InfoSec Blog - Getting Started with a Password Manager

Password Manager

October 20, 2017

Using a password manager is one of the most important things you can do to protect your identity. It can help you improve your personal security with better and stronger passwords, unique passwords for every service you use, and can change passwords automatically for you. It can also make your life easier. You'll never have to remember passwords again, it can automatically add new accounts as you create them, and you will have a full inventory of all your accounts. 

If you are still not convinced, check out this previous blog post (https://www.uoguelph.ca/ccs/infosec/passwordmanagers) and then take a minute and think about your passwords…How many accounts do you have? How complex are your passwords? Is there a recognizable pattern to your passwords? Do you reuse passwords across multiple sites? Do you write passwords down? 

This article will help you get started using a password manager and answer the question - How do I get started?

1. Choose a password manager.

The first thing you need to do is to choose a password manager tool . But which one? Good question, and the answer is - it depends. Ask yourself these questions:

  • What features are you most interested in? 
  • What are you willing to pay for a password manager? 
  • Where are you going to use it? Just on your home computer or do you want access from your mobile devices?
  • How comfortable are you with using a cloud-based service? 
  • How much ‘fiddling’ are you willing to do?

Now do a bit of research into your options. Here are some great resources to help you answer these questions:

 

2. Pick a very strong master password. 

Next you'll need to choose your master password. Our best advice is to use a passphrase. This blog post can help you with that - https://www.uoguelph.ca/ccs/infosec/passphrases 

 

3.Put all of your accounts into the password manager.

Now that you have chosen your password manager and your master password, start using it on a regular basis.  As you add your accounts, take the opportunity to change weak or duplicate passwords to stronger ones. As well, setup browser integration so that as you access accounts or create new ones, they will be automatically added to your password list.
 
 

4. Practice good security habits with your password manager.

Password managers are a powerful tool, but you need to be careful. Understand that if you walk away from your computer and you are logged into your password manager, anyone can access all of your accounts! So always lock your computer when you leave your desk and consider setting an idle timeout for your password manager. Finally, never share your master password or use it for any other purpose. 

 

Written by: Stephen Willem (Manager, Information Security)