Today’s task is install a password manager on your computer and/or phone. This is an absolutely critical step. Future posts in this series will ask that you change current passwords and create new accounts with good, strong passwords. Being limited to feeble human memory requires most of us to choose poor passwords. We use the same ones on multiple accounts and some of the new ones we will create this month will probably be lost or forgotten. Storing passwords insecurely on a Word document or spreadsheet isn’t a great idea, either, since it’s really vulnerable to loss. The password manager will solve these problems for us by creating good passwords, recalling them for us, and storing them securely.
Active Time: 15-30 minutes initially, plus normal daily use
What it Protects You From: Storing your passwords insecurely in Excel spreadsheets, .txt files, or internet browsers; account takeover and other problems associated with password breaches.
Below I have listed some reputable password management options. Review these, choose one, and install it. After you have chosen a password manager, secure it with a good, strong password. Pin it to your taskbar (Windows) or keep in in your dock (Mac). This will place it within easy access for the remainder of the month. Take a few minutes to get familiar with creating and accessing entries – you should be using this a lot in the future.
There are a number of good password managers out there and your choice will be somewhat driven by your operating system(s). The list I give here is by no means exhaustive and there are loads of options. I am only willing to list the ones that I have used and have familiarity with, however.
Recommended Password Managers
KeePass/KeePassX/KeePassDroid/MiniKeePass – Cross-platform: KeePass and its variants are open-source password managers and perhaps the most universal of the ones listed here. There are forks that work on nearly any operating system you can imagine and all of the databases are compatible with other versions. These are not the most user-friendly password managers, however, and they lack some of the functionality and polish of most of the alternatives. They do enjoy the benefits of being strongly encrypted, cross-platform, and totally free. KeePass and its sister forks only store your AES-256-encrypted password database locally, on a single device.
LastPass – Cross-platform: LastPass is the only cloud-based password manager I would even begin to recommend. LastPass stores all of your passwords in an encrypted database in the cloud. This means that you can access your passwords from any device, as long as you can access the internet. One other major benefit of a cloud-based password manager is that you will have an offsite backup of your passwords should your computer crash or be stolen. Unfortunately this is exactly the reason I don’t prefer LastPass; being able to access your passwords from the internet means that someone else can, too. It also means that you might be tempted to enter your master password on a computer that you don’t own or control.
My co-author and co-host Michael Bazzell has written a good explanation of how he uses LastPass.