In part one, Why Your Passwords Suck And Should Be Changed Now, we covered exactly why your passwords are insecure and why you need to start using a password manager. Now, I am going to tell you how to make better passwords and track them in a password manager. A password manager will allow you to store all of your passwords in a centralized, encrypted file. This way, you have one password to remember to get you to all of your other passwords. This has the potential to be unsecure if you don’t take the necessary precautions. I’ve been using a password manager for nearly two years now and have over 150 credentials saved in mine. All of them with unique, strong passwords.
What makes a strong password?
Password strength is measured in entropy. Entropy is hard to accurately estimate for many reasons and if that interests you, read Appendix A of NIST’s Electronic Authentication Guideline. In simple terms, entropy is the unpredictability of a password. Several factors have an impact on entropy, length, character set, and randomness (not using actual words.) So as a general rule my passwords will contain: 20 characters consisting of random uppercase, lowercase, numbers, and symbols. Here are some examples I generated in my password manager (Keepass):
Which Password Manager Should You Use?
Now, if you want to use the most simple solution, you can go with a service like LastPass for managing your passwords. LastPass has a free service for one platform. Meaning, you can choose to use their mobile manager or desktop manager for free. You can pay $12 a month to access LastPass on both platforms. LastPass has browser plugins that will allow you to sign in to LastPass and then automatically enter your passwords when you visit a site for which you have credentials saved. I am too cheap to shell out $12 a month and technically inclined so I chose to use Keepass. My sister has chosen to do her own blog post outlining her experience as an everyday user changing their weak passwords to strong and storing them in LastPass. If my method overwhelms you, I highly recommend checking out her blog post for a simpler solution.
Keepass is a free, open-source solution for password management that you can host on your own cloud. This way your desktop client and mobile client can stay synced. If I change the password to my bank account while using my home computer, the changes will be made when I access my mobile or use my computer at work. I do this by keeping my password file in Google Drive. This is safe as long as you have a strong master password and even more so if you enable two-factor authentication. There are other password managers but these seem to be the most popular and they are the only two with which I have had experience.
If you’re on a desktop/laptop, you will be able to sign into your password manager using a browser plugin that will fill in passwords for you automatically when you visit a site for which you have a password saved. And, depending on the password manager you use, most password managers will detect when you are in a password change screen and will help you generate a new password and save it. Keepass on mobile will not auto-fill passwords but LastPass will but you can still copy and paste passwords on mobile regardless of the option you choose.
If you’re still on the fence about which manager to use, choose LastPass if you are not tech-savvy and choose Keepass if you are very confidently tech-savvy. Technology is a part of our lives now whether we want it to be or not. My 77-year-old grandma has a password for her bank account. The first and most important step to security online is a strong password. Once you have this done, you’ve laid an excellent foundation for internet security.