This is the second post in a multi-part series on computer security essentials. I am not a computer security expert but there’s some basic computer security essentials that a surprising number of people don’t understand. The aim of this series is to raise awareness of these. I will be covering password vaults, two factor authentication, devices and local encryption.
As mentioned in my last post on passwords, it’s important to use a different password for every service you use and to have long and cryptic randomly generated passwords.
Our human brains can’t remember the sheer quantity and complexity of passwords you’ll need for day-to-day use so this is where password managers come in handy. A password manager is software that serves two main purposes: to generate long and complex passwords for you, and to store them so you don’t need to remember them. You password manager database needs to be encrypted and you should use a passphrase based password that you can remember but is very long so it’s hard to guess. I talked yesterday about high entropy passphrase based passwords.
I’ve used both of these password managers; I found LastPass to be more affordable and 1Password to have a more polished user experience but YMMV. The thing I like about 1Password is their family plan which makes it easy to share vaults across family members and administer family members accounts. This is why I currently use 1Password.
Both of these password managers integrate well with browsers and mobile operating systems to able you to quickly pre-fill password information when required. 1Password on iOS has a Safari extension which populates logon forms so you don’t need to use a special app or browser.
Both services have a cloud option to store your data which makes accessing it on your devices easy, but using a cloud service is less secure than just storing this data locally and syncing it to devices over local wifi which 1Password allows. 1Password has an account key which is used to access your data on new devices whereas LastPass optionally allows multi-factor authentication to access your passwords which you should use. I will cover multi-factor authentication in my next post.
If you don’t currently use a password manager I would recommend you start using one of the two I mentioned straight away and begin storing all your passwords in it. You can use the ‘generate secure password’ feature of each app to change your passwords as you add them to ensure every password you use is different and secure.
What’s your experience with password managers?