Have you ever thought about writing down all the login details for your online accounts, and then putting them somewhere safe — like on a piece of paper you hide somewhere in the house? Or on a document you store on your computer? If you have, you’re not alone. We have a lot of passwords to remember, and keeping a note of them somewhere seems like a good idea. But, if you’re going to do this, you need to put them somewhere safer than in a drawer at home, or in a file on your laptop. That’s where password managers come in handy.
Using a password manager is like putting your passwords in a safe that only you have the key to. They:
- let you store and protect all your passwords. The password manager encrypts your passwords so no-one else can access them
- allow you to create random, unique strings of characters that you can use as passwords for your online accounts
- let you store digital records, like your security question answers or two-factor authentication backup codes.
When you set up a password manager, you create a 'master password' that you use when you log in. Once you have all your online account details stored in the password manager, the master password is the only one you have to remember. The password manager will do the rest for you. You don’t have to try to remember a load of different passwords, or risk using the same one over and over.
When you choose a master password, make sure you:
- choose something unique
- make it long and strong — try using a passphrase rather than a password
- don’t use personal information that would be easy for someone else to guess.
Most browsers — like Internet Explorer or Chrome — have a built in password manager. You’ll see it when you log in to a site and a message pops up asking if you want the browser to save your password for you. While this can seem like a good option, it's not as secure as using a dedicated password manager. Browsers will usually store your passwords on your computer. This means that if you leave your computer unattended or unlocked, other people could get easy access to your password details.
Choosing a password manager
There are a lot of password managers available, both free and paid. Have a look at reviews online to see which one would work best for you.
You can choose to install a password manager locally, on your computer, or you can go for a cloud based one.
If you decide on a locally stored password manager, make sure you back your computer up regularly. This will help protect your password manager if it’s ever deleted, or if your computer needs to be restored after a cyber attack.
Cloud-based password managers are a good option if:
- you use a shared or public computer
- you want to sync your data between different devices.
If you choose a cloud-based password manager, you can access it either by going to a website or by installing a browser plugin. A plugin is like an add-on, or extension, to your browser. If you use a plugin, it will prompt you to access your password manager when you go to a website’s login page.
You can add your existing passwords to your password manager, or it can create new passwords for you. It’ll do this by generating a random string of characters based on the password requirements for a website. You won’t need to try and think of a new password yourself.
How safe are password managers?
Like anything else online, password managers aren’t foolproof. But, they do make it much more difficult for anyone to get access to your personal information.
Even if someone got access to your password manager, they wouldn’t get access to the information you store in it without your master password. Password managers encrypt your data. This means that you're the only person who can see it.
If you want to add an extra layer of security to your password manager, you can turn on two-factor authentication (2FA). That way an attacker would need your password and an additional thing, like a one-time code, to get into your password manager.