The perfect balance between security, usability, and convenience.
If you’re like me, you’re a bit skeptical when it comes to security and how to safely store your sensitive data. When I first looked into password managers I thought they were just another way to undermine my security. Boy was I wrong, they actually have the potential to enhance your security, if used correctly. Let’s see why that’s the case!
Secure passwords are hard to remember
Usually, when we create a password we are biased toward using a combination of words, letters, symbols, and numbers that are meaningful to us. Why? Because we’re humans! And it’s no secret that information is easier to remember when it is organized in patterns, or at least in a way such that we can link it to known concepts. Unfortunately, that behavior leads to a situation where most people use simple or predictable passwords.
Additionally, nowadays, it is common for many of us to use different websites or services where password authentication is required — social media come to mind — possibly utilizing the same password in multiple places. How can you remember a unique and secure password for each of the dozen services you use?! Well, you don’t have to, because that’s exactly what password managers are made for!
The idea is really simple: you have a single really strong master password used to access all your other passwords that are stored in a personal vault. The vault is then encrypted on the client side (meaning your pc, browser, or smartphone) so that only you will have access to your credentials.
Password managers encourage security best practices
Theoretically, the best way to store passwords would be to remember them all. But this can become a daunting task since your passwords should also be unique and difficult or impossible to guess. This is why users will compromise security in some way at a certain point. I met people who use the same password everywhere, others who store them all in a plain text file, some will even use passwords as easy to find as their name.
Password managers are the best trade-off between security, convenience, and ease of use. Since your secure vault will store all the information for you, picking arbitrarily complex and long passwords is not a problem anymore. This way it’s also easy to set up a different password for each service while your security is enforced by the encryption the vault is subject to.
Additional quality-of-life features
But who said that secure password-keeping is the only benefit of using a password manager? In fact, it will also preserve other pieces of information about the services you use, such as your username, the URL of the website, or the URI of the application. This enables password manager apps — available for both desktop and mobile — to auto-fill forms directly from your vault. Keeping track of multiple accounts on the same website and switching between them has never been that simple!
But we’re not finished yet! Many famous password managers offer a certain amount of space on their cloud that you can use to store encrypted files, much like other cloud storage providers, but accessible from within your vault. Moreover, you are not limited to storing your credentials, as it is possible to create secure notes and save your credit card or identity information (which of course can be auto-filled too).
What if you want to share one or more passwords with your friends or family? Guess what, most cloud-based password managers can do that too! The only requirement is for the people you want to share your credentials with to use your same password manager solution.
Last but not least, password managers generally offer a built-in fully-fledged random password generator. Using this tool is really recommended because it allows you to generate passwords as complex and secure as you want in the blink of an eye.
There is no such thing as perfect, unbreakable security
All in all, we can’t have our cake and eat it too: ultimately we need to strike a balance between security and convenience. I think password managers fall in the right spot. But if your computer is compromised by malware, you’re in trouble no matter what techniques you use. The same goes if you choose a weak master password for your vault.
In other words, to minimize the risks, you should always remember to update regularly your software, avoid using malicious applications or websites, pay particular attention not to fall for phishing emails, and always use two-factor authentication (2FA) when it’s available, especially on your password manager.