Pixelsmiths Logo

Why You Should Use A Password Manager

A combination lock next to a computer keyboard.

Many web clients ask, 'why would someone want to hack me?' The assumption is that you have to be on a criminal's radar to be targeted. That is a dangerous assumption. Criminals often use automated software to try to break into random online accounts, a bit like a car thief walking down a street and trying all the car doors to see if one is unlocked. Potentially anyone can be victim to an attack, so we need to make sure our log in details are secure. 

However, a roundup of the most commonly used passwords in 2016 revealed that nearly 17 percent of people are safeguarding their accounts with '123456'. Passwords like this can be cracked almost instantly these days. Even tricks like picking a phrase from pop culture, song lyrics, a quote or book title and rearranging it by adding in some numbers or capitalisation are becoming more vulnerable to modern password cracking software. 

The most secure passwords are long strings of random numbers and characters, but they're extremely difficult to remember. A good compromise is a passphrase, a combination of a few random words, best illustrated in the very famous (amongst web geeks) XKCD cartoon below.

XKDC Password

XKCD

You need to have a unique strong passphrase for every one of your online accounts, as reusing passphrases is risky. Login details are leaked quite frequently. Even big reputable companies can be hit. In two separate leaks, 1.5 billion Yahoo account details were compromised. When details are leaked, criminals have emails, usernames and passphrases that they can use to try on other online accounts. If the username and password of any of your accounts are leaked and you use the same login details anywhere else, those accounts can be hijacked. So if someone had used the same username and passphrase for their Yahoo account and their PayPal account, their PayPal account could be in the hands of criminals. If you're concerned about any of your accounts you can find out for free if they've been compromised in a leak by visiting haveibeenpwned.com.

If only you just had to come up with one super strong passphrase. Well, you're in luck!

Password managers to the rescue!

LastPass password generator.

Password managers make strong passwords and store them for you.

A password manager can generate and store a unique, long and random password for each of your online accounts. You just need to create one super strong master passphrase to log into your password manager and that's the only one you need to remember. 

Then you can download the password manager's browser extension. When you visit one of your online accounts and enter your login details, it will store them for you. Next time you return to that site, your password manager can automatically log you in. Also, when you create a new account, it can generate a really strong unique password, store it for you, and automatically log you in whenever you go to that account.

LastPass Security Challenge Page

A password manager can help you improve your online security.

Your password manager can also advise you if any of your current passwords aren't strong enough, or have been compromised in a data leak and offer to change them. It can fill in forms for you too. You can even download an app and use your passwords on your phone or tablet. 

There are many good password managers to choose from. A number of them are listed here. I use LastPass. As a web developer, I need to manage a bazillion passwords and LastPass has never let me down.

How secure are they? 

LastPass two factor authentication.

Two-factor authentication adds a strong layer of security.

Some people worry that password managers put all your eggs in one basket. They do, but it's a very secure basket. All your details are stored in an encrypted database, so even if they are leaked, they won't be decipherable. As you only have one passphrase to remember, you can make it a really strong one. Also, you can make your password manager extra secure by setting up two-factor authentication. To do this, you need to download an authenticator app to your phone or tablet, which generates a special code that you enter in addition to your master passphrase when you log in to your password manager. This means that even if a hacker has your master passphrase, they would need to take your mobile device as well to get into your account. 

Also, for the makers of password managers their whole business depends on keeping your passwords safe, so they work hard to do that. They're not perfect, but much safer than reusing passwords, using weak ones, or trying to remember dozens of complex passwords and running the risk of forgetting them.

Stay safe out there!

Dogmatism, with Chris Coyier - Relative Paths Podcast

Dogmatism, with Chris Coyier - Relative Paths Podcast

Responsive Web Design

Responsive Web Design

Supporting Free Web Tools

Supporting Free Web Tools