InfoSec Blog - Getting Started with a Password Manager
October 20, 2017
** Updated: February 18, 2020
Using a password manager is one of the most important things you can do to protect your identity. It can help you improve your personal security with better and stronger passwords, unique passwords for every service you use, and can change passwords automatically for you. It can also make your life easier. You'll never have to remember passwords again, it can automatically add new accounts as you create them, and you will have a full inventory of all your accounts.
If you are still not convinced, check out this previous blog post (https://www.uoguelph.ca/ccs/infosec/passwordmanagers) and then take a minute and think about your passwords…How many accounts do you have? How complex are your passwords? Is there a recognizable pattern to your passwords? Do you reuse passwords across multiple sites? Do you write passwords down?
1. Choose a password manager.
The first thing you need to do is to choose a password manager tool . But which one? Good question, and the answer is - it depends. Ask yourself these questions:
- What features are you most interested in?
- What are you willing to pay for a password manager?
- Where are you going to use it? Just on your home computer or do you want access from your mobile devices?
- How comfortable are you with using a cloud-based service?
- How much ‘fiddling’ are you willing to do?
Now do a bit of research into your options. Here are some great resources to help you answer these questions:
- Wikipedia's List of Password Managers - https://en.wikipedia.org/wiki/List_of_password_managers
- What Is the Best Password Manager? Our Top 4 Options Analyzed (2019) - https://heimdalsecurity.com/blog/what-is-the-best-password-manager/
- PC Magazine's Review of Best Free Password Managers (2017) - https://www.pcmag.com/article2/0,2817,2475964,00.asp
- PC Magazine's Review of Best Paid Password Managers (2017) - https://www.pcmag.com/article2/0,2817,2407168,00.asp
2. Pick a very strong master password.
3.Put all of your accounts into the password manager.
4. Practice good security habits with your password manager.
Password managers are a powerful tool, but you need to be careful. Understand that if you walk away from your computer and you are logged into your password manager, anyone can access all of your accounts! So always lock your computer when you leave your desk and consider setting an idle timeout for your password manager. Finally, never share your master password or use it for any other purpose.
Written by: Stephen Willem (Manager, Information Security)