Password managers are an essential way to protect yourself from hackers — here's how they work

Hacking
A Swedish young man, participant of the "Chaos Communication Camp - The International Hacker Meeting 2007", sits with a laptop in front of an old Soviet jet fighter at a former Soviet airfield in Finowfurt north of Berlin August 8, 2007 Hannibal Hanschke / Reuters
  • Password managers are one of the quickest and easiest ways to help defend yourself against hackers.
  • They store all your passwords — so you have to remember only a single, extra-secure one to protect yourself.
Advertisement

If you ask security experts for the simple advice they would give to ordinary people worried about being hacked, the same thing comes up again and again: Don't reuse passwords.

This is because huge numbers of people reuse the same passwords across multiple accounts, putting all their data at risk if any one of their accounts is ever breached.

Of course, juggling dozens of passwords for all your different logins is tricky. And that's where a password manager comes in. A password manager is an app that stores the passwords for all of your services — meaning you have to remember only one.

Here's why you should be using one — and how to do it.

Advertisement

Most people are bad at passwords. Real bad.

facepalm
Chances are, your password choices are awful. Imgur

There are two key problems with people's password habits: They reuse them all the time, and they're terrible at picking them in the first place.

Throughout 2016, we saw dozens of celebrities and high-profile figures — including Drake and Katy Perry — get their Twitter accounts hacked. Twitter itself wasn't hacked, but these victims had reused passwords from sites that were.

Numerous high-profile hacks have come to light recently. Myspace, LinkedIn, and Tumblr have been breached, with hundreds of millions of people's login details leaked online. Hackers can then try these logins on other sites — like Twitter, other social-media sites, online banking, or anything else.

On a long enough time frame, everyone gets hacked. It's basically impossible to avoid having your details end up in a leaked data dump sooner or later — and you can't do much to stop it from happening. But you can limit the damage by not reusing passwords across multiple sites.

It's not just tech-illiterate people who are getting stung this way. Even Mark Zuckerberg, the CEO of Facebook, has had his Twitter account breached.

Making matters even worse is people's password choices.

Put simply, people are awful at picking passwords. They go for predictable strings of letters, or simple words, or other basic possibilities — making it much easier for attackers to guess or crack them.

According to an analysis of leaked data conducted by the security firm Keeper, the world's most common password is the depressingly easy to guess "123456." The second-most-used password was "123456789," according to Keeper, followed by the predictable "qwerty." Then came "12345678," and in fifth place was the obvious "111111."

This is where password managers come in.

Advertisement

A password manager replaces all those awful passwords you use with just one you need to remember.

key mess password
Remembering lots of passwords is like carrying around a huge keychain — frustrating and time-consuming. Based on Alper Çuğun's photo on Flickr Creative Commons

A password manager will solve both these problems. It means you can use a different password on every account, because you need to remember only one. And it'll also generate strong passwords for you, so you don't fall into the traps people often do when they pick their own passwords. (Easily memorable passwords tend not to be particularly strong.)

It stores and encrypts all your login data in its vault — keeping it safe and inaccessible without the correct master password that you set and remember.

There are other benefits to using one too, like remembering all those account logins that you use only very occasionally. If you order from UberEats just once every two months, it'd be easy to forget your password (unless you reused one, tut-tut), but a password manager will keep it safe.

Some also come with extra features to differentiate them from their competitors, including file storage and encrypted note-taking.

Advertisement

Here's an example of a password manager, LastPass.

lastpass dashboard pinterest
BI

You add it as an extension for your web browser, and then it stores all your different logins on its dashboard or encrypted "vault," making them accessible across multiple devices. (So you can use them on your phone, or your work computer, or your personal laptop, without any issues.)

Then when you visit a site you have the login for saved in LastPass, it will recognise it and auto-fill it for you.

lastpass 2
BI
Advertisement

Or if you're registering for the first time, it can help you generate a strong password (which it then saves).

lastpass
BI

The password above would be a nightmare to remember or to type, but because it's stored by the password manager, you don't have to. It's all taken care of.

You can also review your passwords on your dashboard and change them directly from there.

lastpass
BI
Advertisement

But are they secure?

swiss bank vault
http://www.jamesedition.com/extraordinaire/swiss-bank-safe-with-money-729198

But isn't it dangerous keeping all your passwords in one place? Nothing is ever perfectly safe — but using a password manager is far safer than the average person's security habits.

The best password managers use industry-standard encryption to protect users' data. It's a vast improvement on sticking password reminders to your computer screen or — worse still — reusing weak passwords. Emmanuel Schalit, the CEO of the password manager Dashlane, says, "Sometimes, it's better to put all your eggs in the same basket if that basket is more secure than the one you would be able to build on your own."

On its site, Dashlane uses the analogy of a bank: "You trust your bank to store, manage, and protect your hard-earned money, instead of carrying thousands of dollars in a gym bag everywhere you go. Instead of writing your passwords on sticky notes or reusing the same password for all of your accounts, password managers provide a safe place for you to store, manage, and protect your passwords and other private information."

Hackers do try to attack password managers, though. In 2015, LastPass announced that intruders managed to steal email addresses, password reminders, and more — though not users' encrypted password vaults — and it forced all users to reset their master passwords.

Different password managers also let you decide whether you want to store your encrypted data on the cloud or your own devices. You might be happy to trust your password manager to host your passwords so they can follow you wherever you go. But if you're more paranoid, you can opt to store that data on a local device where no one can reach it.

Advertisement

And this all works on mobile too.

apple iphone samsung galaxy s6 edge smartphones gold
Karlis Dambrans/Flickr (CC)

Cloud-enabled password managers can sync across multiple platforms, including your smartphone, meaning you're not stuck when you want to log into a mobile app with a password stored in your vault.

(But if you decide you don't want to entrust your data to the cloud, then this won't be available. It's trade-off — ease of use versus peace of mind.)

Advertisement

Multiple options are out there.

rich supermarket
So many options... REUTERS/Bruno Domingos

Numerous password managers are available including LastPass, 1Password, and Dashlane.

LastPass has a free option that includes encrypted note-taking and charges $1 a month for a premium version with 1 GB of file storage. 1Password charges $2.99 a month (though it offers a free trial) that also includes 1 GB of file storage. And Dashlane has a free version and a premium, $39.99-a-year version — though the free one doesn't sync across all your devices.

Check out the links above to see the full list of features in the free and premium versions of each one to figure out which might suit you best. A key factor is making sure that the app you choose works with all the browsers and devices you use in your daily life; otherwise, it's just a pain.

Advertisement

Stay vigilant: Password managers can't do everything.

padlock broken hacking door
If someone really wants to get in, he or she is going to get in. David Silverman/Getty Images

Finally, a word of caution: A password manager isn't a remedy for all the cybersecurity woes in the world. It's good practice, but it doesn't make you invincible.

Researchers have previously developed phishing attacks targeting LastPass, designed to trick the victim into giving up his or her master password. Or a keylogger might steal your login details, even if your password hygiene is impeccable. If someone really wants to hack you, and he or she has the time and resources, the person is most likely going to succeed.

To minimise the chances of being breached, you should follow plenty of other security advice alongside using a password manager.

Activating two-factor authentication means that even if an attacker gets one of your logins, the person can't get access to the account without getting hold of your phone too. And if you keep your software up to date, hackers are less likely to exploit known vulnerabilities to attack you. Keeping everything encrypted with full disk encryption, meanwhile, means that if someone gets hold of your physical devices, your data remains safe so long as the person doesn't have the password to unlock it.

Security
Advertisement
Close icon Two crossed lines that form an 'X'. It indicates a way to close an interaction, or dismiss a notification.