Skip to content
 

Online Safety Starts With Using a Password Manager

Stop cybercriminals with strong, complex passwords you don’t have to remember

a broken lock illustration is surrounded by insecure passwords written on sticky notes

iStock / Getty Images

En español | Nearly all of us have been victims of cybercrime — or know someone who was.

Digital financial theft, including phishing, ransomware and public Wi-Fi hacks, hit close to half of all Americans last year, according to account verification company Giact Systems, based in Allen, Texas. This year the cost of cybercrime is expected to soar to $6 trillion worldwide, says Cybersecurity Ventures, a research firm in Northport, New York.

The problem is almost enough to make you want to unplug. Instead, take a breath.

Even with hackers and other cybercriminals banging at your firewalls, the internet can be navigated relatively safely. To keep your information safe and your financial accounts protected, security comes down to a few basic boxes to tick, with strong passwords topping the list.

We know we should take those hated passwords seriously, but most of us do them wrong. We do dumb things like reuse them or choose obvious terms like a pet’s or child’s name when we should make them at least seven characters long and a combination of letters, numbers and symbols.

Crooks are way ahead of us, able to guess our passwords based on clues we leave behind as we zoom around online. With the average person having to keep track of dozens of passwords, it’s no wonder we take shortcuts and get in trouble.

Enter the password manager

LastPass, one of the biggest password manager firms, began offering its solution in 2009, and rival Keeper started in 2011. Buy an annual subscription for about $35 to $90 and these digital lockboxes store your passwords securely and will also create difficult-to-crack passwords for you. In addition to Keeper and LastPass, Bitwarden, Dashlane and 1Password are among the popular choices. They are widely seen as safe, and computer security specialists uniformly say that with hacking on the rise, everyone should use one.

Help keep your data secure

1. Use a password manager​

2. Use a different password for every website and service

3. Don’t use the same root password, merely adding numbers or symbols to make it different​

4. Use passwords that are long and difficult to guess​

But most of us don’t. Security expert Roger Grimes says about 1 percent of the population buys a subscription to a password manager. This means most of us are sticking with home remedies — writing them down on a piece of paper stashed in a drawer, storing them in a document on a computer or relying on memory. So most of us remain vulnerable.

A third option exists, as cheap as writing down the passwords, and, according to some experts, as safe as the paid alternatives. These are free password managers, built into the browsers from tech giants Apple, Google and Microsoft. Mozilla’s Firefox also offers one. According to a study published in 2017, 18 percent of the population was using those. Bitwarden, Dashlane, Keeper and LastPass also offer free versions of their managers with scaled-down services.

Tech giants versus indies

Can free be better than paid? That depends on whom you ask. With their focus strictly on password security, the independent companies develop deep expertise, unlike Apple and Google, which must watch over products ranging from phones to search engines, says Grimes, the “data-driven defense evangelist” at Clearwater, Florida–based KnowBe4.

“For Google, password management is just one of their features,” Grimes says. “There’s just a difference in focus” at the companies that do strictly password management.

The indies also offer options like “password health check, encrypted cloud storage, support for biometrics” such as facial and fingerprint login, and other things, Steve Morgan, a cybersecurity researcher and editor in chief of Cybercrime Magazine, wrote in an email.

“If someone makes a life decision to get serious about security and to manage their passwords, then they should really think about one of the paid apps, which really aren’t that costly and will have them covered long term,” wrote Morgan, whose company also owns Cybersecurity Ventures.


AARP Membership — $12 for your first year  when you sign up for Automatic Renewal

Join today and get instant access to discounts, programs, services, and the information you need to benefit every area of your life. 

 


Free options are worth it

Still, with so many people not using password managers, isn’t something better than nothing? And might the free manager included with their browser encourage people to toss away their scraps of paper and get real password security?

“Something is better than nothing when it comes to passwords,” Morgan wrote.

The free options, in fact, are a few steps above nothing. Google security expert Tavis Ormandy wrote in a June 2021 blog post that he believes the free password managers embedded in browsers are, for a variety of technical reasons, more secure than the paid options. Ormandy, in the post, says has found vulnerabilities in the paid managers.

“They [the free options] provide the same functionality and can sidestep the fundamental problems with extensions,” he wrote. Ormandy wrote that he uses Chrome’s app, but other major browsers like Edge or Firefox offer solid products as well: “They have world-class security teams, and they couldn’t be easier to use.”

Advantages are cost, simplicity

What do they have that the paid options lack? Perhaps the main advantages are cost and simplicity. With seemingly every security expert calling for people to use a password manager as cyberattacks soar and with so few people using them, they may be the right choice for many households.

They’re not hard to use. When you create an account that requires a password, the browser will ask if you’d like it to save the password. You can add your own password and click “yes.” And you’re done. The password is encrypted and saved.

The managers also offer to create a unique password — a long, computer-generated combination of numbers, characters and upper- and lowercase letters — for each site. This removes risks associated with reusing passwords. Of course, the paid options include this.

Sharing passwords is another concern with the free managers. Sharing is a built-in option on the paid applications, since subscribers log in with a master password that can be made available to all household members. But with Chrome, for example, passwords are locked up with your personal account, the one that controls your email, and you may not be willing to share that information.

But whatever you do, do something. Hacking isn’t going away. The risks are growing daily.

“Just like everybody should be wearing a seat belt, everybody should be using a password manager,” Grimes says. “Whether it’s free or commercial is up to you; as long as you’re choosing a reputable manager” you should be protected.

Ronald Day is a contributing writer who covers money and technology. He previously worked for the investment website Karma Impact News and for Bloomberg News.