How to Use a Password Manager
A password manager solves two problems: forgetting strong passwords and reusing weak passwords. A good strong password is long, complicated, and random, but these are often difficult to remember. A memorable password is short, simple, based off personal information, and often reused. The former is important for security but sacrifices convenience. The latter is important for convenience but sacrifices security. A good password manager can generate a password that is impossible for attackers to break in a reasonable amount of time without the need for people to remember every single password they use. This wikiHow will show you how to stop losing passwords and use a password manager.
[Edit]Steps
- Know how a password manager stores passwords. Most passwords fall into two categories: easy to remember but insecure, or hard to remember but extremely secure. A password manager stores passwords, randomized or otherwise, in an encrypted database, either on your computer or in the cloud, which can only be decrypted by using a master password or security token that is easy to remember or keep and that only you know or have.
[Edit]Choosing a Password Manager
- Use Credential Manager on Windows or Keychain on Apple. Credential Manager and Keychain stores all your passwords (except for third-party browser passwords) in a database on your device or in the cloud. These passwords can be fetched and used by applications on the fly securely. The downside is that if your computer's disk is not encrypted or equipped with a security chip, it may potentially not be strongly encrypted.
- Use your browser's password manager. Chromium and Firefox-based browsers come with a built-in password manager that provides basic but encrypted password storage. One key advantage to this is that your passwords can be tied to a specific online account and synced across all your devices. The problem is that it may not provide adequate protection against password stealing, especially if that account does not use the best security practices (like two-factor authentication).
- Consider using a third-party password manager. LastPass and DashLane are two industry-leading password managers that store your passwords in an extremely secure fashion. These password managers store and transmit your passwords encrypted on their servers. With these, all you need to remember is a master password that can decrypt the database.
[Edit]Saving Passwords
- Use a random password. A random password is the most secure password. You can generate random passwords using your credential manager or by using a random password generator like https://passwordsgenerator.net/. Enter it into the password field when creating your account.
- Avoid reusing passwords. If you reuse a password, your password manager may warn you to choose a different password. Choose a unique password for each account. If you need to reuse passwords, consider having multiple unique passwords that you reuse on all sites.
- Save your password. When your password manager or browser prompts you to save, choose "Save password". This will store the password either in the cloud or on your hard disk so you can use it later.
[Edit]Accessing Saved Passwords
- Access your password manager. Credential Manager and Keychain can be accessed by opening their respective app or by going to password settings on your device. A browser's password manager is accessible by going into your browser's autofill or security settings and looking under "passwords". An extension's password manager is accessible in the browser by clicking on the extension.
- Verify your identity. Depending on your device, you will need to verify that you are who you are. On Windows, you must have Windows Hello set up to decrypt the password. On Mac, you must use your Keychain password or biometrics set up to decrypt the password. For online password managers, you will need to confirm the master password and/or use two-factor authentication to verify your identity.
- View the password. You may not be able to edit the password without going to the appropriate website to change it, but you will be able to see and copy/paste the plaintext password into a different password field.
[Edit]Filling in Saved Passwords
- Click on a login form. This will open up your browser's auto-fill.
- Select the password to use. This will automatically fill in the password into the login form.
- If prompted, enter your PIN.
- Click on . If the password does not work, then you can reset the password to a random password.
[Edit]Tips
- Periodically check to see if your password was stolen in a data breach.
- Opt to use biometrics or security keys instead of passwords as they cannot be easily stolen.
[Edit]Warnings
- Never store your passwords in plaintext on your computer as such documents are easily compromised or stolen.
- Always keep private documents encrypted and/or protected by two-step verification to avoid other people accessing it.
Comments
Post a Comment