Do You Need a Password Manager?
Written by: Kristy Welsh
Last Updated: April 19, 2017
We already have so many accounts we’re signed up for — do we really need to throw a password manager into the mix? Well, as you might have already guessed, the more accounts you have, the more you need a password manager. This is just one tool to help prevent identity theft and one of many ways you can protect yourself online.
Why You Need a Password Manager
1) You need a strong, unique password for every single account.
Even if you take the time to create a strong, unique password yourself, it may not be as strong as one randomly generated by a password manager.
What’s worse is taking the time to create a strong password only to use it on every single one of your accounts. You can be sure that if a hacker manages to get a hold of that username/password combo from one of your accounts, they are going to try it on your other accounts, too.
Bottom line, you need a different password for every login, and all of them need to be strong. Granted, you could keep your own list of unique, hard-to-remember passwords, but that’s a lot of time spent referencing the list multiple times a day.
2) You only have to remember one master password.
With a password manager, the only password you need to remember is the master you set up to login to your password manager account. Of course, your password manager still has to learn whatever credentials you already have set up. So, when you’re first getting started, you will still need to login to each account so that the password manager can store the information.
3) A password manager can generate new passwords for you.
If the password manager sees weak or duplicate passwords, it can alert you that changes need to be made. The password manager can generate these changes for you, ensuring you have a strong, unique password for every single account.
Choosing a Password Manager
Not all password managers are created equal. Fortunately, PC Magazine reviewed the best password managers of 2016.
LastPass looks to be the best way to go, with a perfect five-star rating. LogMeOnce Password Management Suite comes in a close second. The only thing on PC Magazine’s list that LastPass and LogMeOnce don’t do is store application passwords.
LastPass ranks highest on this list, too, with another five-star rating. In this case, what you’re paying for is to store the application passwords that the free version does not do. Dashlane gets five stars, too, but does not cover application passwords or have a portable edition.
The Security of Password Managers
As secure as password managers may be, they are not immune to hacks. We learned that when the top-rated LastPass was hacked in 2015. While stored passwords for other sites were not breached, master passwords were stolen, as well as emails and other data.
In response to the breach, LastPass encouraged customers to use its multifactor authentication feature.
As stated on the LastPass website:
"Multifactor authentication refers to a device that can be enabled for use with your LastPass account, and requires a second step before you can gain access to your account. Multifactor authentication devices help protect your account from keyloggers and other threats – even if your Master Password were captured, someone would be unable to gain access to your account without this second form of authentication."
For instance, if you have multifactor authentication set up on your cell phone, then every time you login to your LastPass account, your phone receives a notification. You have to click the button on your phone or you can’t login to LastPass at all. Should you lose your phone, then you can disable the multifactor authentication, which requires verification through email.
Dashlane and LogMeOnce also offer multifactor authentication, as do most other passwords managers.