Password managers: The good, the bad, and the ugly

Spread the love

In a world where we’re being told to change our passwords every five minutes thanks to the latest massive breach, it’s hard to imagine life without a password manager. Though now that these killer apps are a dime a dozen, the market has predictably been flooded with options you should think twice about using.

Once you’ve started using a password manager, you realize just how absolutely insane things have gotten that we’d be expected to not only remember a jillion passwords, but also be able to spontaneously make up words and phrases that follow all the different and bizarre password-creation rules that sites require of us.

If you’re reading this and not using a password manager, keep reading. You’re in a high-risk category for getting hacked and exploited. Even if you’re already utilizing the best consumer tool for computer security since antivirus, you should also keep reading—because not all password managers are created equal.

If you’re unfamiliar, a password manager is an app that remembers your passwords for you and stores them in an encrypted vault. One master password unlocks the vault when you need to retrieve a password or create a new one, and does it without anyone being able to read what you type over your shoulder or track the login with a keylogger.

1password screenshot vb 01 Violet Blue

1Password: All you need to remember is a single master password, which will unlock a vault that holds all your other passwords.

For those of us who’ve long known about the risks of allowing a browser or operating system to remember and autofill password fields, trusting a password manager doesn’t come easily. But the attack surface is significantly minimized with a manager, and the encryption on top seals the deal.

A manager usually has other nifty features too, like helping you search for (and change) duplicated passwords. One common way people get their social media and email accounts hacked is when malicious hackers comb through old breach dumps online, grab the logins and passwords, and then try them on your current accounts in the hopes that you’ve reused the password since.

screenshot lastpass website 02 Violet Blue

LastPass: Additional features, like a duplicate-password tool, can bolster your online security.

The 2012 LinkedIn breach dump has been a hacker gold mine for five years, with news items still cropping up in 2017 about individuals and businesses who didn’t change their LinkedIn passwords after the breach and then had other accounts hijacked. It’s embarrassing, and worse.

Password managers also give users a way to automatically create new, long, complex passwords that follow all the crazy rules sites make for us: things like including upper- and lowercase letters, numbers, symbols, and a given number characters.

Leave a Reply

Your email address will not be published. Required fields are marked *