A few years ago, the term "password manager" was a rarely used term and even unknown to most people. Whenever someone needed to use a password, they would memorize it, because they weren't used that often. At most, there might be 3 or 4 passwords: one for the office computer, one for email, and maybe a couple more. Even if there was a family computer at home, each person might have their user account without a password.
Simple passwords were common:
firulais123, and it didn't matter much because online services didn't compromise anything vital for users.
Gradually, the internet became more significant in the real world. The number of services available through the browser grew. Online banking emerged, as did government paperwork, university enrollment systems, and they all started to store more sensitive data. Security experts knew their users would use easily guessable passwords. To protect the data, they tackled the problem at its root. Users were required to create hard-to-guess passwords. Simply using a number sequence or a pet's name was no longer enough. Passwords now had to include uppercase and lowercase letters, numbers, and even special characters.
Creating and remembering one of these passwords might seem easy, but doing it for 10 different services changes the game. It becomes complicated... But what if I use the same password for all my services? That's probably what many people did. They might not have one password but shared a few with various services to reduce memory strain, as forgetting or confusing these passwords became increasingly likely.
This collective way of thinking became popular. More people began using master passwords, creating a looming problem. If this master password fell into the hands of someone with bad intentions, they'd have the key to that person's entire online life. But surely just keeping the password a secret was enough, right?
The thing is, websites store user data in containers called databases. Here lies all the necessary information regarding the page in question. Passwords are encoded to make storage as safe as possible. Well, that's the theory. Thousands of websites either don't encrypt properly or don't do it at all. And it's not just small businesses. Even big companies like Facebook did this as recently as 2012.
Combine these two bad practices with a hacker keen on stealing user data. By exploiting systems and accessing databases, they have an all-you-can-eat buffet of email accounts and passwords.
Just last week, the largest-ever password leak was reported. This mega file contains 3.2 billion accounts. Considering there are 4.7 billion internet users worldwide, this suggests that 70% of internet users are at risk – a rough estimate assuming each user has just one email account.
To check if your emails are exposed, you can visit this website
So, what can a user do to stay safe? Have a different password for each service and memorize them all? It's a monumental, if not impossible, task.
Enter the title of this post: password managers. These services generate random passwords and store them for future reference, associating each password with a specific username or email and website.
Perhaps if you use Android and have a Google account, you use Google's password service, a good starting point. Or if you use iOS, you might use KeyChain, which is excellent and stores everything on iCloud.
But what if someone steals your iCloud or Google account? Many accounts are stolen daily, even with SMS authentication, as happened to Luisito Comunica.
To avoid issues, don't put all your eggs in one basket. Diversify. Hire a password management service and forget about security problems for a while. Each service has different settings, but they all aim to offer the best user experience.
They offer cloud synchronization, apps for Android, iOS, Windows, macOS, Linux... Password tracking, two-factor authentication, random password generation, and integration with browsers like Chrome, Firefox, Edge, Brave, Safari, and even Internet Explorer.
Research your options. Here's a list of popular and reliable ones:
- 1Password: a favorite for many, including me. For less than $3 a month, it offers comprehensive desktop and mobile clients.
- LastPass: a classic with a generous free plan allowing device synchronization and affordable premium plans.
- Dashlane: entices users with a free plan and a straightforward but powerful interface.
- KeePass: for open-source enthusiasts. It might seem dated, but it's free.
- Bitwarden: another open-source option, more polished, with free personal plans and paid business plans.
If you haven't started using a password manager, give it a try. Migrating might be a bit tedious, but once it's done, it's done for good.