I love password managers, but I can understand why people don’t trust them.
I understand because I used to think the same thing.
To get over my trust issue, I came up with tricks that help me come around to loving password managers.
I want to share these tricks with you and help you better understand password managers better.
Note: I’m NOT being paid by any password manager company to write this or promote. Any password manager mention here I have either paid for myself or used (open source).
Why Password Managers?
We live in a time where we need a password for everything. Before I got a password manager, I thought I had maybe 30 passwords? After getting a password manager, I found out I have over 300.
I didn’t set out to have this many passwords, it’s just a side effect of using the internet for over a decade. The number still grows today as I find accounts I’ve forgotten about. I have a guide here to help you find all the accounts you have.
It’s so easy to forget all these accounts until you need them. Even more annoying when you need to get into these accounts in a hurry.
To make our lives easier we tend to use the same password for all accounts. While this solves the problem, it creates a new one. If one account gets leaked in a breach, then all accounts are breached. Breaches are only going to get worse with more and more people using the internet.
To see if you’ve ever been in a security breach or at risk of being hacked check out https://haveibeenpwned.com/.
To stop being hacked, you need to use a unique password for every account. This is hard to do. For one thing, coming up with passwords is annoying. So most people stick with using variations of their pets or child’s name.
This is why password managers were created; they allow you to give every account a unique password and it’s easy to manage. Back in the day, they were very niche as people did not have that many passwords. Now password managers have
We’re in a phase where people are slowly moving to password managers but still don’t fully trust them. I’m sure when planes came around many people didn’t trust them either. Just like planes many standards have come into place that makes password managers secure and safe to use. But having a parachute just in case is what this article is all about. Let’s take a look at the tips I’ve developed to help you have a “parachute” for your password manager.
How Encryption Works
Before I go into all the options, let me give you a simple explanation of how encryption works. Encryption protects your data in your password manager. It sounds simple enough but how does it work?
Let’s do an example.
What list of two numbers multiplied together gives you 4?
That’s easy, 2*2 and 1*4.
Now, list all the two numbers multiplied together that give you 7962255958559385932295452286933728664667582744873777426226977532545294927747996725237959543234934675756367679672783274587627949796849936545366323655343496598546976855524828848654326836436286896423279679294388463874468822787784848335828472627794247897269243383767565478352289782645754854943527627899583657725262768242822379399482397937348943937528665492537759479967966685584644588585558733286549643222886554434476793969797499244636624978464699876788834326657292?
That’s a tough one.
The only way we can figure it out is if we try all combinations or guess. If we guess, the odds are not in our favor, especially with large numbers. You get to a point where it’s more likely to get a kiss from Brad Pitt on a Tuesday while underwater on a space ship to pluto.
This is a straightforward explanation of how encryption works; it’s even more secure and complext than this.
Your master password and unencrypted data are the two numbers in our example. The computer converts the data to numbers to calculate the answer. To reverse it we take the answer and use the master password to “divide” to get the unencrypted data.
The actual numbers password managers use are far higher than this.
This is why if you forget your master password there is no reset; you need the missing number to solve the math problem.
What If Your Password Manager Gets Hacked?
Worrying about your password manager getting hacked is a valid concern. That is why I wrote an entire post on the topic “what if your password manager gets hacked“.
No Name Option
Our First option is what I call the “No Name Option”.
To explain it check out this image…
What site is this?
There is no URL, and the name tells me nothing besides it’s Stan’s least favorite place.
If you’re me then you know it’s for Starbucks.
The off chance that someone got into this account they would not be able to get very far. They do have the info, but they also have a lot of websites to figure out where it goes. There are easier fish to catch so they’ll move on.
Think of sentences or words that describe the site that only means something to you. Another example is my brother worked at Walmart. So I would do “Brett’s (my brother) last job.”
Not every login needs to be this just the important ones. It’s a great compromise, and you get to use a unique password which is the most important thing you can do.
Pepper Your Passwords
Here is an entire post on peppering passwords. Usually, when I show someone peppering it gets them over any fears they have about password managers.
If for some reason someone gets in your password manager they won’t have the real password. You still have the convenience of the password manager auto-filling but before you submit, enter your pepper.
Just like the other option mentioned before I would not do this for all my accounts. Only critical accounts like banking or email.
Paper And Password Manager
If you don’t fully trust password managers you could always split the difference and use a password book for the important accounts and the password manager for everything else.
A password book is also a great place to store your master password to your password manager. It’s important you don’t lose your master password and storing it written down somewhere safe with your other important passwords is a smart idea.
If you need a password book you can get them here (Ad).
Don’t Use Cloud Password Managers
It’s harder to steal a file on your home computer then it is to take a file on the internet. Or even placing the file on a flash drive that you only plugin when you need it is vastly harder to steal.
The same goes with password managers. If you use a local password manager like KeePass, KeePassXC, Enpass, or Buttercup, it’s harder to hack.
Combine this with the peppering method above, and you have a super-secure option that also makes your life easier.
To be even more secure stick to open sourced password managers. Also, don’t forget to back it up! Once a year or when you make changes to important accounts like email or banking you backup to a flash drive or anything not connected to your computer.
Multiple Layers
One way to make your password manager more secure is to layer them.
Use VeraCrypt to make an encrypted volume. This is just a file that is encrypted with a password. You can then place your password manager encrypted vault into that. So if you need to access your password manager, you must unlock the VeraCrypt volume and then open your password manager.
Another way to do this multiple layers idea is to have numerous vaults. A password manager like KeePassXC allows you to have as many vaults as you want. You can have a vault for your common passwords and a more secure vault for your banking passwords.
SmartPhone Only Vault
Smartphones are more locked down then your computer which is great for security! This is especially true for iPhones.
Since phones are locked down pretty well you can use them to store and generate all your passwords.
The problem is getting the passwords off the phone to your computer. If you use an iPhone and MacOS, you can easily share your clipboard and do it that way. I’ve done this before, and it works quite well.
You could also manually type them in, but hopefully, you use Diceware passphrases as it would make it a lot easier.
Another option is from MyKi, they keep your passwords on your phone and sync it with your browser’s plugin. You grant the request from your phone before logging in.
Your phone is the 21st-century version of a password book. You don’t have to worry about lousy handwriting or coming up with passwords. It’s easier to find passwords and keep important notes. Your phone is always on you, so it’s the ideal device to use for storing your passwords. With many phones defaulting to fingerprint readers and face scanners, it’s even easier to secure your phone along with your password manager inside.
What About A Virus or Malware?
A reason that gets thrown around for not using a password manager is the fear of a Virus.
Having all your eggs in one basket makes it a prime target for a computer virus to attack. This is a real fear and why we must take steps to make sure our computers are safe.
But this problem is not limited to password managers. How are you dealing with passwords now?
- Are you letting your browser store them? If so, it’s super easy to pull them out if you’re
malware . - Are you storing them in an Excel file? Excel is not the best option for security, and when you open the file, everything is visible. Plus, you have to enter the password to unlock the file at one point so what’s to stop the virus from getting that and the file?
- Are you manually entering your password? Viruses key log what you type. People who manually type passwords are also more likely to repeat them which is way worse!
You’re screwed no matter what.
Well… not completely. When it comes to password managers, these companies spend all their time thinking about these situations. These companies jump through the hoops to make sure your data is safe;
They make their app so that when you enter your master password, it’s in a secure desktop. Not only that, many password managers
If you’re looking at your odds, the safest bet would be to use a password manager.
No matter what, only enter your passwords on computers you trust.
Think About Your Family
A password manager can act as a “digital will.” If you get hurt or your loved one and can’t relay essential passwords you have a serious problem.
Having a password manager and sharing with someone you trust will make everyone’s life so much easier in these difficult situations.
Many password managers have emergency access; you set the wait time and the person you trust invokes it and gets access afterward.
Since the data is encrypted in your vault, you can store other things beyond passwords like code to your home vault, secret family recipes or where you hid something.
One More Thing
If you go with a password manager, the best advice I can give anyone is to write down your master password and put it somewhere safe.
Get a fireproof safe or a safe deposit box. Physically write down your master password and keep it in there.
If you forget your master password, there are NO reset options.
This can also act as
What Do You Think
I’m curious to hear what you think below. Why don’t you trust password managers or what solutions have you come up with?
I always trust people places and things but you remember her specific like letters instead of numbers or vice versa
Thank you for this very usefull information!!
You make me want to use a password manager since now I have tools to trust them more.
The idea on peppering passwords to protect against a breach at the password manager is especially insightful. Thanks so much!