This article was originally published on joshmuller.ca.
In 2020 there were nearly 8 Billion online accounts compromised by hackers.[^hack] Statistically speaking, at least one of your accounts was probably in that list.
Several of mine were.
When a hacker compromises an online account, many times the email addresses and passwords of those accounts are among the compromised content. Because many people re-use the same email address and password in many places, when a hacker gets a hold of a user's username and password, it is super easy for them to take that username and password and start trying that combination on other online accounts... Like your email, your work accounts, your bank, or other valuable or sensitive accounts.
That's not good. We want to avoid that.
Luckily, there is a tool that can be used to significantly increase both the security and convenience of your online life for free (or very cheap).
Many times, security and convenience are mutually exclusive --- you need to chose one or the other. But that's not the case with this tool. By using this tool, you will drastically increase the security of your online accounts, while also saving tons of time and headache.
I'm talking, of course, about Password Managers.
If you haven't ever used a password manager, I'm going to quickly explain what they are and why you need them. Then I'll recommend a password manager to you, and point you to resources for how to set it up.
What is a Password Manager? Why do I need one?
The average person has around 130 online accounts^Average, and so, we have an average of 130 places where we need a password.
When it comes to keeping secure with dozens, or hundreds of accounts, there are three guidelines we want to keep in mind. Your passwords for each of these 130 accounts:
- Should be complex and difficult to guess.
- Should be unique. You should never use the same password twice.
- Needs to be usable. The most secure password in the world is useless if we can't remember it when we need it, or if it takes 5 minutes to type it every time we need to use it.
Doing all 3 of these without a tool to help is almost impossible.Many of us suck at all three rules. Everyone sucks at at least one of them. (For example, years ago I had a very complex and long password, but I reused that password on most of my accounts, and it was long enough that it neigh unto unusable.)
Simply put, the reason you need a password manager is that a Password Manager solves all three of these problems.
Any good password manager will help you create and securely manage passwords that are: 1) so complex that they're effectively un-guessable, even by the worlds fastest supercomputers, 2) utterly unique, and 3) managed so conveniently that you'll never need to even think about your password, let alone try to remember it.
For many people, trying to remember their passwords for their accounts is one of the more frustrating things about using technology.
With a password manager, you don't need to have that frustration.
All you need is to create and memorize one good Master-password, and your password manager will securely encrypt and store all your other passwords. It then, also, makes it easy to use the right password on the right accounts.
Save time, and be more secure?
Sign me up!
Which password manager should you use?
There are hundreds of password manager solutions out there. YouTubers and Podcasters alike get sponsorships from all kinds of password managers. Not to mention, if your computer came with an anti-virus/security program of some kind (Norton, McAfee, Kaspersky etc.), it is likely that it shipped with some version of a password manager, too.
However, because your password manager is the key to your digital (and in some cases, physical) life, you don't want to settle for just any password manager.
We want a password manager that:
- You can be confident is actually doing what it promises (creating secure, unique passwords and storing them so only you can access them).
- You can be confident you'll still be able to use/access even if the company that created it ceases to exists.
- You can be confident won't leak your passwords (either purposefully or accidentally).
Because of that, any password manager that isn't open source is out of the question for us.[^OS] Unfortunately, that rules out the vast majority of password managers on the market.[^OS2]
There are a few great options left though.
Notable open-source password managers include KeePass and Nextcloud Passwords. However, both of those have idiosyncrasies that make them probably not the best option for most people.
At the time of this writing, the open-source password manager that I personally use and recommend for most people is Bitwarden. (If you want to be REALLY paranoid, KeePass is a more wholistically secure option. It is just more inconvenient to set up and sync between devices. If you want to dig into KeePass, Techlore has a great tutorial on that here.)
Using Bitwarden
Bitwarden is a solid password manager for everyone. It's easy enough that a grandma could use it, but secure and well-built enough that power-users can be confident with it.
Bitwarden has free and paid versions. The free version has all the benefits we've talked about above, so it's enough for most people. However, I personally use the paid version because it's stupidly cheap ($11 USD/year at the time of this writing) and there are some awesome additional features, such as TOTP for 2-Factor Authentication[^2fa], and a tool to check to see if any of your passwords have compromised in past data leaks.
Bitwarden works with all major operating systems (Linux, Windows, MacOS, Android, iOS), as well as browser plugins for most desktop web browers.
For those who want to, there are also methods that allow you to self-host BitWarden on your own server, so you can be in complete control of your data.
Bitwarden has lots of great tutorials on its site for new users, so I won't rehash the whole process here. The three most important things to know for using it day-to-day is (1) How to Create an account, (2) how to use the Browser Extension for your computer, and (3) how to use it on your mobile devices. Each of those links has both text and video tutorials.
Conclusion
All that to say, if you don't yet use a password manager, set one up today!
It's free! And it will make your experience with technology orders of magnitude easier and more secure than it is today.
[^OS]: Open source software allows us to confirm that the software is doing what it promises to do, because anyone (you, me, or a security auditor) can dig into the code and confirm there's nothing maliscious going on. It also means that, if the company that develops the software stops, we can still continue to use the software through self-hosting. [^OS2]: To be clear, any password manager is better than no password manager. But, if we want something that meets the three requirements above, we need something open-source. A bad password manager can cause you trouble, if its security isn't the greatest. [^2fa]: What is 2 Factor Authentication? [^hack]: https://www.identityforce.com/blog/2020-data-breaches