You don’t have to be an expert in neuroscience to know that the human brain is wired for story and dance and song, for inventing things, and creating and learning new ideas … and that it is certainly not designed to robotically remember a unique and complex password for each of the perhaps hundreds of accounts you may have online. But when you also know that cybersecurity researchers report that hackers make an attempt somewhere every 39 seconds, we know we need to do something to avoid being the low-hanging fruit for those ready to take advantage.
Luckily, security experts say there are things we can do to protect our information online. It’s so easy to feel overwhelmed by passwords and all the misery they usually entail, but password keepers are apps or services that are specially designed to do all the hard work for you. Also known as password managers, they all generally work the same way, in that you create an account and then save other account info and sensitive information in the app, whether it’s web-based or free-standing on your device. It is really important to remember this one password, but planning for secure account-recovery is built into the better apps, certainly.
When you start using a password keeper, you can immediately rest easier knowing that you’re far less vulnerable than most other folks, because they help us to use unique and strong passwords much more easily than just about anything else.
We’ve all heard that reusing passwords is a terrible idea, but unique passwords really are critical to your security, especially for our financial and shopping accounts where your money is at stake. The reason is also something that you’ve probably heard about: data breaches, in which our personal identifying information, or PII, is stolen from companies with whom we’ve done business before. Even when these lists don’t include your credit card information, our login information can be very valuable for hackers, because reuse is so common: “She uses this email + password combination here, so I will try that same combination at CitiBank, and American Express, and Amazon, and …” So, be the person who’s a little harder to hack by using different username and password combinations.
Choosing longer passwords over shorter ones is important especially if you’re unlucky enough to have your account targeted in a brute force attack, in which a hacker’s computer tries vast numbers of passwords quite quickly to see what sticks. While most sites require a password with an eight-character minimum, for every character you add to your password’s length, you add exponentially to the time it takes to crack it. When it comes to passwords, longer is definitely stronger.
For instance, passwords of six or fewer characters are cracked almost instantly with today’s computing power, where passwords with eight to ten characters can take a few minutes or a few hours, and those with 14 characters or more that are also complex (containing letters, numbers and symbols) can delay hackers by days or even weeks – and lucky for us, they’ve almost always moved on to lower-hanging fruit by then.
There are literally hundreds of these password-protecting apps and services to choose from, but all the best ones meet a few criteria that raise them above the rest.
- First, they are securely built to keep your data safe and private, from your device to the internet and back.
- They also allow you to plan ahead for a secure account recovery in the event you forget this one password. (Life happens, they know.)
- They generate strong passwords for you.
- They will autofill your login info to certain or all sites, apps, etc.
- You can choose to share specific passwords with specific people – family members, colleagues, and so on.
- You can easily share this across various devices, at a minimum all four major platforms: Mac computers and iPhones, Windows, and Android devices. (This sometimes feels like magic, just saying.)
- The best ones also allow you to (securely) store other sensitive information, such as credit card and passport numbers, health information and some even allow you to save documents in their “vaults.”
Another reason to consider a password manager is the bonus that their autofill features provide, which is saving you from accidentally logging into a fake app or website, as the password manager will catch discrepancies in a “spoofed” link that you may miss.
Also — and perhaps even more importantly – the sudden loss of a family member, older or younger, can be devastating of course, but when vital digital information has already been shared proactively, even if it’s only with an estate executor, at least your focus can be on healing rather than worrying about paying the light bill, retrieving family photos, or being locked out of bank accounts.
As with most things, you get what you pay for with password managers. While some free ones are definitely better than others, this is a great time to spend a little for peace of mind. The better ones offer various levels – some with a free account level or free trial – that will vary in price. How much you spend monthly or annually will depend sometimes on how many people are included in your account (you or your whole family) or which services are also included with your account. Identify-theft and “darkweb” monitoring (in case your email address is associated with another data breach) are possibilities here.
Many articles out there share picks for the “top ten” or “top five” password keepers, and if you read enough, you’ll see several that are always mentioned — 1Password, Dashlane, and Bitwarden generally top everyone’s lists. (In older articles, you may see LastPass as also recommended, but some shifts have kept them off more recent lists, please note.)
Passwords themselves are overwhelming enough, so don’t let the password keeper suddenly also feel like too much to deal with. Our last PRO TIP is this: once you’ve made your choice and decided which service to try, give yourself a little time to roll it into your life, so to speak. You may want to start using it on just one device first – its cross-platform sharing really does feel like magic sometime. Starting slowly can be great too. Also, you may want to decide on committing just 15 or 30 minutes to start with, entering only your most commonly used accounts and passwords first, then only entering the rest of your passwords as you login to those accounts again, changing your old weak passwords to much stronger ones as you go.
If storing all your passwords in a list in your Notes app suddenly feels like not quite secure enough, well – you’re right. But also remember that using any strategy to create and store better passwords is better than not, if it helps you improve in either direction and doesn’t make you more vulnerable than you were before. Why not let go of that worry by giving your brain a break and try a password manager today?
If you also begin using two-factor authentication with your most important accounts, you will be quite the advanced digital citizen, but starting with a password keeper ASAP is your next smart decision.