Password Managers: What You Need to Know
Passwords – absolutely, increasingly necessary, yet insanely frustrating, especially for those of us without eidetic memories.
Today, as businesses, health care facilities, organizations, and even government entities move their dealings to the internet, the rest of us have to play ball. For the most tech-resistant of us, that still likely means at least a dozen profiles requiring unique (ideally) user names and passwords.
For the majority of folks, it’s dozens of profiles and passwords. And because of the increasing brilliance and pernicious nature of hackers and cyber criminals, these passwords are supposed to be long, unique, and random.
Oh, and don’t write them down, because that’s a security risk.
Nobody has time to create and memorize that many unique passwords!
Fortunately, with the password managers, you no longer have to.
What Are Password Managers
Password managers are apps or software that provide a variety of password services, from generating unique, random, complex passwords for all of your accounts, to providing encrypted storage of said passwords and usernames as well as easy access to this information when we need to log in.
They essentially solve all that is frustrating about password creation and usage:
- Creation of multiple, truly secure passwords
- Secure storage of passwords
- Easy recall of passwords whenever needed
- Ability to reset passwords
Password managers can go a long way to simplify yet secure your life and some of your most valuable assets (such as bank accounts, health information, etc.).
But there is a variety to choose from, and depending on your unique situation and needs, one type may be better suited than another.
How Do They Work?
How password managers work depends to an extent on the type of manager in use. There are three main types of password managers that you can choose from, each with their own pros, cons and unique features:
A web-based manager is basically a software service that you (usually) pay a monthly or annual fee for. Your passwords will be generated and stored on the service’s own server.
When using a web-based manager, you will be able to access your passwords anytime from any device as long as you have internet access. You will not have to install any software to use it.
You will, of course, need to memorize one password: the one you use to open up your password “vault,” as the lingo goes. But other than that, these web-based managers take care of everything else for you.
Web-based services do tend to have various levels of membership that you can buy into, and some of them also offer free versions. However, the features that are available at these different levels will of course be different, so be aware that no two web-based managers will be quite the same, and even one service will offer quite different features depending on the level you buy.
We will discuss common features further in a moment.
A locally-installed software password manager means that you have installed the password database software on your personal computer or your smart device usually through an app.
You will not need the internet to access your passwords, in this instance, since the passwords will be stored on the device itself in an encrypted database.
That said, there are certain brands in this genre that use a cloud-based hosting for password storage, in which instance, you will need access to the internet as well as to your specific device with the software installed on it.
Finally, token-based hardware managers require an actual hardware device, such as a USB flash drive or smart card, that acts as a key to authenticate its user and give access to the password data.
As with the other two types of managers, the password information is encrypted on the device, protecting it from probing or unauthorized access. A detail to note about these is that some of them will still require companion software to be installed on your device as well to enable accurate decoding and reading.
To sum up, while each of the above types of password managers uses a different location or method for storing your password database, or vault, all of them essentially perform the same following functions:
- Generate a new, complex, random password for every one of your profiles and every time you want to change a password
- Securely store your passwords and potentially other information like usernames, card numbers, etc., in an encrypted database.
- Allow you to access the information to copy-paste, or autofill, when you need to access your profiles
Besides these three basic functions, however, many of these managers have other similar features to offer.
Most password managers have a plethora of features they make available to users, albeit for the right price. This is especially true for locally-installed and web-based managers.
Some of the features that you can expect to see:
- Password Generation
- Personal Data Protection
- AES 256 Encryption (aka – military grade encryption)
- Browser Integration
- Auto Fill / Auto Login
- Mobile App
- Secure Sharing
- Administration Control (perfect for business entities)
- Two-Factor Authentication
- Security Audits
- Security Alerts
- File Attachments
- Import / Export
- Backup / Restore
For those who are looking for bare bones features – usually individuals just looking for a secure way to both create and store the passwords for a few accounts – you can find free or very affordable and reliable password managers.
But if you want any of the added features that really make these versatile, for sharing with a spouse or among a staff-team, auto-filling, browser integration, etc., be prepared to pay for what you get. However, with all of the managers, platforms, and plans out there, you should be able to find something in your price point that meets your needs.
What to Look for
What you look for in a password manager will depend on your specific needs, so first be sure to identify those.
Why are you looking for a password manager? How many profiles are you wanting to manage? Are you looking just for you, or are you needing something to share with a spouse, whole household, or maybe a work-team? Do you want/need to be able to switch between multiple devices, or do you just use one? What kind of budget do you have set aside for it?
Answering these and other questions will help you hone in on exactly what you need from a password manager. Once you’ve identified that, then you can start to shop.
That said, there are some basic things you probably should keep an eye out for if you really want to be sure that your password information will be secure and the manager will be worth it:
- Multiple platform compatibility
- Customer support
- Security monitoring
- Free trial (if you’re going with a subscription plan)
- Money back guarantee
- AES-256 encryption
- Two-factor authentication
Furthermore, some do make the case that you should choose to keep the data encrypted and decrypted on your device, rather than stored somewhere else. This is just for added security, since those services that store the data for you will be obvious targets to hackers.
The Pros & Cons of Password Managers
Overall, the benefits of password managers are easy to see:
- You no longer have to struggle to memorize passwords
- No more having to constantly go through the “I forgot my password” process
- They can generate strong passwords for you as frequently as you need them
- It encrypts and stores your passwords for you
- It keeps your passwords and user information close at hand whenever you need it
- It can streamline a host of other processes as well
However, there are some downsides that you should keep in mind. We still think they are worth having, but knowing the pitfalls can help you use your password manager as effectively and safely as possible:
- The most obvious downside – all your eggs are in one basket, so to speak. If someone gets your master password and gains access to your password vault, they have ALL your information.
- Breaches can occur, even for major password manager companies, and due to their very nature, are a target for cybercriminals.
So, the moral of the story is – you still need to make sure you create a strong master password, change it up, and keep it private, and perhaps lean towards the project managers that give you the option to keep the data on your local device to decrease your personal risk should there be a breach.