Quick Look
- This task includes the following subtasks for getting set up and fully utilizing a password manager:
-
- Choose a password manager and then follow the prompts on that password manager’s site to get it set up.
- Install a browser extension and/or a desktop or mobile app to make it easy to access all the unique site passwords you generate.
- Update your passwords over time by following your browser extension’s prompts each time you login to a site it hasn’t seen before, or you can typically set up a CSV file (e.g. via Excel, Google Docs, Numbers) and do a bulk upload all at once.
- Read below to understand the different features of different password managers.
- We don’t recommend using the built-in browser password manager because it’s likely less secure and has fewer features compared to a standalone version.
As we stated in an earlier task, a password manager is a tool that manages all your usernames and passwords for other sites.
How Password Managers Work
A Vault: Think of your password manager as a vault. And inside that vault are a bunch of pieces of paper with the usernames and passwords to all your online accounts. Additionally, all the passwords for these accounts are strong and unique. This means that when there’s a data breach with your Home Depot account (for example), your Gmail password hasn’t also been inadvertently exposed too.
A Browser Extension: Password managers typically have extensions for your web browser. When you go to a site, you can click this browser extension button and automatically fill in your password. You now no longer have to remember your login details to various sites. A huge convenience!
Additionally, preferences can be set on a per-site basis. For example, for a sensitive site like a bank, you can always require a master password. For less sensitive sites (maybe a news site), you can set a preference to automatically log you in without ever having to enter your details at all.
Common Concerns with Password Managers
Despite simplifying the login process and making accounts more secure, it’s been estimated only 10% of people use a password manager. For some, they may not know about password managers. But for others, they may have specific concerns. Let’s address some of those now.
Concern: Isn’t it unsafe to have all my sensitive information in one place?
While it may feel odd to have all your usernames and passwords in one place, password managers:
- Require a super strong master password (“monkey123” won’t cut it)
- Use the latest and highest standards in encryption, (e.g. AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes…think “military grade” security)
- All offer (or require) multifactor authentication meaning you can’t login to your vault without a secondary authentication method (e.g. fingerprint, facial recognition, authentication app etc.)
- May require a third authentication step of verifying via email if your master password is used on an unrecognized device
- Are in the business of protecting data and a single breach could doom them. So they do everything they can to protect it.
Simply put, no form of online security is truly 100% fail proof. But your job is to limit risk. And security experts around the world agree that password managers are one of the best ways to do just that.
Concern: Changing all my passwords sounds like a huge pain in the a$$.
With browser extensions you can add sites to your password manager with the click of a button. That won’t change your password on its own. But as soon as you change it on the site, your password manager will automatically update it on their side with one click. Additionally, many password managers have tools to help you update passwords automatically for the most common sites on the web. Password managers can also run a quick scan to show you your duplicated, weak, or old passwords. Finally, if you prefer, you can create a single CSV file (e.g. Excel, Google Sheets, Numbers) with all your usernames and passwords for a one time upload (and make sure to delete this file when you’re done!).
Whatever you choose to do, we’re confident that in 30 minutes you can have the majority of your most important accounts protected with a new, unique, and strong password.
Concern: Do I really want to give all my passwords to a password company?
Password managers don’t actually store or know your master password and without that, nobody, not even people working at the password management company can access your passwords.
Concern: What if I forget my password to the password manager?
Password managers have an account recovery process – usually starting with a password hint you create for yourself – and some will allow you to authenticate with a biometric ID like facial recognition or a fingerprint. That said, it’s always a best practice to write your master password down and secure it in a safe spot. Alternatively, you can make your master password a long passphrase (e.g. “myhighschoolmascotwasatiger”) that you’re unlikely to forget.
Conclusion
Hopefully you’re convinced by now and ready to choose your password manager. For logged in MoneySwell users, you can continue to your next task!