You’ve probably read that you should use unique, strong passwords for all of your websites, accounts and apps. This way, if someone discovers your password at one website, they can’t use it to hack into your other accounts.
But creating different passwords can be difficult, especially when trying to meet the standards for complexity. And keeping track of all of these passwords is enough to make your head spin.
To make it easier, many of us choose simple passwords, like the name of our dog or our kid, or reuse the same passwords for different accounts. This leaves you vulnerable to crimes such as identity theft. A hacker can steal information like your credit card number, address or social insurance number to take out loans, open credit card accounts or make purchases. So strong passwords are clearly the way to go. That’s why you should have a password manager.
What is a password manager and how does it work?
A password manager is an application that generates and stores long, complex passwords for your online accounts, while protecting your information, such as passwords, PINs, credit card numbers and answers to your security questions.
With a password manager, you only need to remember one master password to retrieve all of your passwords. For your master password, be sure to choose a long, memorable password or passphrase.
Many password managers also auto-fill information like your name, address, email and phone number to help you save time when you don’t want to lose out on that back bacon and beer in your online shopping cart.
Most of all, password managers separate your data, so if one of your accounts is hacked, the cyber criminal won’t be able to get into your other accounts, because you are using different passwords.
Choosing the right password manager
Browser and OS-based password managers
These are built into your web browser, such as Google Chrome, Firefox or Safari, so you don’t need to remember a master password. They are convenient because they use the “remember me” feature when you log in to a website. But this means you have to pay attention if someone else has access to your device. Do you really want your kid to log into your LinkedIn account and post a photo from when you still wore a rat tail? And never use “remember me” when using a shared or public device. In addition, browser-based password managers may not sync to other devices, so you have to remember your password when logging in somewhere else.
You can also use an operating system-based password manager, such as for iOS or Android. In this case, the password manager is protected by your device passcode.
While these options are convenient, we recommend a stand-alone password manager.
Stand-alone password managers
There are tons of great—and free—password managers, such as 1Password, Dashlane, BitWarden and LastPass.
They are more secure than browser-based, require a strong master password and usually offer two-factor authentication. They may also include features like flagging weak passwords or syncing passwords, so they work across all of your devices, browsers and operating systems.
Some password managers also allow you to store other information, such as encrypted notes you want to keep safe or a photo of your passport as a digital backup when you travel.
Are password managers safe?
Password managers can be hacked. But while a cyber criminal may get in, it doesn’t mean they will access your data, as the information in your password manager is encrypted. In addition, most password managers do not store your master password on the same server as your encrypted information.
For an extra layer of security, we recommend using password managers that require multi‑factor authentication. This means you may need to use an additional code to log in to an account, which is sent to you through text message or email, or an even more secure option, a token-based application, such as Google Authenticator.
Quick tips for using a password manager
- Look for features such as notification of weak passwords and integration with other devices
- Use multi‑factor authentication
- Use the password generator
- Do not store passwords for sensitive accounts (e.g. banking)
- Do not share your master password
Take our free course: Cybersecurity for remote workers
We're offering a free online course that covers cybersecurity basics while working remotely.
You may also be interested in learning more about CIRA Cybersecurity Services that are helping protect Canadians against cyber threats, including Canadian Shieldand atraining program and platform for businesses and organizations.