Con Watch: Why You Should Use a Password Manager

Password managers will not only store your passwords, but also generate unique, hard-to-guess new ones. Steve Weisman looks at their benefits and drawbacks.

Sticky notes with poor passwords attached to a keyboard.
(Shutterstock)

Weekly Newsletter

The best of The Saturday Evening Post in your inbox!

SUPPORT THE POST

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

Having unique, complex passwords for each of your accounts is an essential element of online security. However, remembering all of your passwords can be a difficult task for many people, which is why you should use a password manager.

Password managers will not only store your passwords, but also generate unique, hard-to-guess new ones.

A recent report from Hive Systems indicates that due to advances in advanced graphics processing technology, hackers can crack an eight-character password with capital letters, lower case letters, and symbols in 39 minutes and a seven-character password in a mere 31 seconds. Passwords of six characters or less can be cracked instantly.

With a password manager, all you need to remember is the one master password to your password manager account, which, of course, should be strong and unique. Additionally, you should use two-factor authentication to protect the security of your password manager account — even if someone were to obtain your password, they would not be able to access the account.

Since many people use their password managers to store passwords for commonly used websites such as Amazon, most password managers also provide a browser toolbar menu of saved logins so that the password manager can log you into the site automatically.

It is important to note that password managers don’t actually store your passwords, but merely encrypt them on your devices. This reduces the chances that your passwords could be accessed through a data breach. However, password managers do maintain other customer information that could be leveraged by hackers to lure people into providing their master password. This is another reason why you should use dual-factor authentication.

If you do decide to use a password manager, you should remember not to use your password manager master password for any of your other accounts.

If you are interested in using a password manager, PC magazine compares many of the available password managers. The cost for password managers can vary tremendously from free versions to as much as $180 per year.

As you might expect, password management companies are tempting targets for identity thieves. In 2015, online password manager company LastPass suffered a data breach in which customers’ email addresses, password reminders, and encrypted master passwords were taken. In 2021 there were initial indications that LastPass had been hacked, although it was later determined that no individual accounts were compromised. Rather, cybercriminals appear to have attempted to use emails and passwords obtained through earlier data breaches of other websites (known as credential stuffing) to hack into LastPass accounts.

In 2018 researchers at Aalto University and the University of Helsinki discovered security flaws affecting the technology used by all of the password manager companies. The researchers disclosed their findings to the affected companies, which took steps to remedy the problem.

The bottom line is that while using a password manager is helpful, it will always be a target of hackers, and you may be more comfortable using unique, complex passwords for each account that you can readily remember without using a password manager.

This is not as difficult as it sounds. Start with a strong base password constructed from a phrase, such as IDon’tLikePasswords, that has capital letters, lower case letters, and a symbol, and then add a few more symbols at the end, for instance, IDon’tLikePasswords!!!. Then adapt it with a few letters for each particular account. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

Security.org has a great tool where you can type in your password and it will tell you how long it would take for a hacker to crack it. According to Security.org it would take eight quintillion years to crack my IDon’tLikePasswords!!! base password.

Featured image: Shutterstock

Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now

Comments

  1. According to security.org, a computer would need sixty – five million years to crack the following password: Mydoghasfleas.

    I tried it a dozen or more times, frequently with song titles everyone who is reading this would recognize, and I got results which struck me as even more ludicrous, quintillions of years, and such.

    I’m not sure how much faith I put in security.org

Reply

Your email address will not be published.