Why I Started Using a Password Manager, and So Can You!
I’m going to tell you the story of why I started using a password manager and why I wish I had added it to my online life sooner…
I work at Whitepages, a data company. Because of this, I know more than the average person about how information exists on the internet. But! This did not prepare me for the morning my Netflix account got hacked. That was when things got real. I received two emails from Netflix: 1) your password has been changed 2) you can no longer log-in with your email. I, of course, didn’t make either of these changes. I did my due diligence and called Netflix directly after NOT clicking on any of the links in either email, just in case these weren’t from the real Netflix. While on the phone with Netflix support, I learned that someone had gotten into my account and changed my password and account email. Don’t worry, the issue was easily resolved.
Before this happened, I had been a relatively casual password creator. Using three or four different letter combinations (some random, some words) with numbers and special characters tacked on at the end. This seems pretty common with women and men having very specific things they tend to choose for their passwords (kids names and car model/make, respectively). These are not unique. My passwords were random, generally, but the frequency with which I reused them was haphazard and not secure.
Netflix hadn’t been hacked. My email and password had been leaked from another breach. What I had always known could happen became an alarming and panic-inducing reality. When you reuse passwords it’s remarkably easy for hackers to then access your Netflix, Amazon, bank account, or credit card. These are all vulnerable and valuable accounts for hackers to get access to.
So, what did I do the minute I got off the phone with Netflix? Well, I explained what had happened to our in-house fraud team at Whitepages and was told that it was time for me to FINALLY set up a password manager. I did. I don’t know, after using it for four or five months now, if I chose the right one for me, but I know that my accounts are more secure for it.
Now, for the fun part, how can you do this?
There’s a lot of information out there about which password manager is the best. I don’t think this is the right question to ask. I think it’s more important to find the right option that will work for you. If it’s hard to use or counter-intuitive to how you already store your passwords it will be harder to get in the habit of using, and then…what’s the point?
One of the HUGE advantages to using a password manager is the ability to easily create complex passwords that meet a site’s guidelines without repeating the same one over and over again.
Do you store your passwords in a spreadsheet or notes program?
If so, KeePass might be the right password manager for you. With KeePass, you manually store the passwords you need. Passwords are stored locally on your computer vs. cloud storage. Passwords are not accessible across devices unless they are stored on each one separately. KeePass is only designed to be used for passwords, where other services offer secure digital storage of payment methods, licenses, SSH keys, etc. If your computer dies, the passwords stored there become unrecoverable.
KeePass can be a great option for work passwords where you don’t need access to them across multiple computers and cell phones.
Do you use your browser’s default password storage?
Using the built-in password storage in your browser (Chrome, Firefox, Edge, etc.) is a fine option. But if the password to your email or computer is hacked, then your passwords are there for the taking.
If you like using the built-in password storage on your browser, the LastPass plug-in may be the best option if you are used to being prompted whenever you need to log-in. The LastPass interface is easy to use and is pretty reliable for autofill. It can be used across multiple devices and works for both websites (through a browser plug-in) and apps (through the LastPass app). You can store payment information, licenses, and secure notes, as well as all your passwords. If you need to share passwords between users, you can set up a secure sharing center. However, it can be difficult to use if you have multiple logins for a single site and the URLs used to detect auto-fill options can sometimes be unreliable.
LastPass can be an ideal option for personal use across multiple devices.
Update: LastPass has changed their free option so you can only access your passwords on one device. This is fine if you need your passwords on a computer OR phone. But if you need access on multiple devices, there is a minimal yearly fee.
Do you currently use a password manager, but are ready to level up your password security?
Now, if you’ve made it this far and don’t think KeePass or LastPass will meet your password management needs, perhaps 1Password might be a good fit. Unfortunately, 1Password doesn’t offer a free option, like the others. But! 1Password goes beyond the coverage of the others. Where they still provide secure storage of passwords and other digital wallet options, you also get a 365-day history of previously used passwords. 1Password will also prompt you to change your password for sites involved in security breaches. Like LastPass, they also offer a secure sharing center and browser plug-in for easy daily use.
No matter which password manager you choose, it is better to incorporate this into your online life than not using one. I encourage you to use the one that you think will meet your needs. It won’t take long to decide if the interface or plug-in works for you or not. Most of them also offer the option to download and upload your passwords, so it isn’t impossible to change either. Remember, it’s your data and this is the first step to protecting your online identity.