LONDON (AP) — Everyone has too many passwords. The number of credentials we need to remember to navigate the internet is constantly growing. And that applies not only to frequently used logins for email, banking, social media, Netflix and Spotify, but also, for example, to that lesser-known e-commerce site where you’re not sure you’ll buy something from again.
According to some non-scientific studies, the average person has hundreds of passwords. That’s a lot to keep track of. You might be tempted to reuse them, but that’s one of the bad password habits cybersecurity experts warn against.
Instead, use a password manager. These have been around for a while and can be useful tools for keeping track of your login information. However, for those who aren’t tech-savvy, they can also be intimidating.
Here is a guide on how to use it:
Why should I use a password manager?
Many people simply use the same password for all their online accounts, mainly because it is most convenient.
Not!
If your login credentials are intercepted in a cyberattack, hackers could try to use the stolen passwords to access other services.
Other no-gos: Using easily guessable information such as birthdays, names of family members, favorite sports teams, or simple phrases like “abc123.”
The best strategy, according to experts, is to use a different password for each account, the longer and more complex the better, and to support it with two-factor authentication if possible.
However, it is impossible to remember all these different codes, so leave this task to a password manager.
How does a password manager work?
The basic concept is simple: your passwords are stored securely in a digital vault. When you need to access an online service, the login and password fields are automatically filled in. The only thing you need to remember is a single password to open the password manager.
Most password managers have a smartphone app that works with mobile browsers and other apps and can be opened with a fingerprint or Face ID scan. If you’re using a computer, you can also log into your password vault using a browser plug-in or through a website.
A good password manager should also be able to generate complex passwords with letters, numbers and special characters when you set up a new account. It should also recognize that you are logging into an online service for the first time and ask if you want to save the login information you entered.
Password managers can also help you avoid phishing scams. Those fraudulent emails from scammers trying to trick you into clicking on a link to a fake website designed to steal login information? A password manager won’t autofill the information if the web address doesn’t match the one associated with the saved password.
They don’t just store passwords. They can also store things like bank and credit card PINs. Many also support passkeys, a new technology that companies like Google are introducing as a more secure alternative to passwords.
How do I choose the best one?
There are dozens of password managers on the market, so it can be difficult to figure out what’s best for you.
The more popular platforms include 1Password, Bitwarden, Dashlane, Bitdefender, Nordpass, Keeper and Keepass.
Check out the numerous tech review sites that have conducted extensive testing and compiled rankings of the most popular services. If you want to dig deeper, users on Reddit have created tables with side-by-side comparisons. The UK’s National Cyber Security Centre offers a buying guide.
Most services offer free and paid versions. The paid options usually cost a few dollars a month, while the free offerings often have limitations, such as only allowing one device to log in at a time or limiting the number of passwords you can save.
If cost is a factor, Bitwarden’s free service gets top marks from reviewers, although it’s less sophisticated and not as intuitive to use.
A good password manager works across multiple devices and platforms, with apps for Windows and Mac computers as well as iOS and Android devices and plugins for browsers like Chrome, Safari, Firefox, Edge, Brave and Opera.
There are also simple browser-based password managers, as well as Apple’s iCloud Keychain for Macs and iOS devices. The iPhone maker is targeting the market more specifically with a new app called Passwords, which is set to launch in the fall.
But are they safe?
After the service Lastpass reported a security vulnerability, concerns about cybersecurity in connection with password managers flared up. Experts then advised avoiding this service.
Don’t let this put you off. Experts recommend, for example, that storing your login details in a password manager is much safer than leaving it to e-commerce websites, for example.
Good password managers use strong encryption that prevents anyone else from seeing your data.
Many services use AES-256 encryption, which is considered the most secure type “and cannot be cracked with brute force using today’s technology,” says Pieter Arntz, senior malware intelligence researcher at cybersecurity company Malwarebytes.
Strong encryption “ensures that even if your computer or password manager is compromised, an attacker cannot simply read all your passwords because they are stored encrypted and the attacker needs the master password to decrypt them,” Arntz said.
A good password manager should also perform regular security audits and notify users immediately if a security breach occurs.
Many services store data in the cloud. If you’re concerned about this, some services allow you to store the data only on your local device, but this can be a complicated process.
