Are you someone who would call themselves "not technical"? Do you know a "technical" person? Do they keep trying to convince you to use a password manager, but you aren't quite sure what that is? Then read on!
What is it?
The name gives it away - it's a tool that you can use to manage your passwords, by being a secure location to store your account details.
It may help to think of it like the contacts list on your phone. You don't remember every person's phone number, because you don't have to. You can just click the person's name, and their number is ready for you to use.
With a password manager, you don't have to remember every password because it's stored with other details that make it easier for you to search, like the URL and your username.
Why do you need it?
Apart from being more convenient (as described above), there are several other reasons to use a password manager - such as increased security, organization, and efficiency.
Security
Most people are aware that using the same password on multiple sites is bad because if one site is hacked, then your accounts on other sites are at risk. (This is called a credential stuffing attack.) But most people are also human and can not remember unique passwords for every account they have. So we relax, convince ourselves it's fine, reuse the same password everywhere and put ourselves at risk.
With a password manager, you can remove that risk without taking on the heavy mental load. Using a manager means you only have to remember one password (the master password for the manager), and then you can use unique passwords for all your accounts easily.
Password managers can also generate new passwords for you to use, ensuring that they are stronger and more unique than "Password1" or "YourNormalPassword+1."
The stronger the password is, the longer it will take to crack. If you want to see how long it would take to crack different passwords, check out:
Password Monster.
Most password managers can also provide a review of your current accounts and passwords. With this, they give you a report of which accounts have been breached, which accounts use the same password as others, and other relevant information to let you know which ones may be at risk and need to be changed.
They can also help protect you against phishing scams. Phishing scams are a type of attack where the scammer pretends to be the actual site you want to use. They normally work by sending you emails or texts saying you need to do something on the site (and urgently, for example, an email stating “You just sent a large amount of money to this other place” will make you panic and want to log on to cancel that), and then providing you with a link to a site which looks almost identical to the actual site to get your account details. Password managers can help because it doesn't matter how good the fake site is (and presumably it is good if you've gotten as far as trying to enter your details), the password manager won't auto-populate the details if the URL of the site is wrong.
You can also use a password manager to securely share passwords. If you need to give your login details to someone else, rather than sending them the password in a way that could be read by others instead you can use a password manager to create a secure link to share instead. By sharing details this way you can also control other aspects such as how long they can view the password, and whether the link will only work for them or anyone with a copy of the link.
Organization
Password managers allow you to keep all your passwords organized in one place. This means that you don't have to worry about forgetting where you stored a password or which password you used for a particular account. It’s also great for keeping track of which sites you already have an account for, so you don’t try to sign up to the same site twice.
Efficiency
A password manager can also save you time by automatically filling in your login details for you. This can be especially helpful if you have multiple accounts to manage or if you switch between devices.
Does it mean I can be hacked once, and they get everything?
Technically yes, but this is still a safer method than reusing passwords, and a more practical method than having you try to memorise a large number of complex passwords.
No password storage method is without risk - reusing has a greater risk of being cracked, and remembering everything has a greater risk of you forgetting them.
Password managers are more practical (meaning you're more likely to keep using them because they're not awful to deal with), and also they're more secure than most websites.
There are a lot of in-depth articles about
how password managers work, but the gist is that they work in such a way that even they don't know your master password, meaning that even they can't get access to your passwords because everything is encrypted. So even if someone does get into their servers and steal your data, they still have to crack your master password first.
You can keep everything even more secure by enabling
two-factor authentication as well. Then even if they manage to get your master password, they would still be prevented access unless they also had the secondary identification required.
What all this means is that yes if they get in they would have access to all your accounts - but they would have a much harder time getting access in the first place.
What to look for?
Usability
Most password managers give a free trial period, so use them to see how comfortable you are with using them. The majority work in the same way (for example with browser extensions), but you may find some make more sense to you than others. It’s worth taking the time to determine how easy it is for you to use at the start, because if some aspect of the process frustrates you then you’re more likely to stop using it and end up back at square one. Test it by seeing how easy it is to add a new password to the manager, how easy it is to use the manager to log into a website of your choice, and also how well it works across all your devices (as most password managers also have an app so you can access it via your phone as well as your desktop).
Pricing
Most managers only cost a few dollars a month, but it’s still worth doing a comparison to ensure you’re paying an amount that you are comfortable with.
Reputation
When it comes to security it’s best to think about what happens ‘when’ you get breached, not ‘if’ you will. The same thought applies to password managers. See if they have a history of breaches, and if so how the company responds to them. Being breached previously is not necessarily a deal breaker, but how they respond to it may be. If they are slow to let users know about a breach (so that users can update their passwords) or try to cover it up , then that password manager is probably not the place to trust with your credentials. For example, in late 2022 LastPass had a severe data breach and mishandled it to the point that they lost a lot of peoples’ trust and there were a lot of calls for people to
move to different password managers instead.
Using a password manager is not only convenient, but it’s also essential for online security. It helps to eliminate the risk of using the same password across multiple accounts and increases the strength of passwords by generating new ones. They allow you to be more organized and efficient by keeping all passwords in one secure location and auto-filling them in when needed. While no method of password storage is completely risk-free, password managers are a practical and secure solution to the problem. That’s why the “technical” people you know want you to use one.