Protecting your Digital Identity with a Password Manager
In 2021, the Identity Theft Resource Center¹ reported a record 1,862 data breaches for the year. Coupled with the fact that 65% of users admit to re-using passwords for multiple accounts², our passwords are a huge vulnerability in enabling hackers to access our private data.
Here are some guidelines for smart passwords
- Never re-use passwords.
- Passwords should be at least 12 characters in length
- Incorporate a mix of multiple character types (uppercase letters, lowercase letters, numbers, and symbols).
Using these requirements will prevent a hacker from obtaining your password by brute force, which computationally tries out every possible combination within a lifetime.³ However, personally memorizing unique passwords for all our accounts is impossible for most without re-using passwords or modifying a few re-used passwords. A 2020 study by NordPass⁴ claims the average person has 100 passwords; memorizing all of them if they are unique is not feasible.
Password managers shine when managing dozens, if not hundreds, of passwords. You can randomly generate a different, unique password for your account while only having to memorize one master password to access your manager. These services use a “zero-knowledge” solution, meaning they cannot access your passwords even if they were hacked. Your master password is used to encrypt your passwords. Encryption turns your password into an incomprehensible, garbled mess that hackers cannot use to access your accounts.
Using Password Managers
Password managers generally can be used cross-device and have browser extensions with auto-filling capabilities to make use more convenient. You can also store secure notes in many apps, which is great for writing down pins, security questions, or other protected information.
One recommendation is to enable 2-factor authentication whenever possible, both for your password manager and other accounts. This significantly enhances security as it is difficult for hackers to steal your password and physical device. If you find putting in 2-factor authentication a hassle, most websites will allow you to remember your device for 30 days, thus skipping the 2-factor authentication. Although this lowers security a bit, a hacker would still have to steal your physical device to access your accounts. Also, when given a choice between using SMS 2-factor or an authenticator app, always choose the authenticator app. SMS 2-factor is still better than not using 2-factor, but SMS is more susceptible to hacks as opposed to an authenticator app.
One final recommendation is to set a short time-out period for your password manager. This is the time you allow your vault to be unlocked after entering your password. We recommend you set it to a very short time (~5 minutes) or require entering your master password each time you want to access your vault.
Any Cons with Using a Password Manager?
If you forget your master password, your passwords are lost forever unless you set up a password recovery option ahead of time. It is not advisable to store your master password or write it down somewhere, as that leads to potential security vulnerabilities.
All your passwords can be accessed if someone obtains your master password, meaning that it is imperative to keep it safe. There can be potential vulnerabilities if your device is infected with malware, thus enabling your master password to be compromised. Therefore, it’s crucial to enable 2-factor authentication for your password manager.
Nothing is 100%, but we believe that your passwords are significantly safer with a password manager. Some password managers also will alert you when a password is found in a data breach, and since all your passwords will be unique, you can easily just change a single password and rest assured that the rest of your digital identity is kept safe.