This article was co-authored by Luigi Oppido and by wikiHow staff writer, Nicole Levine, MFA. Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years.
There are 8 references cited in this article, which can be found at the bottom of the page.
This article has been viewed 109,113 times.
Whether you're at the office or at home, managing passwords is the key to protecting sensitive professional and personal information. But what happens when you need to remember hundreds of passwords that all need to be different and must be changed frequently? That's where password managers come in. This wikiHow teaches you how to determine whether you need a password manager, helps you choose the one that works best for your needs, and helps you keep your passwords safe.
Steps
-
Determine whether you need a password manager. Facebook. Yahoo. Twitter. LinkedIn. Zoom. Equifax. What's something that all of these companies have in common? They've all experienced massive hacks that resulted in their users' passwords becoming publicly available to hackers. Once a hacker has someone's username and password for one site, they can use fast-acting scripts to try that login information on other websites. This means if you reuse the same password on more than one site, you're at risk!
- If you're type of person (and who isn't?) with dozens to hundreds of accounts on different services, a password manager will give you peace of mind. Password managers work by storing and encrypting all of your logins and passwords in one location, protected by a "master" password. The password manager will help you create a strong unique password for every site you site in to, but you'll only need to remember your master password.
- If you are capable of remembering multiple different secure passwords, you may not need a password manager. However, since most sites and services now require logins, it's rare that someone can remember a completely unique password for more than a few websites.
-
Try your web browser's password manager first. Most major web browsers, including Chrome, Safari, and Firefox, suggest strong unique passwords for accounts you create on the web. They also give you the option to store these passwords in your browser's settings, making it so you don't have to remember the complex combination of characters suggested by the browser. There are some pluses and minuses to using your browser to manage your passwords:
-
Pros:
- If you use the same browser on your computer, phone, and/or tablet, storing your passwords in that browser makes it so the same passwords are accessible any time you're logged into your web browser. This means that if you're signed into Chrome on your computer, for example, and save a password to the password manager, the password will also be available in Chrome on your iPhone.
- When you log into a website you haven't logged into before, your browser will prompt you to save the login information so you can easily use it in the future.
- Chrome and Safari both label any passwords you use on multiple sites and advise you to change them.[1]
-
Cons:
- Using a browser-based password manager won't help you when you need to sign into other apps on your phone or tablet, such as the Instagram app or Facebook. The passwords saved by the browser will only be pre-filled when signing into sites in the browser.
- Your passwords are only as strong as your browser account. For example, if your Google account password is hacked, all of your passwords saved to Chrome will be accessible to the hacker. Make sure the password you use to access your account is exceptionally secure, and protected by two-factor authentication.
Advertisement -
Pros:
-
Consider a non-browser password manager. Unlike browser password managers, standalone password management apps can keep track of your non-web passwords, such as for your Instagram app, your work mail client, and your database software. Most password managers only require you to remember one "master" password, and will suggest secure unique passwords for all other sites you sign in to. Some popular options:
-
LastPass: Works on Windows, macOS, and Linux, and has browser plugins for Chrome, Firefox, Safari, Edge, and Opera.[2]
You can install the mobile app on your iPhone/iPad and/or Android.
- Has a free option that is fully featured (with a few exceptions) for one user.[3] The $3 tier, also for one user, also allows you to share passwords and other items securely, monitors dark web activity, and has an emergency access option in case you lose your master password. Family and business options exist also.
-
DashLane: Works on Windows, macOS, iPhone, iPad, Android, and ChromeOS. Has browser plugins for Chrome, Safari, Firefox, Edge, and Opera.[4]
- Has a free option that stores up to 50 passwords on one device. Upgrade to the $6.49 premium level to unlock unlimited passwords on unlimited devices, plus VPN access for secure Wi-Fi.
-
Keeper: Works on Windows, macOS, iPhone, iPad, Android, Linux, and ChromeOS. Has browser plugins for Chrome, Edge, Firefox, Safari, and Opera.
- The free version of Keeper only works on one system. If you upgrade to the $34.99/year plan, you can store an unlimited amount of passwords on all devices.[5] They also offer plans that include security monitoring and secure file store.
-
1Password: Works on Windows, macOS, Linux, iPhone/iPad, Android, and ChromeOS. Has browser plugins for Safari, Firefox, Chrome, Brave, and Microsoft Edge.[6]
- There is no free version of 1Password—just a free trial. If you're willing to pay $2.99 per month, you can store an unlimited amount of passwords on any device.[7] There's also a family plan upgrade, which has a feature that allows family members to help one another get back into accounts they've been locked out of.
-
LastPass: Works on Windows, macOS, and Linux, and has browser plugins for Chrome, Firefox, Safari, Edge, and Opera.[2]
You can install the mobile app on your iPhone/iPad and/or Android.
-
Install the password manager software on all of your devices. The key to making sure a password manager works for you is being able to log into it everywhere. If you install LastPass on your PC, also install it on your Android, iPad, and anywhere else you sign in. Any time you create a new password with your password manager, it will be available everywhere else you use that password manager.
-
Use Two-Factor Authentication whenever available. Two-Factor Authentication (also known as Two-Step Authentication or 2FA) makes logging into sites and services a two-step process—after entering your password, you'll have to confirm a verification code or use a third-party app to approve the login. This second layer of protection makes it so anyone who wants to sign in to your account must also have access to your phone or tablet (or other secondary device) to complete the login process.
- Most major sites and services, including Google, Facebook, and Apple, support (and recommend using) Two-Factor authentication.
- Services that support Two-Factor Authentication often give you the choice to receive a verification code via SMS text message or an authenticator app like Authy or Google Authenticator.
-
Use long passwords. The content of your password is important, but the length of your password can greatly impact whether your password is crackable. For example, if your password is 8 characters long, there's about 221 trillion possible combinations.[8] Although that seems like it would take a long time to crack, some bots can guess 10 billion combinations per second! However, if your password contains at least 12 characters, there's more than 3 sextillion combinations, which can take over a hundred years to crack.
- Many password managers, including LastPass, allow you to choose how many characters each password can have. Make sure your master password for any password manager contains at least 12 characters.
- Check out https://www.lastpass.com/password-generator for a quick-and-easy web-based password generator that can give you a very secure password to use on the fly.
-
Avoid using easy-to-identify words and numbers in passwords. Family names, birthdays, house numbers, phone numbers, and social security numbers should never be included in your passwords. Hackers can easily find this information online and use it to crack your password. If you must use any of these pieces of information, make sure to include a mix of letters, numbers, and capital letters to obscure the originating word.
-
Use a mix of letters (capital and lowercase), numbers, and special characters. In addition to being super long, include a mix of capital and lowercase letters, as well as numbers and symbols. Avoid including any words exactly as they'd appear in the dictionary—instead, include numbers, symbols, and creative spellings. For example, if you want your password to be a play on ILoveNewYork, try something like YoR<nU1L0v3! instead.
-
Use a unique password for each application. Even if you're not using a password manager, every site and service you log into should have its own unique login information. Everything from your bank account to your utility and Facebook accounts should all have different passwords. Using the same password for multiple purposes may be easier to remember, but it's also like putting out a welcome mat for the identity thieves.EXPERT TIPTechnology SpecialistBrandon Phipps is a Technology Specialist based in Bakersfield, CA. He is the owner of Second Star Technologies and specializes in Managed IT Services for small and mid-sized businesses in Bakersfield, CA. With over 23 years of experience, he offers expert cloud computing, cybersecurity, and network management solutions. Brandon is a committed community member and coach who leads and innovates in tech and sports coaching. His dedication to local businesses and communities is evident in his hands-on, tailored approach to IT solutions.Brandon Phipps
Technology SpecialistAvoid using the same password for multiple websites. If your login information on one website is compromised, hackers can potentially gain access to your accounts on other sites. Be sure to create unique passwords for each site to reduce your risk of being hacked, especially if a site seems like it has questionable security.
-
Change your passwords frequently. Changing passwords helps reduce the chance that someone will get their hands on an old password and be able to use it to access sensitive accounts.
- Don't just change a single letter or number in a previous password. For example, if your password updates over time are LastName1, LastName2, LastName3, and so on, someone who hacked an old password can just as easily hack a new password.
-
Determine whether you need a “password backup.” Though it's safer to avoid recording your passwords, sometimes doing so is a necessity. If you have so many different passwords or ones you only use occasionally that you think you'll have trouble remembering them, write them down on paper and keep them somewhere that locks securely.
- Don't make your password storage book look too obvious—if someone were to break in to your home or office, they'd be thrilled to find a book that's clearly labeled "Passwords!" If you must write down your passwords, they should be inconspicuous and stored in an extremely secure location. Do NOT take them on your travels.
- Avoid keeping a text file on your computer, phone, or tablet that stores your passwords. If you lose your phone, tablet, or laptop, you'll be losing a lot more than just a piece of hardware. Plus, if someone can break into your account, they'll have all of your passwords. You may also accidentally delete them.
Is Google Password Manager Safe?
Community Q&A
-
QuestionWhat's the best password management software for Apple products?Community AnswerLastPass is a highly-recommended program.
-
QuestionHow do I get to passwords?Community AnswerOpen the Chrome menu using the button on the far right of the browser toolbar. Choose the Settings menu option (highlighted in blue). Click Show Advanced Settings, located at the bottom of the page. In the “Passwords and Forms” section, click the Manage Passwords link.
-
QuestionIn my Autofill password list, how can I delete one I do not want there?Community AnswerGo to settings (in chrome) > Click Show advanced Settings (at bottom of the page) > Under Passwords and forums section click Manage Passwords > Select the required password and Delete.
Tips
References
- ↑ https://gizmodo.com/is-your-browser-a-good-enough-password-manager-1844685005
- ↑ https://lastpass.com/misc_download2.php
- ↑ https://www.lastpass.com/es/pricing-cc
- ↑ https://support.dashlane.com/hc/en-us/articles/202625002-Minimum-requirements#title1.5
- ↑ https://www.keepersecurity.com/pricing-personal.html?t=p
- ↑ https://support.1password.com/extension-permissions
- ↑ https://1password.com/sign-up/
- ↑ https://nordpass.com/blog/how-long-should-password-be/
About This Article
1. Use a unique password everywhere you log in.
2. To manage your unique passwords, use a password manager.
3. Try your web browser's free password manager for web-based passwords.
4. Use a third-party password manager if you want to save passwords in other apps and use advanced password-sharing features.
5. Always use Two-Factor Authentication when offered.