Thomas Lenne / Alamy Stock Photo
When it comes to passwords, is your desk a sea of sticky notes scrawled with cryptic numbers and letters, or can anyone who knows your dog’s name and your three lucky numbers access everything from your bank balance to your Facebook profile?
Yes? Well, you are not alone.
Passwords are needed for just about everything we do in our digital life, but keeping them straight is a challenge. We’re not supposed to use the same password for all our online activity — because if someone guesses or hacks it, they now have access to all your accounts — yet we’re not supposed to write passwords down either.
So, what to do?
Consider a password manager
As the name suggests, a password manager helps you easily create, store and recall passwords. Many of them are both a website and an app, so you have access to all your passwords regardless of what device you’re on.
There are a few popular password managers to choose from — Dashlane, 1 Password, RoboForm, True Key, Keeper, Sticky Password, Last Pass and ZOHO Vault, to name a few — and they’re generally free to start and easy to use.
In most cases, you set up an account by providing your name, email address and a “master” password to enter your digital locker. Once you’re inside, you may see familiar logos for some of the most popular brands on the web, including Facebook, Instagram, Gmail, PayPal, Amazon, Dropbox, Netflix, eBay, Reddit and so on. Or you can create your own for, say, your Internet Service Provider (ISP), favorite news site, bank site, online games or any other place you need a password to use.
Once you tap one, such as Facebook, you’ll be prompted to enter your username and password once, and now it’s stored here for good. In fact, with most of these password managers, you can tap the logo to launch and log you into the app or site in question, thanks to its “auto-fill” feature.
Because most password managers sync your information in the “cloud” (online), you’ll have access to everything, regardless of the device you’re logging in to. Therefore, if you add a new password on your smartphone, and then sit down at your desktop computer later, you'll find that everything has been synchronized.
How secure are they?
For each website or app password you keep, you can choose to require the master password only or a master password and a PIN code or fingerprint (on a mobile phone or tablet) for “two-factor authentication.”
But what if your phone, tablet or laptop is lost or stolen? Can’t someone access all your passwords if they figure out your “master password”? You need not worry about this as your device has to be unlocked first — that is, a person would first need to know your PIN or password — and then guess your master password, too, which is highly unlikely. And since you can log on to your password manager from virtually any device, you can log in from another machine and change your master password — just in case.
As a veteran security researcher, ESET’s Stephen Cobb (eset.com) is familiar with password managers and is generally in favor of them because, as he puts it: “they make it possible for us mere mortals to employ strong passwords across an ever-increasing number of accounts, websites and services.”
But Cobb offers some caveats: “While companies that offer these services are deeply vested in keeping your passwords safe, that is no easy task, so make sure that you are selecting a reputable product.”
Not only do password managers let you keep your favorite passwords, but you can also lean on the app or site to create a tougher password, if desired. All passwords are encrypted with Secure Sockets Layer (SSL) and AES-256, the strongest grade of encryption available (banks use 128- or 256-bit encryption).
For more on how to protect yourself, visit AARP's Scams and Fraud page.
Depending on the password manager you choose, additional features — which may or not be free —can add even more value to the service.
- Some aren’t just for filling out online passwords but can also help populate other tedious online forms, such as billing or address information.
- Since this is a privately accessed app or website, you can often keep sensitive or important information — like notes, photos and other files — safe and easily accessible.
- A few of these password managers can also scan the internet (including the “dark web”) for leaked or stolen personal data, and will alert you the moment your information is detected where it shouldn’t be.
- Some password managers double as a VPN, or virtual private network, which helps you remain anonymous while browsing the internet. Using a VPN hides your online activity from your ISP, search engines, advertisers, social media platforms, the government and cyber-snooping criminals.
- A few of these password managers can also hold a list of emergency contacts, in the event you need to provide a friend or family member access to your accounts — or if you pass away and want to leave these passwords to a trusted family member or friend.