How to Manage Your Passwords

Executive summary

I prefer Bitwarden for password storage. It’s the only one I’ve found that’s has acceptable security and synchronizes across all your devices of multiple types, for free.

The Problem

For your security, it’s best to use a different password on every account. If malefactors acquire one of them, it doesn’t let them into everything else. But keeping track of them all is a pain.

(This is also one reason I never login to other sites with my Facebook or Google ID.)

Easy but Unsatisfactory Solutions

You can write down your passwords in a little notebook. But then you can’t login unless you have the notebook with you, and you have to type the username and password. This is a nuisance, especially if your password is long and complex, as it should be. You might lose the notebook, or people might peek, so it’s a security risk.

Your web browser can remember passwords and fill them in automatically. This isn’t very secure since the information is stored locally, unencrypted. Any malware that infects your machine can ship the whole list off to its evil overlords. Also, if you have multiple devices (say a PC and a phone), the phone doesn’t know about logins created on the PC and vice versa, so you have to manually duplicate new accounts and record password changes on each device.

What the Pros Do

The alternative is to use a password manager application. These programs are available as phone apps and browser addons. They automatically fill in usernames and passwords when you’re on a login screen — like the browser’s built-in functionality does, but more securely.

The extra security comes because your passwords are stored encrypted and can only be unlocked with a master password. There are usually different settings for how often you’re prompted for the master password. To me, once per browser session seems secure enough, then as long as the browser is open I don’t have to type another password.

If you have multiple devices, some programs let you synchronize passwords between them via secure online storage. I would only use a service that encrypts their online storage in a way that’s impossible to read without the your private master password. Even if someone hacks in and steals the whole password database, it’s no use to them without each subscriber’s password.

That means if you lose that master password, there’s no way to reset it or to retrieve your password database. Guard and remember that password.

If you find this website helpful, why not…

Subscribe for email updates

Your information will not be shared (except with MailChimp, who manages the subscriber list).

My Recommendation

I’ve tried a few different password managers, and there’s just one that meets my top three criteria: security, synchronization, free.

I’m not a security expert, so I generally see what the experts say and go with that. Bitwarden gets high marks because it’s open source — anyone can see the source code for their software, find bugs and suggest changes.

This may seem counterintuitive, that secrecy is enhanced by openness. It’s the many eyes theory. There are people who like nothing better than to put their feet up and browse through some source code looking for mistakes. These useful freaks work on our behalf to patch security holes and improve things generally.

If software is proprietary and hidden, the only people trying to break its security are bad actors. When they find a way in, they won’t fix it, they’ll exploit it to steal your information. They don’t need source code; their armies of bots flock around prying at all the edges to find a loose flap.

There are several other good free password managers, especially if you don’t care about the synchronization capability and/or have only one type of device to synchronize between.

You may also want to look at this review of some popular password managers.

Share...

Leave a Reply

Your email address will not be published. Required fields are marked *