I have been in information technology for more than 30 years, I have seen many trends change, go out of favor and later make a comeback. However, over this time one thing I have consistently opposed is password managers, that is until now.
A password manager is an application that can keep all your passwords for you AND generate very secure passwords (i.e. ones that are almost impossible to crack) since the passwords they generate are always random letters, numbers and symbols. I disliked password managers because I have seen people forget the password to open the password manager and instead of having just forgotten one password, they have forgotten ALL their passwords!
I changed my mind about password managers because of a newer tactic the bad guys are using to steal our information. The tactic is called credential stuffing which is using a stolen username and password from one breached system on many other systems. We all know that several social media sites have had their user database information stolen, right? The bad guys then take that information, knowing that people tend to use the same username and password, and try to login at other sites to see if they can gain access. Does this sound familiar and are you scared? If you use the same username and password at multiple sites you should be very scared. No matter how good you are at protecting your login information when, not if, a site you sign on is compromised, your info will be available for purchase or used by the people that hacked the site.
To the rescue for having the same username and passwords at multiple sites, password managers that will generate a password for each site and remember that password for you so when a site is hacked the username and password stolen will only be for that site!
Are there other ways to protect yourself, yes there are several. If the site allows you to set up two-step authentication, enable that. Two-step (-factor) is something you know, i.e. your password and something you have, could be your cell phone, a USB key, an email account or a secure card that has a constantly changing code. All of these protect you because the hackers can know the username and password but without the other item, they cannot complete the logon. So, in theory you could use the same username and password at any site that you have two-step authentication setup but that is just asking for trouble!
Here are 5 password managers I have tried and hope you will adopt one. By the way, we are not recommending any of these nor are we getting any compensation, this list is just a way to get you started quickly. Remember, your mileage may vary as to which one works best for you. Also know that getting started does require changing passwords at each site you logon. Four out of the five listed cost money and one is free.
Name Windows Mac iPhone Android Cost
dashlane X X X X $59.88
@Keeper X X X X $59.99
Password Boss X X X X $29.99
AgileBits 1Password X X X X $59.88
LastPass X X X X Free
Another feature offered by @Keeper, Password Boss, AgileBits 1Password and LastPass are family plans that allow up to 5 users saving the cost of having each family member signup. The family option also allows you to designate a family member to access your passwords.
Recently there are reports that password managers expose your passwords on YOUR PC once they have loaded a password for you. This is a problem but only if your PC is already compromised (someone is already inside it capturing your information) but if you are reasonably sure your PC is secure, then this is not much of a concern.