000 websites are hacked every single day. That’s a lot of websites. Surely, you must think that this just doesn’t happen anymore, does it? It’s 2022 for goodness sake! Security measures have changed. Well, I hate to break it to you, but security vulnerabilities can be exploited at any point. They always have, they always will. It’s estimated that in 2023, over 33 billion records will be stolen.

So what exactly is a better password?

Great question! Let’s take this handy chart into mind when we talk through the next part.

Chart source: https://www.statista.com/chart/26298/time-it-would-take-a-computer-to-crack-a-password/

Alright, so we know we need to make our password super secure. If we’re talking computers trying to hack your password, it’s safe to say that you need 12 digits, it has some variation to it, and it needs numbers and letters, right? So, going back to your password of Fido1980!Amazon, you’re actually doing pretty well, except for that whole “humans can guess it” part. You’re on the right track, but something like L@7g7&DskKuvbtR^ would be entirely better, wouldn’t it?

If you answered “yes” then you’re on the right track. But there’s a caveat here. That password is only better if it’s never been a part of an exposed password leak, and you’re not reusing it on anything else. So, the moral of this story is that in order to be protected the best, you’ll need two things. First, you need a super secure password for every single website or service, and second, you need it to be unique for each website or service.

Okay, but that’s super complicated, right? Wrong. It’s actually easier.

That’s right, I’m going out on a limb here and I’m going to tell you that it’s far easier to have hundreds of websites with super secure 40 digit randomly generated passwords than it is to try and remember more than one password to begin with.

How? With password manager apps.

The Perfect Utopia Exists

Alright, let me paint a picture for you. Every single website you sign up for gets a unique password that’s nearly un-crackable. In and of itself, this password’s much better than anything else you can come up with. But here’s the kicker: since each website gets their own password, if that website gets hacked (read: not just your password, but much more information is leaked) then no big deal, you go in, change that one single password, and you’re done. If someone wants to try and login to your Amazon account with your Netflix password, let them try.

Now, you may be wondering how hard this is. Well, the answer is super simple, because the solution is very simple. All you have to do is download and use a password manager app. There are a ton of them, each of them have some unique features, but for all intents and purposes, they do the same thing: they help you create strong passwords and manage them.

Now, you may be asking, “what about the passwords I share with my significant other?” Well, good question. And this is easy because they’ll be using one of these password managers too, right? So in that case, you can either share it with the in-app features, or you can copy and send it to them so they can put it in their own.

You may also be asking, “what about when I’m on my phone?” Another great question! You’ll download the app on your phone, so you can auto-fill passwords on the go. This rings true for your tablet as well.

There are so many to choose from. Which one should I pick?

The short answer: Just pick one.

I use Bitwarden. I like it because it’s open source and free. It has iOS, Android, and Windows apps, along with browser extensions for every browser you could think of. It even comes with some amazing features in the form of reports, so you can check for exposed passwords (which shouldn’t necessarily matter, because you’re going to go through and change your passwords, right?), reused passwords (this one is a big deal – don’t reuse your passwords anymore!), and weak passwords. You can even download a version that you can host yourself, if you’re a more advanced user (this will be a tutorial for another day).

Bitwarden is a great password manager
Bitwarden is a password manager which contains reports that can help get you to a safer place online.

I’ve also given 1Password a thorough try. This one is the most popular, and it’s either $3 per month for individuals or $5 per month for a family of up to 5. It’s a great value, and it has many of the same features as Bitwarden.

1Password has many great features as well, and is a premium option.

There are many others as well, such as KeePass, which is another free and open source option, Lastpass, which is another paid/premium option, and Dashlane, which is the most expensive of the bunch. I’ve tried them all, and I just liked the simplicity of Bitwarden, but it really doesn’t matter which one you use, you can always export your passwords and change later without much work.

OK, how do I do this?

Simple. Follow these easy steps and you’ll be safer in no time at all.

  1. Download your chosen password manager. This will be easiest on your computer, but is also possible on mobile. You’ll most likely need to sign up for an account first.
  2. (Optional) Import your passwords from your browser. There is more than likely a prompt to do this upon setup.
  3. Go to a website that you have an account with. This can be something such as your bank, Amazon, or Target.
  4. Log in with your current, insecure method.
  5. Find the option to change your password from within the “Profile” or “Account” sections of the site you’re on.
  6. Generate a new password with your password manager app. In Bitwarden, you just open and click “Generate”. Copy this.
  7. Paste it into the “new password” section.
  8. When your password manager sees you saving a password, it should prompt you to save it. If not, manually save it within the app/extension
  9. Repeat.
  10. (Optional) Use the built in reports to make sure you’re much more secure.
  11. (Optional) Install on your other devices (phone, tablet, other browsers).

Conclusion

So, the moral of the story up to this point is as follows: first, your password probably isn’t secure enough. But the second part is that even with a super secure password, something like AkVgPCZ!yzuc#jRPfT$2WeoP8R#z9Q it can still get hacked just because the website you’re using was hacked. If you’ve got a password that’s been reused on any two websites, you’re not being as secure as you should. Using these free or inexpensive options should net you the peace of mind in knowing that you’re much safer online.

Those are the basics of using a password manager. There are two additional things that aren’t covered in this guide for those that want to be much more secure: getting an anonymous (or proxy) email address for each site, and using two factor authentication. Both of these will be covered in other guides in the future.

Submit a Comment

Your email address will not be published. Required fields are marked *