Not using a password manager? Here’s why you should be…

Experts promote password manager for their ease of use and improved online security, yet few of us use them.

In a cutthroat climate, passwords are one of the worst elements of the internet. Many people select weak and readily guessable passwords because they are easier to remember. While longer and more sophisticated passwords are more secure. Millions of individuals use their pet's name, the name of their favorite football team, "password," and "123456," according to a poll by the UK's National Cyber Security Centre (NCSC).

You are now open to assault, though, since scammers can quickly decipher weak passwords using automated software. "A hacker requires about two seconds to crack an 11-character password made entirely of digits," according to Alex Balan, head of security research at Bitdefender. If the password is more complicated, incorporate numbers, symbols, uppercase, and lowercase characters. The time required to crack it increases to 400 years.

It may appear intimidating at first, but a password manager will make your life much easier.

A good password, according to experts, should be unique and comprise a blend of letters, numbers, and special characters. According to independent security expert Sean Wright, the key to a strong one is length. "While password complexity is beneficial, length is considerably more important." Experts recommend at least 11 characters, and more if feasible.

The average internet user has around 100 different login credentials; most individuals are not good at remembering this many complex passwords.

To generate lengthy and challenging credentials for you and remember them the next time you log in, password management programs might be helpful in this situation. Only around one in five people in the UK now use one, according to estimates.

Many consumers find the hassle off-putting, while others worry about allowing a single company to store all their passwords. How can you tell whether someone is trustworthy, and what happens if the company has been hacked?

A password manager will greatly simplify your life, despite its frightening initial appearance.

Why should you become one of the 20% who uses password manager?

Once you've installed a password manager like 1Password, LastPass, Bitwarden, or Dashlane, you may import your logins from another source, such as your browser. You may even start fresh with brand-new accounts and remove any existing ones as you go if you'd like.

Once configured, the app will create strong passwords that will autofill as you explore each new website you visit. This takes care of one of the trickiest aspects of password security: remembering a lot of intricate credentials.

"Because password managers handle the remembering. Any password may be a large, completely random string of characters," explains Jake Moore, global cybersecurity consultant at security firm ESET.

Password managers also guarantee that you use a unique login for each account rather than using the same one for several services. This is critical for preventing "credential-stuffing" attacks. They occur when a hacker uses a stolen password, such as one from Facebook, to get access to other well-known services such as Netflix or Spotify.

Another benefit that is sometimes neglected is that most password managers assist against phishing attempts, in which criminals may entice you to click a link to obtain your credentials. "Because they associate the credentials with a specific web URL, the autocomplete will not work on phishing sites," Wright explains.

In rare circumstances, password managers may also be used to securely share a login with other trusted persons, such as family members. They also let you securely store PINs, credit card information, and internet banking passwords.

Why password manager is reliable and not as troublesome as you believe

One common misperception concerning password managers is that having all of your credentials in one location is dangerous. "I am frequently asked, 'What if someone gains access to my password manager?'. But utilizing one is significantly superior to using the same credentials for all accounts," Moore adds.

While there is a slight danger in centralizing all of your logins, Wright believes the chances of the password manager being compromised are quite minimal.

Physical password booklets, while frequently derided, aren't a horrible idea.

Password managers protect your information by encrypting your logins. So that they can only be accessed by entering the master password. "Your plain text passwords are never saved on your device or the password manager's servers," explains Paul Bischoff, Comparitech's privacy advocate.

The hardest challenge for those just starting is probably setting up a password manager, but it can be done gradually by changing passwords along the way. Once your app is set up, you'll no longer need to spend time resetting lost logins.

Some individuals worry about the cost of password managers. However, they are typically available for free or for a little monthly fee. When you weigh the cost of being hacked and having private information like bank accounts accessed. The subscription fee if you want to pay it, will be justifiable.

Are Google Password Manager and Apple Keychain as efficient as standalone password managers?

Despite being password managers, Apple Keychain and Google Chrome Password Manager doesn't provide "full-service" password managers. You can't simply utilize your password manager with other devices or browsers if you stick with Apple or Google.

To travel between devices without difficulty, Moore advises using an independent password manager in addition to Google Chrome and Apple Keychain. "A third-party password manager often offers more functionality and can be readily accessible across devices. Even though it's better than repeating passwords," the author writes.

Ways to increase security

Remember that a master password, which you must be able to remember, will be required by the password manager. This should be as long and complicated as you can make it. Like a sentence or group of memorable phrases with a few random letters and digits mixed in.

Some password-management software will notify you if one of your accounts has been compromised. is another trustworthy source for determining whether your credentials have been compromised in any reported breaches.

Apple also includes a capability to identify compromised passwords under Settings > Passwords > Security Recommendations. If any of your passwords have been hacked, you should change them immediately. Both on the compromised website and on any other websites where individuals use the same login credentials.

Your email address is the most important password you have. If a criminal obtains access to your email, they may steal information such as financial information or pose as you to send messages that fool others. Worse, they may use your email to change all of your other passwords, giving them access to all of your accounts. The NCSC recommends creating a super-secure password for this account, ideally with the help of a password manager.

Passwords – including password managers – should be backed up with two-factor authentication. It requires you to provide something like a one-time code in addition to your password when you log in with a new device. For the more daring, you can use a security key like a YubiKey — a token you can enter into your device to double-secure high-risk accounts like email. Authy and other authenticator applications are other alternatives. These are incredibly simple to use and create a unique code for you to input into the site.

The least awful option...

There is another way if this all seems too complicated, or if you are handling passwords for an elderly parent or grandparent. Physical password books, while frequently derided, aren't a bad idea as long as you follow the requirements for setting strong. Unique logins and the book is stored somewhere secure and doesn't leave the house. And, of course, you should never create a "virtual" book or document on your computer that may be accessed if your device is hijacked.