With all the things we do online these days, it can be difficult to maintain strong password standards. For passwords to offer the most security, users need to have different ones for every service and make sure those passwords are long and difficult to guess.
It’s easy to see how that can quickly become unmanageable.
Password managers, however, are a great way to improve your online security by offering a way to maintain strong password standards.
If you’re unfamiliar with the concept of a password manager, it’s an application you can install on your phone and computer that stores all your passwords in a secure, encrypted format. Users unlock their passwords using a single ‘master password.’ Typically, without that password, you can’t decrypt the data stored within the app. Plus, since password managers usually offer an auto-fill feature to log you into sites and services, you don’t need to remember every password. That means you can create unique, strong passwords for every service.
Unfortunately, password managers can be difficult to set up, so we’ve created a short guide on how to do it.
Where do I start?
The first thing you’ll need to do is pick a password management option. At MobileSyrup, most of us use either Dashlane, Toronto-based 1Password or LastPass. They all offer excellent storage and security options for passwords, as well as free and paid tiers (except 1Password, which is only paid). That said, if you’re heavily invested in the Apple ecosystem, 1Password integrates fairly well with iOS and macOS (but the others work fine too).
Most offer extra features as well, such as secure storage for ID, two-factor authentication (2FA) codes, cloud sync and security warnings to let users know if a password has been compromised.
Ultimately, it’d serve you well to do research and see which service offers the features you need at the price you’re willing to pay. At a base level, you’ll want one that offers encryption (most use standard AES-256). You’ll also want 2FA and auto-fill options, cross-platform support so it works on all your devices and likely the ability to auto-generate random, strong passwords. This helpful Wikipedia page details the features and capabilities of several password managers in one place, making it easy to find what you need.
If all that seems like a bit much, you can always use the built-in option in your browser. It may not be as secure, but it’s convenient and you may already be using it. Chrome, for example, can remember your passwords and recently gained the ability to auto-generate strong, randomized passwords.
I’ve picked my password manager, what next?
The first thing to do when you’ve selected your password manager is to create your account and master password. Remember, this password is the key to unlocking all your other password data, so make sure it’s something secure and something you’ll remember. I’d recommend using a unique passphrase that only you know, and mix it with some numbers.
Next up, you’ll need to bring your passwords into the manager. Most of the good ones offer import and export features and will offer to port your passwords into the service when you first set it up. If you previously stored passwords in your browser or another password manager, this step is pretty simple. If not, you may have to do it manually.
Once you’ve safely imported your passwords, the last thing you should do is update them to make sure they’re secure. Some password managers offer tools to help with this. They go through every site you have stored a password for, attempt to open the site, log in and open the settings so you can change your password. It works quite well for some websites and not at all for others.
Ultimately, you’ll want to change passwords for your most important services first. This means banking apps, email and other critical services. Follow that up with changing any critical or compromised passwords (most managers will highlight these for you as part of a ‘security review’).
Finally, you can update the rest of your passwords on a case-by-case basis, such as when you visit the site or when the security review feature warns of a potential breach.
My passwords are uploaded and updated, now what?
This is the easiest part: just continue using the internet as before, but with renewed peace of mind. You won’t have to worry about forgetting passwords or losing access to a service. You also don’t have to worry about one compromised password jeopardizing them all.
When you visit a website or app, the auto-fill software will allow the manager to sign you in automatically. When you sign up for a new service, the password manager will offer to generate a secure password and automatically store your login details.
Unfortunately, sometimes things don’t work as they’re supposed to. Password managers can fail to recognize log in screens or sign-up forms on some sites, but it’s fairly easy to manually engage the password manager to enter a password or save log-in details. However, these rare moments are well worth the added security.
Finally, it’s best to continue using 2FA services where possible (you can read more about setting up 2FA here). ‘Sign in with Google‘ or ‘Sign in with Apple‘ services can also help make online authentication much easier.