Online Safety Starts With Using a Password Manager

Stop cybercriminals with strong, complex passwords you don’t have to remember

a broken lock illustration is surrounded by insecure passwords written on sticky notes

iStock / Getty Images

Ronald Day

AARP

En español

Published September 14, 2021

/Updated December 01, 2022

Nearly all of us have been victims of cybercrime — or know someone who was.

Digital financial theft, including phishing, ransomware and public Wi-Fi hacks, hit close to half of all Americans in 2020, according to account verification company Giact Systems, based in McAllen, Texas. This year the cost of cybercrime is expected to soar to $7 trillion worldwide, says Cybersecurity Ventures, a research firm in Northport, New York.

The problem is almost enough to make you want to unplug. Instead, take a breath.

Even with hackers and other cybercriminals banging at your firewalls, the internet can be navigated relatively safely. To keep your information safe and your financial accounts protected, security comes down to a few basic boxes to tick, with strong passwords topping the list.

We know we should take those hated passwords seriously, but most of us do them wrong. We do dumb things like reuse them or choose obvious terms like a pet’s or child’s name when we should make them at least seven characters long and a combination of letters, numbers and symbols.

Crooks are way ahead of us, able to guess our passwords based on clues we leave behind as we zoom around online. With the average person having to keep track of dozens of passwords, it’s no wonder we take shortcuts and get in trouble.

Enter the password manager

LastPass, one of the biggest password manager firms, began offering its solution in 2009, and rival Keeper started in 2011. Buy an annual subscription for about $35 to $90 and these digital lockboxes store your passwords securely and will also create difficult-to-crack passwords for you. In addition to Keeper and LastPass, Bitwarden, Dashlane and 1Password are among the popular choices. They are widely seen as safe, and computer security specialists uniformly say that with hacking on the rise, everyone should use one.

But most of us don’t. Security expert Roger Grimes says about 1 percent of the population buys a subscription to a password manager. This means most of us are sticking with home remedies — writing them down on a piece of paper stashed in a drawer, storing them in a document on a computer or relying on memory. So most of us remain vulnerable.

Help keep your data secure

1. Use a password manager

2. Use a different password for every website and service

3. Don’t use the same root password, merely adding numbers or symbols to make it different

4. Use passwords that are long and difficult to guess

A third option exists, as cheap as writing down the passwords, and, according to some experts, as safe as the paid alternatives. These are free password managers, built into the browsers from tech giants Apple, Google and Microsoft. Mozilla’s Firefox also offers one. According to a study published in 2017, 18 percent of the population was using those. Bitwarden, Dashlane, Keeper and LastPass also offer free versions of their managers with scaled-down services.

Tech giants versus indies

Can free be better than paid? That depends on whom you ask. With their focus strictly on password security, the independent companies develop deep expertise, unlike Apple and Google, which must watch over products ranging from phones to search engines, says Grimes, the “data-driven defense evangelist” at Clearwater, Florida–based KnowBe4.

Technology & Wireless

The UPS Store® Online Printing Services

20% off online printing services

View Details

See All

See more Technology & Wireless offers >

{"hideCategory":false,"useAlternateLanguage":false,"headlineIconAltText":"","listItems":[{"categoryTitle":"Technology \u0026 Wireless","categoryUrl":"/membership/benefits/tech/","categoryDeeplinkParam":"technologyandwireless","isLimitedTimeOffer":false,"offerJson":{"dbr_offer_id":"d9d05e23ed5bcedecb07b250152d5b4b","source_name":"The UPS Store® Online Printing Services","offer_title":"20% Off Online Printing Services","offer_description":"\u003cp\u003eMembers save 20% on all online printing services, such as banners, brochures, business cards, postcards, flyers and more. Printed materials are to be picked up in-store.\u003c/p\u003e","offer_short_description":"20% off online printing services","category_list":"technologyandwireless","subcategory_list":"","tags":[{"tagID":"dbr:technologyandwireless","title":"Technology \u0026 Wireless","name":"technologyandwireless","deeplink_url":"/membership/benefits/tech/","deeplink_param_value":"technologyandwireless","get_offers_url":"/etc/aarp/dbr/ws.api/offers/technologyandwireless.json","sub_tags":[]}],"vertical_image_url":"/content/dam/aarp/benefits_discounts/providers/the-ups-store/258x334-ups-store-birthday-card-printing-nov-2020.jpg","image_url":"/content/dam/aarp/benefits_discounts/providers/the-ups-store/1140x641-ups-store-birthday-card-printing-nov-2020.jpg","advertisement_flag":"","advertisement_sort_order":"","merchant_phone":"","merchant_phone_label":"","howto_redeem":"Learn More","howto_redeem_url":"https://aarp.upsstoreprintshop.com/DSF/SmartStore.aspx#!/Storefront","howto_redeem_expired":"Renew to Learn More","howto_redeem_expired_link":"https://appsec.aarp.org/mem/renew","howto_redeem_non_member":"Join to Learn More","howto_redeem_non_member_link":"https://secure.aarp.org/applications/membershipChallenge/showChallengeForm.action?appName\u003daccount","howto_redeem_anonymous":"Join to Learn More","howto_redeem_anonymous_link":"https://appsec.aarp.org/mem/join?campaignid\u003dUASMBP1\u0026intcmp\u003dEWHERE-MBCHAE-LP-MMA-JOIN","howto_redeem_desc":"Enter the promo code SAVE at checkout on The UPS Store website.","member_exclusive_flag":"no","offer_type":"EverGreen","hideLeavingAARP":"","interstitial_desc":"You\u0027ll leave AARP.org and go to the website of a trusted provider. The provider\u0027s terms, conditions, and policies apply.","dbr_offer_type":"discount","restrictions":"\u003cp\u003eAARP commercial member benefits are provided by third parties, not by AARP or its affiliates. Providers pay a royalty fee to AARP for the use of its intellectual property. These fees are used for the general purposes of AARP. Some provider offers are subject to change and may have restrictions.\u003c/p\u003e","lto_daysleft_start_control":30,"is_redeemable_in_person":"false","is_redeemable_only_in_person":true,"state_blacklist":[],"offer_timing":"anytime","line_of_business":"ASI discounts","asi_category":"ASI Shopping","analytics_brand":"UPS | The UPS Store® Online Printing Services","analytics_offerid":"the-ups-store-online-printing","howto_redeem_already_registered_anon":"Member Log In","howto_redeem_already_registered_anon_link":"https://login.aarp.org/online-community/loginform.action","howto_redeem_already_registered_nonmember":"Link your membership","howto_redeem_already_registered_nonmember_link":"https://secure.aarp.org/applications/membershipChallenge/showChallengeForm.action?appName\u003daccount","offer_keywords":["UPS store discounts","UPS store online printing discounts","aarp benefits","aarp discounts"],"offer_keywords_spanish":["Servicio de impresión","impresión en internet","ups store","ofertas de ups","beneficios de ups","descuento en impresión"],"provider_logo":"/content/dam/aarp/benefits_discounts/providers/the-ups-store/the-ups-store-logo-jan-2023.png","provider_logo_alt_text":"The UPS Store logo","provider_logo_cdn_uri":"https://cdn.aarp.net/content/dam/aarp/benefits_discounts/providers/the-ups-store/the-ups-store-logo-jan-2023.imgcache.revc478f80a1024fe6a5806eaa4314ad19a.png","provider_logo_width":"640","provider_logo_height":"108","enable_utm_parameters":"","append_aid_paramter":"","lto_model_heading":"Limited Time Member Offers","lto_advertisement":"Member Exclusive Advertisement","ty_socialMissionFlag":"true","deeplink_param_value":"the-ups-store-online-printing","pixel_learn_more_value":"","howto_redeem_2":"Learn More","howto_redeem_already_registered_nonmember_label":"Already a member?","howto_redeem_already_registered_anon_label":"Already a member?","image_alt_text":"","image_title":"hand holding birthday card","image_cdn_uri":"https://cdn.aarp.net/content/dam/aarp/benefits_discounts/providers/the-ups-store/1140x641-ups-store-birthday-card-printing-nov-2020.imgcache.rev6dc77dad9899b5b303f4dc7a93f136dc.jpg","tab_label_offer_details":"Details","tab_label_restrictions":"Disclosures","geoloc_tab_label":"Locations","disclaimer_label":"","geoloc_provider_legal_info":"","geoloc_miles_label_text":"Miles","geoloc_show_results_within_label_text":"Show results within","geoloc_see_more_button_text":"See More","geoloc_find_location_label":"Find a Location","geoloc_total_results_label":"Result(s)","geoloc_no_results_view_message":"There are no locations within a 100 mile radius. Please try another location","geoloc_tab_hint_text":"Enter an address, city, or ZIP","geoloc_mobile_list_cta":"LIST VIEW","geoloc_mobile_list_cta_url":"","geoloc_mobile_map_cta":"MAP VIEW","geoloc_mobile_map_cta_url":"","geoloc_provider_link_cta_url":"","geoloc_experience_type":"","ty_ctaText":"Continue","geoloc_hide_tab":"true","ty_interstitialText":"Thanks for visiting aarp.org! Come back again to check out all of the AARP Member Benefits and unlock the full power of membership.","howto_redeem_label":"How to Access","ty_interstitialDesc":"Come back again to check out all of the AARP Member Benefits and unlock the full power of membership.","ty_cancelText":"Cancel","ty_interstitialTitle":"Thanks for visiting aarp.org!","lto_daysleft":"Days Left","provider_logo_title":"The UPS Store logo","geoloc_hide_see_more_button":"false","geoloc_provider_link_cta":"","offer_page_path":"/benefits-discounts/all/the-ups-store-online-printing/","redemption_content":"","show_phone_number_above_cta":"","restrictions_label":"Disclosures","show_state_availability":"","state_availability_text":"SEE AVAILABILITY IN YOUR STATE","hideRestrictionsTab":"","ltos":[]},"parentOfferJson":{}}]}

“For Google, password management is just one of their features,” Grimes says. “There’s just a difference in focus” at the companies that do strictly password management.

The indies also offer options like “password health check, encrypted cloud storage, support for biometrics” such as facial and fingerprint login, and other things, Steve Morgan, a cybersecurity researcher and editor in chief of Cybercrime Magazine, wrote in an email.

“If someone makes a life decision to get serious about security and to manage their passwords, then they should really think about one of the paid apps, which really aren’t that costly and will have them covered long term,” wrote Morgan, whose company also owns Cybersecurity Ventures.

Free options are worth it

Still, with so many people not using password managers, isn’t something better than nothing? And might the free manager included with their browser encourage people to toss away their scraps of paper and get real password security?

“Something is better than nothing when it comes to passwords,” Morgan wrote.

The free options, in fact, are a few steps above nothing. Google security expert Tavis Ormandy wrote in a June 2021 blog post that he believes the free password managers embedded in browsers are, for a variety of technical reasons, more secure than the paid options. Ormandy, in the post, says has found vulnerabilities in the paid managers.

“They [the free options] provide the same functionality and can sidestep the fundamental problems with extensions,” he wrote. Ormandy wrote that he uses Chrome’s app, but other major browsers like Edge or Firefox offer solid products as well: “They have world-class security teams, and they couldn’t be easier to use.”

Advantages are cost, simplicity

What do they have that the paid options lack? Perhaps the main advantages are cost and simplicity. With seemingly every security expert calling for people to use a password manager as cyberattacks soar and with so few people using them, they may be the right choice for many households.

They’re not hard to use. When you create an account that requires a password, the browser will ask if you’d like it to save the password. You can add your own password and click “yes.” And you’re done. The password is encrypted and saved.

The managers also offer to create a unique password — a long, computer-generated combination of numbers, characters and upper- and lowercase letters — for each site. This removes risks associated with reusing passwords. Of course, the paid options include this.

Sharing passwords is another concern with the free managers. Sharing is a built-in option on the paid applications, since subscribers log in with a master password that can be made available to all household members. But with Chrome, for example, passwords are locked up with your personal account, the one that controls your email, and you may not be willing to share that information.

But whatever you do, do something. Hacking isn’t going away. The risks are growing daily.

“Just like everybody should be wearing a seat belt, everybody should be using a password manager,” Grimes says. “Whether it’s free or commercial is up to you; as long as you’re choosing a reputable manager” you should be protected.

%{postComment}%

More on home-family

word bubbles showing the words fake and facts on red keys embedded in a gray keyboard

10 Ways to Spot Fake Videos, Falsehoods on the Internet

You can sleuth for the truth as you look at apps, web

Scams and Fraud Protection Tips

Helping the consumer avoid identity theft, dating scams, tax fraud and more

Browser Extensions Can Save You Some Money and Time

But read the details, download from browser’s web store

AARP VALUE &

MEMBER BENEFITS