Home » Password Managers » How do I manage my passwords?

How do I manage my passwords?

DISCLOSURE: THIS POST MAY CONTAIN AFFILIATE LINKS, MEANING I GET A COMMISSION IF YOU DECIDE TO MAKE A PURCHASE THROUGH MY LINKS, AT NO COST TO YOU. PLEASE READ MY DISCLOSURE FOR MORE INFO.

You can manage your passwords by using a dedicated Password Manager, browser-based Password Manager or a sheet of paper. With the help of these tools and a few simple password management principles, you can dramatically increase the safety of your passwords. Password management doesn`t have to be complicated. Whichever tool you use, remember to take care of it like any other important personal items or information.

Four websites on average are accessed using the same password.

cpni.gov.uk

What is meant by Password Management?

Password management is an action or steps taken by a company or an individual to minimise the risk of exposing the passwords to the most common security threats by following a set of principles and best practices.

Passwords, as the most common method of password authentication are the first line of defense against unauthorized access.

Below are the most common security threats which may lead to you losing your passwords.

  • Brute-Force Attack.
    • An attacker can use programs that automatically generate and submits passwords with a hope of finally guessing the correct phrase.
  • Sniffing, Main-in-the-middle attack.
    • Unencrypted passwords send over the network can be a victim of an attacker using Sniffing Tool, a specialised software which is capable of capturing network traffic including your passwords.
  • Phishing attack.
    • Can be described as a type of social engineering attack used to obtain sensitive information or data.
  • Login Spoofing Attack.
    • A fake login screen controlled by the attacker is presented to the user intercepting the login credentials.
  • Shoulder Surfing.
    • Observing someone typing in the password.
  • Key Logging.
    • Malicious software called Key Logger can be installed on a machine and intercept passwords when they are typed.

According to research sponsored by Yubico and performed by Ponemon Institute titled “The 2019 State of PAssword and Authentication Security Behaviours Report”, 51% of responders have said that they have been a subject of a Phishing attack. At the same time, as much as 57% of those responders did not change the way they manage their passwords.

Chart showing the results of the research after asking people if they experienced a number of cyber attack types in personal life.
Have you experienced any of the following attacks in your personal life? – Source: Yubico.com

Why is password management important?

By following a set of simple rules and principles, you can dramatically increase your online safety and minimise the risk of losing your passwords.

Weak passwords are often cited as the number one cause of data breaches. People are lazy when it comes to creating strong passwords. Without a dedicated tool, it would be challenging for me to manage all my passwords and accounts. Password reuse is another common and dangerous practice which you should avoid at all cost.

That`s where following a set of simple rules and practices can make a big difference.

Top 6 principles of Password Management.

  • Create Strong and long passwords or passphrases.
  • Check if your account has been compromised in a data breach.
    • You can use haveibeenpwned.com service designed by a well known Web Security Consultant Troy Hunt.
  • Stop reusing your passwords.
    • Password reuse is considered as one of the worst offences in password management.
  • Don`t use personal information in passwords.
    • Avoid using any personal information like date of birth, anniversary date, name of your family member or your pet.
  • Activate Two-Factor Authentication.
  • Consider starting using dedicated Password Management software.

Even the simplest methods of Password management may reduce the risk of you losing access to your accounts. It is not about your skills and technical knowledge, but more about common sense. Having your birthday as your password for a Facebook account is a recipe for disaster, and gets even worse if you reuse this password for any other account.

Let’s take a look at how we can mitigate that risk with a few steps and selection of free and commercial tools which will allow you to manage your passwords easily and securely.

Common methods of Password Management.

This controversial, although if used correctly simple and effective method, has been a subject of many articles and discussions. Personally, I would never use this method to manage my passwords, and I will opt to use dedicated solutions like Password Managers instead.

Still, I understand the fact that the simplicity behind it is the main reason people with less technical ability may consider writing their passwords on a piece of paper as a great solution to manage their credentials easily.

Is it a good idea to write down you Passwords?

It is definitely better than reusing the same password across all your accounts. It also eliminates the risk of passwords being stolen from your computer. Although controversial, there is no doubt that writing down passwords on a piece of paper might be the only option for less technically minded people.

There are, however, a few problems with that approach.

  • Written passwords can still be lost or stolen.
    • If you need to use the password list outside your home, you will have to be comfortable with the fact that the list can be lost or stolen.
  • Writing passwords may encourage a reduction in passwords complexity.
    • I strongly recommend you to use strong and complex passwords, but from my experience, I know how frustrating it is when you try to type them while looking at the piece of paper.

Assuming that you generated the passwords using some type of Password Generating tool enforcing recommended length and complexity level, typing 15-20 characters long password into the login form while looking at the piece of paper is irritating at least.

The inconvenience caused by having to type them manually focusing on every special character may have an opposite effect and encourage you to create simpler, easy to type passwords where only a single glimpse is required to remember them and type in one go.

To counteract this behaviour, I will suggest you use passphrases instead. The passphrase is a password which is built from a series of unrelated words, and while easy to remember, it is still hard to guess. You can create passphrases with the help of online tools.

The Paper Password Manager

I have recently come across an article titled “The Paper Password Manager” written by a Security Analyst, where he described a brilliant idea on how to improve the paper-based password management method.

His approach to this problem introduces a few small changes to the construction of the password, which dramatically increases the security of paper-based password management while reducing the perceived complexity making them easier to type.

Although not perfect, this solution takes the paper-based password management to the next level.

His simple formula is as follows:

Account Password = Unique Bit + Key

The Unique Bit is one part of the password, typically a passphrase. The Key is also a passphrase and the second part of the password which is common to all the Unique Bits in the Paper Password Manager and as such, should be remembered.

For example:

Account PasswordUnique BitKey
Uncles42Draftyremoves93Uncles42Draftyremoves93
Coco21tonightremoves93Coco21tonightremoves93
Candy61Funnierremoves93Candy61Funnierremoves93
Broiler28starchyremoves93Broiler28starchyremoves93
Paper Password Manager: Account Password = Unique Bit + Key

As you can see, the idea is straightforward yet effective. It eliminates the full exposure of your passwords in case your paper-based password manager has been lost or stolen, giving you time to change them.

Yes, that last statement implies that you should have a second copy of your paper-based password manager as a backup. You should also keep this copy at home in a safe place.

Using the Excel spreadsheet to store your passwords.

This technique in mind is a waste of time. Yes, you can encrypt the excel file with a master password but If you are already using software to store your passwords, why not to use a dedicated tool like Password Manager.

You can find a wide range of free Password Managers which are specifically designed for the purpose of storing and managing passwords.

Let the browser to remember your passwords.

Letting your browser to remember your passwords is probably one of the most common methods to manage them. Whether you use Chrome, Firefox or other browsers there is a big chance that it has Password Manager build into it.

Like with any other types of Password Management, browser Password Managers offers several benefits but also falls short in deferent areas. In my mind, the most significant benefit is the convenience factor followed by free service.

The lack of more advanced features and the security issues is the main reason why, in the long term, I opted for a dedicated tool. Browser-based Password Managers typically dont offer any type of groups, categories or labelling system to help manage your passwords and accounts. They also dont provide file storage, which can be useful to keep the most important documents or scanned copy of your passport.

BENEFITS OF USING BROWSER PASSWORD MANAGERS.

  • Convenience.
    • Password Manager is already built into the browser so why not to use it.
  • No subscription fees.
    • Password Manager is built into the browser and is free.
  • No additional software required.
    • Unlike dedicated Password Managers, there is no need to download any additional software.
  • Automatic syncing.
    • Your passwords and any other data sync automatically if you sign in to the browser on another device.

DISADVANTAGES OF USING BROWSER PASSWORD MANAGERS.

  • Changing the browser.
    • You won`t be able to access the passwords from another browser.
  • Basic functionality.
    • Browser-based Password Managers offer only basic features in comparison to the dedicated Password Managers.
  • Risk of password exposure.
    • Some browsers do not require Master Password to autofill the login fields in the browser, allowing anyone with access to the computer to view saved passwords.

Are browser password managers safe?

The safety of browser password managers has improved over the years, but they are still no match to dedicated Password Managers like 1Password, LastPass or Dashlane. Although, most browsers encrypt your saved passwords by default, in some browsers the lack of Master Password allowing anyone with access to the computer to view the saved passwords.

The Google Chrome browser, for example, doesn’t even have an option to set the Master Password and relies on Windows credentials. Every time you would like to view or edit your passwords, Windows system will prompt you to type your credentials.

Picture showing Windows Security prompt window after trying to view passwords saved in the browser.
Windows Security prompt after trying to view saved passwords.

That`s all great, but you are not prompted for the password when you try to login to the service. The browser will automatically populate the login and password fields for you without any authorisation. Although the password text field applies a simple obfuscation method to hide the password, a simple trick using Browser Developer Tools can expose them easily.

Chrome auto-fill option populates the password field automatically.

Just watch the video below, where I have exposed the passwords using this technique. I have tried three popular browsers Chrome, Edge and Firefox. All three were susceptible to that technique with only Firefox offering a remedy in the form of a Master Password.

I hope that the results you will see in this video may convince you to stop using your browser to remember your passwords or at least chose the browser which will allow you to control autofill options by requiring Master Password.

Anyone can steal your Passwords from your browser!

Dedicated Password Managers.

If you got that far, that means that I perhaps convinced you to start using dedicated Password Managers. I went through the same process. I was using my browser build-in Password Manager until I started losing control over my credentials.

I believe continually increasing number of online accounts each of us uses daily is a contributing factor. I have currently over 160 online accounts and credentials to manage, and it is not easy to do this using a paper or browser password managers.

Whether you use free or commercial password management tool, you will have much more options to play with. Most dedicated Password Managers offers categories, labels, grouping or even charing passwords with friends and family.

Many of them can check if your password was included in a recent cyber attack on a service you are using, and notify you so you can change your password before is too late.

BENEFITS OF USING DEDICATED PASSWORD MANAGERS.

  • Password Manager allows you to use strong passwords.
    • Most Password Managers has been designed with the best password management practices in mind. That includes built-in password generator which will create a strong, long passwords and remembers them for you, so you don`t have to.
  • Early warning about compromise credentials.
    • Many of them offer a service which will periodically check your passwords against the known leaked databases with stollen passwords, and it will warn you early enough so you can change them.
  • Autofill and Autologin.
    • Yes, most browser-based Password Managers offers this functionality, but not all of them allow you to control this by authorising this action with a Master Password.
  • Compatibility with many browsers.
    • Most Password Managers are fully compatible with the majority of popular browsers. Switching the browser is not a problem, and there is a big chance that your Password Manager is compatible with it.
  • You can store more than Passwords.
    • Many Password Managers can store and encrypt your important documents, notes or any other files. That includes your Credit Cards, Membership cards, software license keys and so on.
  • Sharing your passwords.
    • Although not every Password Manager offers this functionality, many do, and it is a handy option to have. My wife was often asking me for a Netflix password so she could watch it on her laptop. With a one-click, I was able to share that password with her.

DISADVANTAGES OF USING DEDICATED PASSWORD MANAGERS.

  • A single point of failure.
    • You Master Password is a single point of entry to your Password Manager.
    • If your Master Password gets stolen, all your passwords are exposed.
    • Many dedicated Password Managers don’t offer Master Password recovery option for security reasons. If you lose or forgot your Master Password, there is no way of regaining access to the encrypted database.
  • Autofill may not work with all websites.
    • Except for paper-based Password Manager, not all websites work with Autofill options. This is also true for most browser-based Password Managers.
  • Stip learning curve.
    • Although most of the dedicated Password Managers are easy to use, some non technically minded people may need to put a bit of effort to learn how to use them and use them effectively.
  • Not a perfect solution.
    • This one is just an overall warning. There is no perfect way of Managing Passwords. Any tool you use might be compromised in one way or another, and you have to keep this in mind when selecting your preferred method of Password Management.

What are some good password managers?

The 1Password, Dashlane or LastPass are among the most popular Password Managers. However, there are many other free or paid options available, and I will advise you to spend some time researching before deciding.

In my mind, the most crucial factor which you should consider when selecting a Password Manager is the storage location of the encrypted database. You see, Password Managers like 1Password, Dashlane and many others store your encrypted passwords in the form of a database in the cloud.

Although considered safe, I have always worried that in case of a data breach, I can easily lose all my passwords. Because of that, before I have switched to 1Password, I have been using StickyPassword manager instead.

The StickyPassword offers most of the options listed below, but the encrypted database is stored on your drive.

Most Password Managers offers the basic functionality of saving your passwords, but some have additional features which you may find useful.

You may also like: Does Bitdefender have a Password Manager?

POPULAR FEATURES OF PASSWORD MANAGERS.

  • Autofill and Autologin.
    • Your Password Manager can auto-populate the login form.
  • Built-in password generator.
    • Many Password Manager has a built-in password generator.
  • The categorisation of passwords/accounts.
    • You can create separate vaults and groups which dramatically simplifies accounts management.
  • File storage.
    • You can store your important documents and files fully encrypted.
  • Build-in 2FA Authenticator.
    • Many Password Managers has a built-in 2FA Authenticator similar to Google Authenticator app.
  • Password sharing.
    • You can share the passwords with your family or friends.
  • Red flagging reused passwords.
    • The software will warn you if any of your accounts are using the same password.
  • Red flagging accounts which were affected by the security breach.
    • You will get automatic notifications if any of your saved accounts were affected by a security breach.

You may also like: Does Firefox have a Password Manager?

Are Password Managers safe?

Yes – well recognised and reputable password managers are safe and often recommended by the security experts. As a last line of defence, there is nothing better than to use the tool specifically designed to keep your password safe and secure.

But the responsibility also lies with the user. Setting up strong Master Password is essential to keep access to your data well secured. If you are planning to share your passwords, consider using Password Manager which offers that functionality and allows to create separate vaults which can be shared with a family or friends.

Finally, make sure to check periodically if any of your accounts have been compromised in a data breach. Some Password Managers will check that for you, but make sure to take action and change the password if necessary.

Photo of author

Thomas Wzorek

I’m a Systems Applications Developer writing software in C# and .NET with interest in Cyber Security and Systems Administration. I divide my time between my family and passion for programming using .NET Technology and my favorite language, C#. If I’m not in Visual Studio, I’m probably trying to catch up with the continuously evolving Tech-World, researching Online Security & Privacy, and chasing the latest Data Breaches.