The internet in 2021 is a very different place than it used to be only a decade ago. Gone are the days when you’d visit just a handful of sites all neatly organized in your browser’s trusty bookmark manager.
Nowadays, you’re much more likely to visit dozens of unique websites within hours and, in many instances, also sign up for a new account. According to multiple surveys, the average internet user has anywhere between 50 and 200 online accounts. The downside? Most of us have had at least one of these unknowingly compromised or breached in recent years.
Password managers universally claim to safeguard our accounts and improve online security, but how effective are they really, and should you bother?
What is a password manager?
Put simply, a password manager is an app or browser extension that generates a uniquely complex password for each of your online accounts. Your credentials are then stored in a “vault” and can be accessed through a single master password, which you should ensure is as secure as possible.
I know it’s hard not to be a bit skeptical. When I first learned about password managers, I too was concerned that storing all of my credentials in one place could be potentially dangerous. After all, what if the password manager itself gets compromised somehow?
After doing some digging, though, I learned that pretty much every password manager utilizes zero-knowledge encryption. What this means is that nobody can access your data without the vault’s master password, not even the tool’s developers or the companies that host your encrypted data.
However, I was also reluctant to switch over to password managers for a much more personal reason: muscle memory. You see, remembering just one or two sets of credentials meant that I had become incredibly quick at logging into my accounts. No password manager could be faster and more convenient than that, right?
Fortunately, I was wrong. Password managers will automatically input your credentials for you, even on mobile. This can also save you from password-stealing viruses that eavesdrop on your keystrokes.
In the end, what really forced me to embrace the password manager lifestyle was discovering just how many of my own accounts had already been compromised. According to Have I Been Pwned, my email has been involved in at least 14 data breaches over the years, including a well-documented MySpace password leak dating back to the late 2000s.
If you reuse passwords — like I admittedly used to — even one compromised account can spell doom for your online security, let alone 14. This is because anyone can theoretically use your stolen or leaked credentials to log into other unbreached websites. This low-tech infiltration technique, dubbed “credential stuffing,” has proven to be eerily effective in recent years.
And if you don’t believe that your password will be singled out, think again. Within hours of Disney Plus launching in November 2019, thousands of compromised accounts were already being sold on public forums. Netflix and Spotify accounts have also fallen victim to credential stuffing.
How to choose the right password manager
Keeping this grim reality in mind, then, with which password manager should you entrust your credentials?
Well, just about every major web browser these days offers basic password management functionality. Practically speaking, though, if you use a lot of different devices you will likely want something available on multiple platforms that is also browser-agnostic. Dedicated password managers offer just that along with several other features, such as the ability to share a login with your family members or colleagues.
Some premium services, such as Dashlane and LastPass, can also automate the process of changing your passwords for you. However, this feature only works on a handful of websites, so I’ve never given it much consideration personally.
Furthermore, such extra functionality is typically locked behind a monthly subscription. Dashlane charges a whopping $4 per month, while Lastpass is only a bit more modest at $3. It’s worth noting that you also need to be on these premium tiers for unlimited multi-device sync. This can be frustrating since you end up paying for frivolous features (such as a full-blown VPN in the case of Dashlane) even if you don’t intend on using them.
If you’re just looking for a robust password vault and nothing else, consider open-source options such as Bitwarden or KeePass. Being community-led projects, both offer generous (and usable) free tiers and have been extensively audited by the development community at large. Self-hosting them is also a possibility for the privacy-conscious among us.
As with many open-source tools, their development can sometimes be a bit slow relative to the competition. Still, I’m more than willing to sacrifice features for privacy and stability.
Beyond password management
Besides employing a bulletproof password management system, do remember to enable two-factor authentication. This adds another hurdle for malicious actors to cross before gaining access to your account. In fact, you can go a step further by adding a hardware-based authentication device such as the Yubikey to your login flow.
With these measures in place, you can rest easy knowing that no single hack has the potential to compromise your entire digital identity. If you value a sound night’s sleep as much as I do, it’s easy to see the utility of password managers in 2021.