Password Managers – Why you should use one.

[mwm-aal-display]

How many passwords?Password Managers make logging in easier and more secure.

How many passwords do you have?

You might not remember how many, let alone what they are.

We tend to be lazy with passwords, making them simple and easy to remember, and often using the same one for multiple sites.

Why do we do it? Because it’s easier!!


Typical instructions for creating a password may look like this:

A strong password

  • has at least 15 characters
  • has uppercase letters
  • lowercase letters
  • has numbers
  • is not like your previous passwords
  • is not your name
  • is not your login
  • is not your friend’s name
  • is not your family member’s name
  • is not a dictionary word
  • is not a common name

Some sites or work environments may even require that you change the password as often as once a month.

Now multiply this by the number of passwords you have: 2, 20 or 200, and it becomes almost impossible to create that many passwords, never mind trying to remember them.

To create a complex, secure and unique password, you can use a password generator, such as https://strongpasswordgenerator.com/

or test your password with http://www.passwordmeter.com/

Once you have your passwords, you use your browser, Internet Explorer or Google Chrome, as your password manager, to remember them.

However now we are getting back to lazy.

If anyone has access to your computer or hand-held device, they can simply go to the log in page for a site, such as your bank or email account, and they will have the username and password filled in automatically. How convenient!

However, you may not want just anyone to access these accounts. So you could just write them all on a piece of paper and have it handy to the computer, but that would be even less secure.

So does that mean we are back to trying to remember all those complicated, unique passwords?

Time for a password manager.

Password managers have been around for a while. But not everyone uses them. So why should you?Roboform

Note: Roboform is one of many excellent password managers. LastPass is another. I am most familiar with Roboform, having used it for a few years. Other password managers share similar features and will serve you well.

What is a password manager?

A password manager will remember your passwords for all your logins, and you will only need to remember one password.
This already sounds easier, doesn’t it?

 Why use a password manager?

  • Remember only one master password.
  • Unique and complex passwords can be set up for different sites. No need to reuse a password just so you can remember it.
  • Two factor authentication available. This means you can set it up so that a new device has to input a second code, usually from a text message or email, before the master password will work. This prevents anyone from using your password manager on a different device, even if somehow they found your master password.
  • Optional encrypted back up available.
  • Form filling.
  • Bookmarks for websites.

When you set up your account, you will choose a strong password, and this will be your master password. It should be easy to remember but hard to guess.
You can test some passwords here. http://www.passwordmeter.com/

or  http://www.roboform.com/how-secure-is-my-password

No password tester is 100% accurate, but you can see how even a phrase that is common to you will be hard to guess. It is good to note that the longer the password, the better it is.
Once you choose your password, your password manager will prompt you to remember any new logins you create. When you next go to login, it will provide the username and password. Your password can be very complicated, but you don’t need to remember it. Many password managers include a password generator that will create the password for you, and has options for creating an acceptable password.

You will only use your master password to log in to the site. Most password managers can keep track of the log in page, so you can just click on the name of the site and it will open the page and log you in.
Does this sound insecure? It will be secure as long as you don’t share the master password. All of the information in the password manager is encrypted and only accessible after the master password is entered.

Here is some information regarding passwords and security from Roboform. Read more at

http://www.roboform.com/support/faq#faq_steal_pass

Q: I forgot my Master Password. How can I recover/reset it?
A: You cannot. The whole point of RoboForm security is that only the person who knows the Master Password can use RoboForm User Data protected by this password.
If you forgot your Master Password (or if you do not remember creating one but RoboForm requests it from time to time) then the only course of action is to remove all RoboForm User Data files protected by the Master Password and then remove Master Password.
In “Options -> Security” click “Set Master Password, Mass Protect/Unprotect” button, click Next when asked to enter the password and then check “I do not remember a password for this data” check box when you are asked to enter the password to open a RoboForm file you do not know the password for (check “Do not ask next time” if you do not remember anything), click Next and follow the instructions (remove or set a new Master Password).

Q: If somebody steals my computer with RoboForm on it, can he get into my accounts?
A: If you password-protect all sensitive Passcards and Identities then it will be nearly impossible to get an access to them without the password. Specifically, all password-protected Passcards and Identities are stored in files that are encrypted by your Master Password using AES, BlowFish or 3DES. So a person who theoretically steals your computer or files, will have to break these encryption algorithms in order to get your passwords from Passcards.
As long as you observe these rules, it should be very hard to use the stolen info:
* Password-protect all sensitive Passcards and Identities. Anyone can see and use Passcard or Identity that is not password-protected.
* Make your Master Password long enough and not obvious, so that it cannot be defeated by a simple dictionary attack. Do not use any words or names from any widely used languages, make your Master Password at least 10 characters long, include numbers and special symbols.
* Use AES, BlowFish, or RC6 for encryption, they are harder to break than other algorithms.

Roboform also can keep track of Favorite websites for you. If you use Roboform Everywhere, you can install it on any number of computers or devices, and even use Roboform2Go to put it on a flash drive and use on another computer. The login info stays on the flash drive and disappears from the computer as soon as the flash drive is removed.

Another feature of Roboform is the Smart Form Filler. You can fill in Roboform with default information that you would put in a form to fill out your name, address, age etc. You just click on your name and the form will be filled with the information that you provided before. Of course, you can edit the form after Roboform does its job.

Links

And there are others. Check them out. Some have free limited use that may suit your needs.

Next we will discuss two-factor and multi-factor authentication.

 

Scroll to Top