- Password managers are one of the quickest and easiest ways to help defend yourself against hackers.
- They store all your passwords — so you only have to remember a single, extra-secure one to protect yourself.
If you ask security experts for what simple advice they’d give to ordinary people worried about being hacked, the same thing comes up again and again: Don’t re-use passwords.
This is because huge numbers of people re-use the same passwords across multiple accounts, putting all their data at risk if any one of their accounts is ever breached.
Of course, juggling dozens of passwords for all your different logins is tricky. And that’s where a password manager comes in. A password manager is an app that stores the passwords for all of your services — meaning you only have to remember one.
Here’s why you should be using one — and how to do it.
There are two key problems with people's password habits: They re-use them all the time, and they're terrible at picking them in the first place.
Throughout 2016, we saw dozens of celebrities and high-profile figures -- everyone from Drake to Katy Perry -- getting their Twitter accounts hacked. Twitter itself wasn't hacked, but these victims had re-used passwords that were also used on sites that were.
There have been numerous high-profile hacks come to light recently. Sites like MySpace, LinkedIn, and Tumblr have been breached, and hundreds of millions of people's login details leaked online. Hackers can then try these logins on other sites -- like Twitter, other social media sites, online banking, or anything else.
On a long enough time frame, everyone gets hacked. It's basically impossible to avoid having your details end up in a leaked data dump sooner or later -- and you can't do much to stop it happening. But by not re-using passwords across multiple sites, you can limit the damage.
It's not just tech-illiterate people who are getting stung this way. Even Mark Zuckerberg, CEO of Facebook, has had his Twitter account breached.
Making matters even worse is people's password choices.
Put simply, people are awful at picking passwords. They go for predictable strings of letters, or simple words, or other basic possibilities -- making it much easier for attackers to guess or crack them.
According to an analysis of leaked data from security firm Keeper, the world's most common password is the depressingly easy to guess '123456.' The second most-used password was '123456789,' according to Keeper, followed by the predictable 'qwerty.' Then came '12345678,' and in fifth place was the obvious '111111.'
This is where password managers come in.
A password manager will solve both these problems. It means you can use a different password on every account, because you only need to remember one. And it will also generate strong passwords for you, so you don't fall into the traps people often do when they pick their own passwords. (Easily memorable passwords tend not to be particularly strong.)
It stores and encrypts all your login data in its vault -- keeping it safe and inaccessible without the correct master password that you set and remember.
There are other benefits to using one too, like remembering all those account logins that you only use very occasionally. If you only order from UberEats every two months, it'd be easy to forget your password (unless you re-used one, tut tut), but a password manager will keep it safe.
Some also come with extra features to differentiate them from their competitors, including file storage and encrypted note-taking.
You add it as a extension for your web browser, then it stores all your different logins on its dashboard or encrypted 'vault,' making them accessible across multiple devices. (So you can use them on your phone, or your work computer, or your personal laptop, without any issues.)
Then when you visit a site you have the login for saved in LastPass, it will recognise it and auto-fill it for you.
Or if you're registering for the first time, it can help you generate a strong password (which it then saves).
The password above would be a nightmare to remember or to type, but because it's stored by the password manager, you don't have to. It's all taken care of.
But isn't it dangerous keeping all your passwords in one place? Nothing is ever perfectly safe -- but using a password manager is far safer than the average person's security habits.
The best password managers use industry-standard encryption to protect users' data. It's a vast improvement on sticking password reminders to your computer screen or -- worse still -- re-using weak passwords. Emmanuel Schalit, CEO of password manager Dashlane, says 'sometimes, it's better to put all your eggs in the same basket if that basket is more secure than the one you would be able to build on your own.'
On its site, Dashlane uses the analogy of a bank: 'You trust your bank to store, manage, and protect your hard-earned money, instead of carrying thousands of dollars in a gym bag everywhere you go. Instead of writing your passwords on sticky notes or reusing the same password for all of your accounts, password managers provide a safe place for you to store, manage, and protect your passwords and other private information.'
Hackers do try and attack password managers, though. In 2015, LastPass announced that intruders managed to steal email address, password reminders, and more -- though not users' encrypted password vaults -- and it forced all users to reset their master passwords.
Different password managers also let you decide whether you want to store your encrypted data on the cloud, or your own devices. You might be happy to trust your password manager to host your passwords, so they can follow you wherever you go. But if you're more paranoid, you can opt to store that data on a local device where no-one can reach it.
Cloud-enabled password managers can sync across multiple platforms, including your smartphone, meaning you're not stuck when you want to log into a mobile app with a password stored in your vault.
(However, if you decide you don't want to entrust your data to the cloud, then this won't be available. It's trade off -- ease-of-use versus peace-of-mind.)
Finally, a word of caution: A password manager isn't a remedy for all the cybersecurity woes in the world. It's good practice, but it doesn't make you invincible.
Researchers have previously developed phishing attacks targeting LastPass, designed to trick the victim into giving up their master password. Or a keylogger might steal your login details, even if your password hygiene is impeccable. If someone really wants to hack you, and they have the time and resources, the chances are they are going to succeed.
To minimise the chances of you being breached, there's plenty of other security advice you should follow alongside using a password manager.
Activating two-factor authentication means that even if an attacker gets one of your logins, they can't get access to the account without getting hold of your phone too. And if you keep your software up-to-date, it means there's less chance of hackers exploiting known vulnerabilities in it to attack you. Keeping everything encrypted with full disk encryption, meanwhile, means that if someone gets hold of your physical devices, your data remains safe so long as they don't have the password to unlock it.