Password Agony; No Ecstasy
Passwords are a total pain. Upper- and lower-case letters, numbers and special characters in one password are likely unbreakable over the course of a lifetime. But just to be safe, you’re required to change them periodically – without repeating one you’ve previously used for a website. And if you go to extremes, well, it is possible that someone can beat you over the head and hold your finger or an open eye in front your phone and access your bank account. A password manager could relieve that pain.
Password managers are applications on your computers and devices to access a database where your passwords are stored. One of the big pains they relieve is the need to remember multiple complex combinations of letters, numbers and characters that – to be effective – are totally random. Almost all password managers let you create a master password for access to your identity vault, and then the password manager fills in individual user IDs and passwords for the sites and apps you use. One benefit is that you can give each site or app a different, complex and hard-to-remember password. They also relieve the burden of making required password changes for websites by generating a new one.
For those of you thinking several steps ahead, you are not tied to a password manager forever. You can always download the database with your passwords and user names, allowing you to leave the service and change passwords at each website as needed.
Of course, there’s some risk to a password manager. If a hacker gains access to your master password, all your accounts are open to plundering. Likewise, if a hacker manages to breach the central vault of the password management company, it’s possible that millions of account credentials could be stolen in a single hack.
Good password managers have defenses for both possibilities. Most employ multifactor authentication, so access is granted only with both a correct password and a correct authentication code. That code exists only on a device you own, limiting the ability for someone on the other side of the world to gain access to your information. They also encrypt your password information locally, before it ever leaves your devices, on the servers operated by the vendors. In most cases, this is strong enough.
You have a lot of choices for password managers. We happen to like Dashlane, which gets strong reviews from sources such as PC Magazine, Tom’s Guide, and CNET. You can find more than enough reviews of Dashlane and other program managers, some subscription-based and some free. You should remember that we’re not always enamored with free programs, but regardless of price, here are some things to consider.
Your password manager should secure your data on your machine and in the cloud with an industry-accepted, tough form of encryption that’s widely used today. Along that line, it’s good to have a password manager that scans the dark web to make sure you haven’t been compromised.
It should work across multiple platforms with software for Windows, macOS, Android and iOS, and you should be able to install it on an unlimited number of devices for a single (usually paid) account, store an unlimited number of passwords and generate new, strong passwords for you, even on a mobile device. We like one that can alert you to data breaches and give you a two-factor authentication option for master passwords. Some will offer to save personal information, such as personal details, credit-card numbers and other frequently used information to quickly fill out online forms. While this is optional, it may be safer than letting a website save your credit-card information.
While no password manager can recover your master password if you forget it, it’s helpful to have one that lets you reset your password. Another good feature is one that lets you provide an emergency contact so that a trusted person can access your websites and apps if you are unable to do so.
Choosing a password manager and setting it up can be daunting tasks, but we can help. Call us – 973-433-6676 – or email us for answers to your questions or to walk through the setup.