Why You Need to Use a Password Manager

If you think passwords will soon be dead, think again - they’re here to stay, at least for now. Passwords are cumbersome and hard to remember, and it seems like as soon as you do remember a password, you’re being told to change it again. And if passwords are poorly composed, they can be guessed and are easily hackable.

Nobody likes passwords, but they're a fact of life. And while some technologies have tried to kill passwords off by replacing them with alternatives such as fingerprint or face scanning, neither approach is perfect, and many people still fall back to the trusty (but frustrating) password.

So how do you make better passwords? Simple - you need a password manager.

What is a password manager?

You can think of a password manager as a book of your passwords, locked by a master key that only you know. Some people think this sounds like a bad idea. Many people are concerned about someone getting ahold of their master password and compromising all of their accounts, which is a very reasonable fear. But, assuming that you've chosen a master password that is strong and unique, that is easy to remember, and YOU ARE NOT USING IT ANYWHERE ELSE - a password manager is a near-perfect way to create strong and unique passwords, and protect them from improper access.

It is important to understand that password managers don't simply store your passwords - they actually generate strong, unique passwords for you when you create accounts on websites. It is often the case that your password manager can be configured to automatically enter your credentials when you go to a particular website or app; or, if you prefer, you can choose to pull up the password manager, manually copy your username and password, paste them into the login dialog box of a site or application, and you're in. And because many of the password managers out there support encrypted, automated synchronization across devices, you can take your passwords anywhere with you — even on your smartphone.

Why do you need to use a password manager?

Password managers take the hassle out of creating and remembering strong passwords - it's just that simple. There are three compelling reasons why you should commit to using a password manager:

1. Passwords are stolen all the time.

Sites and services are constantly at risk of data breaches, similar to the way that you are constantly targeted by phishing attacks that try to trick you into turning over your password. Although companies are supposed to encrypt your password when you enter it - known as hashing - not all companies use strong or modern algorithms to do so, which makes it easier for hackers to steal your plain text password. Shockingly, some companies don't bother to encrypt passwords at all, which puts your accounts and personal data at risk for both fraud and identity theft. Remember, the longer and more complex your password is - a mix of uppercase and lowercase characters, numbers, symbols and punctuation - the longer it takes for hackers to unscramble your password. Password managers handle this onerous chore for you.

2. The sheer number of passwords we have to remember.

Banks, social media accounts, email, and various utilities - it’s tempting and simple to use just one password across the board. However, doing so makes "credential stuffing" easier - that's when hackers take your password from one breached site and try to log in to your account on other sites. Using a password manager automatically generates and stores stronger passwords that are unique to each site, preventing credential stuffing attacks.

3. Password theft by "Shoulder Surfing."

If you're in a crowded or busy place - like a coffee shop or an airplane - the simple act of typing in your passwords can potentially expose them to theft by bystanders looking over your shoulder and watching what you type. In most cases, using a password manager removes the need for you to type any passwords at all.

Which password manager should you use?

The simple answer is that it's up to you. All password managers perform largely the same functions, but different password managers may have different or features you might find to be more relevant than others.

Anyone using devices in the Apple ecosystem (Macs, iPhones, or iPads) since 2014 has access to iCloud Keychain - Apple's free password manager. iCloud Keychain transparently generates strong, unique passwords and synchronizes them across all Apple devices, leaving Apple users without an excuse to use password management.

For Windows and Android users, most password managers out there are free for basic service, with the option to upgrade to get premium features - for example, password synchronization across devices. If you want your passwords to sync across all of your devices - an exceptionally convenient feature - a great option to consider is 1Password, which is being offered by UCLA free of charge to all current Faculty, Students, and Staff.

Why use a Password Manager?

· One master password is all you need to remember to access all of your accounts!

· You can bring your passwords with you to any platform: web, desktop, and mobile. The passwords on one platform sync in real time on every other platform. This means that if you change a password for a webpage on your web browser, it will automatically update the password on your tablet and mobile 1Password account.

· Compatibility with every major OS: Windows, Mac, and Linux. 1Password even has a command line application.

· 1Password is secure: 1password never sees or stores your passwords in plaintext and your master password never leaves your machine. Your passwords are encrypted and decrypted at the device level. Your master password, and the keys used to encrypt and decrypt data, are never sent to 1Passwords' servers, and are never accessible by 1Password or the UCLA IT Security Office. This means even if your 1Password data is intercepted or accessed in a security breach, your strongly encrypted passwords are still safe by virtue of their encryption. Additionally, adding DUO Multi-Factor Authentication (MFA) provides an extra layer of security for your 1Passwordaccount.

· Ability to securely store other critical pieces of information such as notes.

1Password can store notes and small pictures with the same strong security it uses for passwords. If you have important travel documents or itineraries, emergency contact info, or financial information - this is the perfect place to store it.

· Password Managers create better, stronger, unique passwords with their Password Generator than people are capable of creating. The generator can be adjusted for length, types of characters, readability, pronounceability, and other options.

Like all software, vulnerabilities and weaknesses in any password manager can put your data at risk. However, as long as you keep your password manager up to date - most browser extensions are automatically updated - your risk is significantly reduced.

Simply put: using a password manager is far better for your overall security posture than not using one - so please be sure to use one!