Stop using that terrible password. Password managers demystified.
- You have 3 passwords that you randomly choose between for every site you log into.
- You haven’t updated your passwords in over 5 years.
- Your password has your pet’s name or your birthday in it.
- Your password has been on a leaked list but you still haven’t changed it.
- You accidentally tweeted out your password.
Sound familiar? You know your password sucks, but you’re busy, who has time to deal with managing passwords? No one. I sure don’t. Even talking about passwords is boring. I know. I’ll try to make this quick and painless. You should use a password manager.
I started using a password manager a few years ago, and it’s easy, convenient and secure. I use LastPass, but there are other ones out there that are just as good. A number of people I know who use 1password.
A password manager is a program that runs on all your devices and creates and stores passwords for you. I have no idea what my passwords are. They all look something like this:
Are password managers safe?
Lifehacker has a good article on this. TLDR: Yes. Lastpass is encrypted, it has a running list of any sites that are hacked and will prompt you to change those passwords right away, and if you use 2 factor authentication a hacker still wouldn’t be able to access your account if they somehow stole your master password. [edit: there’s a hilarious episode of Reply All where they show how to hack 2 factor authentication, nothing is 100% safe).
But what if Lastpass is hacked? Lastpass has actually been hacked twice already. Here’s what happened last time it was hacked. After reading about them being hacked, I actually feel safer using it.
Lifehacker has a good run down of other password managers, if you want to shop around.
If you’re thinking you’re fine because you’re using correcthorsebatterystaple, sorry friend, you’re not.
You need a different password for every site. I don’t believe you can memorize so many random words and remember which site they’re for. Go download a password manager.
This is the second post in a monthly series about online security.
Last month I told you how to encrypt everything.
Next month I’ll be talking about 2 factor authentication.