So you’ve upgraded your password and maybe you’ve even decided to be daring and added two-factor authentication to your life. Is there anything else you can do to make your passwords harder, faster, better, stronger?
Password managers are a thing. When you use a password manager, you basically have a single password that you use to log in to the password manager itself. This will become the most important password in your life so in addition to a username and password, most password managers will also have you provide a “passphrase“. The passphrase is usually used to encrypt your passwords so that nobody else, not even the company providing the password manager, can access your passwords.
This is what separates a Password manager from, say, that “Save password” feature in every application. Those passwords aren’t always stored securely and that puts them at risk for anyone who gets access to your computer. And for the sake of this discussion, “access to your computer” can also mean remote access via increasingly clever malware.
There are a couple of things you need to be aware of, though.
First, your passphrase needs to be very good. As with passwords, it shouldn’t be easy to guess. There are sites out there with basic guidelines on what makes a good passphrase. In general, I would suggest at least a memorable (and unique) sentence along with two or three random words mixed in. If you really want to embrace the true spirit of randomness, there’s a way to do that.
One other tip that I use: if you’re familiar with more than one language, switch things up a bit. Pick a passphrase, but then alternate languages with each word.
The second implication here is that you really really really really really need to keep your passphrase safe because, as I mentioned above, if you forget it or if someone else ever needs to access it, you are up a certain type of creek without a paddle.
On this, you may be thinking to yourself: but isn’t that the point? If it’s so secure that I can’t get into it, that means the bad guys can’t get into it either.
While that may be true, the flip side of this is that folks who might need access may not be able to get it. Consider scenarios where you are hospitalized and you want a family member or trusted friend to be able to log in to your accounts and pay your bills or just post a message to your friends about your condition. Online accounts haven’t been around long enough to where we automatically think of them as assets, but that’s starting to change.
This may sound intimidating, but the payoff is the ability to have separate, unique and totally random passwords for every site you use because one of the powers of a good password manager is not only will it store passwords for you, but it can even log you in to the sites you use automatically.
- Do you use a Mac, Windows, or both? Do you want to access your passwords on a smartphone or tablet?
- Are you comfortable with an online service, or would you rather have a program you install yourself?
If you’re on the fence, feel free to get a second opinion. Or a third opinion. As with two-factor authentication, the complexity of a password manager may not be worth it to all of you but knowing what your options are is always an important factor in making good decisions.