Password Management

One of the most common pieces of advice often given out regarding basic account security is to not re-use passwords across different services. Using a single password across several of your different accounts means that only one service needs to be compromised, or one slip up on your part, for access to all of the services you use to be compromised.

Ever since this practice of using single or small set of passwords became commonplace (primarily for ease of memory more than anything else) it's basically common knowledge for those wishing to exploit hijacked passwords is to try them across all the services they reasonably can. It takes a hacker or identity theft only a few minutes to try out a dozen different services to see if you're using the same compromised passwords across them - and usernames or email addresses are usually easy enough to guess (which is fine, as they're not supposed to be secret).

Thankfully, there is now software available to memorize your different passwords for you - these are called password managers. They work by instead requiring you to have a single, very strong password. With this one password, you locally encrypt a database of different passwords (which can be randomly generated) that you use across various services. This way, you have a unique password wherever a password is required - but you only remember a single, master password. While this isn't as perfect as simply memorizing uniquely strong passwords, as if both your master password and your password manager database are compromised you once again face the problem of multiple services being compromised. However, it is a significant step up from using weak or non-unique passwords, and the odds of your master password and database being compromised is generally very low.

So - what password manager should you use? There are a few options, each with pros and cons.

Support Organizations