How many accounts that require a login do you have? Think banking, social media, government services, online stores, etc. Lots, right? So how do you remember the passwords for all of them? Chances are you:
- Use easy-to-remember passwords (like a word or date with some letters substituted for numbers),
- Write them down somewhere (like Post-it notes, a journal, word document, etc.),
- Use one or two strong passwords for all of your accounts, or
- Forget them, and find yourself having to reset your passwords each time you try to login somewhere.
If that's you, then you're not alone. Recent studies show that 39% of people have a hard time keeping track of their passwords, 25% of people use less secure passwords in order to remember them, and a staggering 44% of people use less than 5 different passwords across all of their accounts! With 1 in 5 people having had their email or social media account compromised, there's no better time to review your password management system than right now.
Memorising passwords is a great idea. It means only you know what your passwords are and they're always with you. However, with the growing need for more complex and secure passwords, memorising more than a few of them is almost impossible.
Writing your passwords down somewhere is a less-great idea, but a popular one nevertheless. Post-it notes stuck to your monitor are only helpful if you're sitting in front of your computer (as opposed to being at work, using your tablet, etc.) and mean that other people with access to your computer automatically have access to your accounts. Journals are not much better, and a word document might seem like a good solution (especially if you password-protect it), until you need to check your emails from a friend's computer...
Using the same password for multiple accounts is never a good idea. If one account gets compromised, chances are your other ones will too. It is especially important to have a good, strong, unique password on your email account, as that's generally how you reset all of your other accounts' forgotten passwords. If you can, enable two-factor authentication on your email account as well.
So if you need different passwords for each of your accounts, but you can't write them down, and that many passwords are too hard to remember, what's the answer?
Password Managers To The Rescue!
A password manager is, well, just that: an application that will manage your passwords. It'll store your existing passwords, as well as other information that you need to keep secret and secure (like your usernames, banking details, credit card numbers, PIN numbers, etc.). Often password managers will integrate with your browser, giving you the ability to automatically login to a website when you visit it. Some password managers are installed, and run, on your computer (offline), while others are web applications that you access via your browser (online).
Either way, you access your password manager by entering a 'master password' to unlock it. Obviously you don't want just anyone gaining access to all of your passwords. You therefore need to choose a strong master password. Memorise it! You'll be surprised at how easy it is to memorise a random string of, say, 15 letters and numbers when you practise using it enough times. If you do need to write it down and store it somewhere (since there's often no way to recover it), make sure it's very secure.
Offline password managers are ideal for those who are more security-conscious and don't want their database of passwords and logins available on the internet. The database is stored on your computer, which has the benefit of being slightly more secure than online, but also means that you need a way of taking it with you when you're away from your computer. A USB drive is a good option (add a small one to you key chain), but then you need to make sure it's constantly up-to-date with the copy on your computer.
You probably already know that modern web browsers can store your passwords for you. When you login to a website, you'll likely be asked if you want to save the password for future. This is a good, although basic, way to store your passwords. If you decide to use this simple method, make sure you do the following:
- Create secure passwords for your accounts using a password generator (we recommend 15 characters or more; made up of upper and lower case letters, numbers and symbols)
- Use a master password to prevent other people from accessing the passwords in your browser
A more powerful and feature-rich password manager is KeePassX. It's open source and available on all platforms: Windows, Mac & Linux. You can use it to generate and store your passwords, as well as other sensitive information. It also has an auto-type feature that lets you enter your username and password into websites with a simple keystroke.
Online password managers solve the problem of needing to access your passwords from anywhere. The database is stored online (either through the website that provides the password manager, or in your own cloud storage account), and is therefore available to you from anywhere with an internet connection. Security may be an issue for some, so make sure you choose a password manager that you trust.
If you're using the web browser option, you may be able to setup synchronisation so that all of your devices can access your passwords (however this only works if you use the same browser everywhere).
If you'd prefer a dedicated and full-featured password manager, two popular options are Dashlane and LastPass. They both integrate with your browser to provide automatic logins, though you may need to spend a bit of money for their premium features.
Another great option is KeeWeb. It's 100% free and open source, and is compatible with KeePassX. It has an offline option that you can install on your computer, as well as an online option that you can access from any web browser. Store your password database in your own cloud storage account (Google Drive, OneDrive or Dropbox) and then open it from any browser with your master password.
Whether you prefer to store your passwords on or offline, we highly recommend that you find a password manager that you like and trust. As you fill it with all of your account information, use that opportunity to update your passwords by generating random strings of 15 characters or more. Then have peace of mind in the greater security you've provided for your account information, and never bother with remembering another password again.