I’ve talked about the 2 password manager idea before in my post about what if your password manager gets hacked.
But I feel I need to give this idea its own post because of how seriously important it is.
What Is The 2 Password Manager Method?
It’s as the name describes, you use 2 password managers — one password manager for the important stuff and the other for the not so important stuff.
An important password is like your banking, email, retirement accounts, or any account that if stolen would feel like the world is ending.
A non-important password is everything else.
The reason why email gets grouped in the important category is that its the hub for resetting all passwords.
Someone who makes a living off YouTube might consider it an important password while someone who doesn’t might find it not important. At the end of the day, what each person considers important will vary.
Why 2 Password Managers?
Why 2 password managers? It’s the same reason you would not carry your birth certificate, passport, physical social security card or any important thing around with you everywhere you go.
Some things are more important than others and we take steps to protect them.
Password Managers Are Only Secure When Locked
Another thing to keep in mind is that your password manager is only secure when it’s encrypted – and it’s only encrypted when you’ve locked it or closed the app.
Many password managers decrypt the entire vault so that you can log into websites and use the app. With this in mind do you really need all your passwords exposed in one location? Is it necessary for your banking password to be sitting next to your Twitter password?
So long as you use a computer you trust there is nothing to worry about. But it does ring the “what if” bells that make you think. While most people should not worry… you still feel like you need to do something.
This is not meant to scare you but to make you more aware of how password managers work. Only use a computer you own and never unlock your vault on a computer you don’t trust. Also, keep a good antivirus and your computer updated.
How Often Are You Using Your Important Passwords?
What helped convince me of the 2 password manager method is how often I’m using these important accounts.
We’re living in a time where it’s easier to use the banking app on your phone then it is to go to their website or even deal with a real person. With fingerprint readers and FaceID, it makes logging into your bank app almost too easy.
Combine that with using email apps and you don’t need the passwords to these important accounts that often.
Other things like retirement accounts are services you might check monthly if not yearly. Do you need the password to such an important account always on the ready?
What Two Password Managers Should You Use?
I say for your non-important passwords go with a cloud-based password manager like 1Password, Bitwarden, LastPass, Dashlane, or whatever you like.
For the important passwords use a local password manager like KeePassXC. Then store it on Dropbox or any private file sharing service you want. This way you can use it on your mobile device and do not have to ever open it on your desktop computer unless you really need to.
Make sure to back up the local password manager to a flash drive for the off chance of a ransomware attack or any other unforeseen issues in the future. Once a year backups should be fine, if every account has a unique password there is no need to change it unless you think it’s compromised.
2 Password Managers Is Too Complicated
If you feel using 2 password managers is too much then consider using one password manager for the everyday stuff and for the important stuff write them down and keep them in a safe.
It’s the same idea and pretty much “hack-proof.” The only thing that you should do is make sure every password is unique.
I usually don’t like recommending writing down passwords because people are more likely to reuse passwords but if you give every account a unique password I see no issue. Well, there is the fire or other natural disasters that could happen, but we’re starting to split hairs now.
There is also the option of peppering your important passwords as described here.
In the end, there is no wrong way to go about this. The simple fact that you’re even using a password manager puts you miles ahead of most people. And the fact you’ve found this article means you are taking your security to the extreme and will find something that suits your needs. Congrats on being awesome!
There are many ways to go about this…
- Use two online password managers, one for the important accounts and the other for non-important accounts. With Bitwarden and LastPass offering free accounts this might be worth it to some. Just switch between the accounts you need.
- Use one password manager for all passwords and then let the web browser store the non-important passwords for you. Probably the simplest method for most people.