UPDATED December 11, 2021 This piece has been updated to reflect the emergence of new technology
Christian Mathews Security Writer
You probably know how risky it is to use “123456”, your birthday, or your pet name as your password. Worst yet is to do what 51% of people are doing with their passwords — reuse them for multiple accounts. If one of your accounts suffers a password attack or a data breach you give hackers access to all accounts. Knowing how password managers work, allows you to keep your passwords safe.
Yet even though you should know better, it can be challenging to come up with a strong password. Especially a set of strong, easy-to-remember passwords that are unique for every one of your online sites.
With that in mind, how do you remember different passwords for each of your account logins? The answer: Use a dedicated password manager. It’s the best way, along with two-factor authentication, to keep your online accounts secure.
So, how does a password manager work? Below, we seek to answer this question as well as explore other important things we think you should know, including:
- What is a password manager
- How to practice good password hygiene
- Why browser-based password managers aren’t the safest
What Is a Password Manager? Here’s a Simple Explanation
A password manager or password vault is simply a software program that stores passwords. It creates an easy way for users to access them using any device.
By using password apps, you store your accounts information. These include online account logins, banking credentials, credit card numbers, etc all in one place. Additionally, they encrypt them with a single master password.
There are dozens of great password manager tools available today. Good password managers do more than just store and encrypt your accounts’ particulars. They help generate strong, unique passwords when creating a new account or changing the details of an old one.
In addition, password managers are configured to automatically fill in your login details. They input these into web forms, whenever you access one of your online accounts.
How Does Password Manager Work?
A password manager app will bring relief and save you from the trouble of managing dozens of passwords. However, learning how to use a password manager can seem intimidating at first. But like any other digital tool, once you understand how it works, it becomes easier to use.
The way a password manager works is very simple. You store your passwords to your manager account and then you create a master password to protect all of them.
The master password keeps all your passwords safe. So you should make it particularly long and difficult to crack although it should be easy to remember. Most importantly, scribble it down in a notebook and store it in a secure place just in case you forget.
You can take a security challenge to determine whether your passwords are strong enough.
Password Security: How to Practice Good Password Hygiene
When bad actors are unable to crack your password, they usually turn to brute-force attacks. These programs use several password cracking techniques. These include dictionary attacks or come with algorithms that guess passwords until they crack them.
However, dictionary attacks are hardly successful against systems with long, complex passwords. This is especially true if they employ random combinations of numerals, lowercase, and uppercase letters. Still, passwords with predictable names or numbers are quite easy to decipher.
Verizon found that the use of weak and default passwords is at the root cause of at least 80% of cyber attacks. This is according to its 2018 Data Breach investigations Report. And with millions of people risking password theft by using easy-to-guess passwords, unauthorized account access can have very serious consequences. The loss of valuable information and money is one thing. If your identity is stolen, criminals use them to break the law and put you in great trouble.
Password Best Practices
Attackers are becoming increasingly motivated. The best way to avoid being a victim of their malpractice is by practicing good password hygiene. Below are some pointers on how to practice good password hygiene:
- Use strong passwords: Make sure your passwords include at least 12 characters, and that they have a combination of uppercase and lowercase letters, numbers, and symbols. Also, avoid using common passwords that anyone can easily guess, such as your favorite show, your nickname, or a football team.
- Don’t reuse your passwords: Password reuse is the biggest crime most people commit online. If you reuse your password on multiple sites when your password leaks, hackers can also gain access to all your accounts. To prevent this damage, always use different unique passwords for every account.
- Don’t share your passwords: Sharing your password and accounts’ logins increase the chances for your account to be misused. The more people who can access your account, the harder it can be to even identify a perpetrator. Also, if you happen to be writing down your passwords in a notebook, you should always keep them safe.
- Turn on multi-factor authentication (MFA): Activating multi-factor authentication can be a real lifesaver. MFA, like two-factor authentication (2FA), protects users by adding an extra layer of security in case your account is compromised. This reduces the chances of cybercriminals ever breaching your accounts.
- Change your password regularly: Changing passwords regularly might be exhausting but it is considered one of the best ways to help keep your account safe and secure. This is because it shortens the time a password can be useful. Change your passwords every 30 to 45 days, especially if you have not turned on MFA.
Password Manager vs Browser-Based Tools
Password managers and browser-based password extensions both seem to have the same basic features. But how do they compare to each other?
Browser built-in password tools integrate into web browsers like Mozilla Firefox, Chrome, Internet Explorer. However, unlike dedicated password managers, many store passwords in unencrypted form. Meaning, if someone wants to access your password files, all they have to do is log in to your computer. Knowing where passwords are stored in a Mac can go a long way to know how to keep them safe.
Some browsers like Mozilla have developed master password tools to allow for the encryption of saved passwords. However, they can be a far greater risk especially if you have sensitive information to protect. If you’re using a browser to store your passwords, here is where passwords are stored in Chrome.
Also, in contrast to stand-alone password managers, most web browser password extension tools lack features like cross-platform syncing. You cannot generate your passwords with them.
Although some browsers are developing password managing tools similar to those in password manager apps, they are still not as powerful. For now, password vaults remain safer and better to use than the alternative.
We’ve run through how a password manager works. It goes without saying that in a world where there is a growing number of cyberattacks, no one can be 100% safe. Yet, taking the above precautions like using password managers and practicing good password hygiene can go a long way. This will keep hackers and identity thieves from exploiting your vulnerabilities.