Should I use a password manager?

Yes. You should.

A password manager is a program that provides a secure place to store a different, long and complicated password for every site that you visit.

If you use the same password for every site and one of those sites is compromised, attackers can use that password to access your information on any of the other sites. This happens regularly. Also, if your passwords are easy to remember, you are more likely to have your accounts compromised. This is one of the most common ways attackers gain access to people’s personal information.

The key to preventing this is to assign a different password that nobody could possibly guess or remember to each secured site (or page) you visit. This can be a nightmare if you can’t remember all of your passwords. And, if you try writing your passwords down and retyping them with each site you visit, you increase the chances of entering those passwords incorrectly.

So, you should use a password manager.

How it works

Say you visit a site that requires a password to view some content. You want to create a long, complicated string of characters and numbers that is impossible to remember, making it difficult for a hacker to crack. (You can use one of many password writer programs to generate secure passwords. Some browsers, such as Firefox, even have a plug-in that generates complicated passwords for you). Enter the secure password you have generated. If you are using a password manager, your browser will then prompt you to save that password. You can then save the password, and the work is done.

Your complicated, site-specific password is stored in a file that your browser keeps locked away behind a master password that you created when you set up your password manager. This master password, unlike the site-specific passwords, should be something easy for you to remember.

Now, when you go to a site that needs a password, the browser or email program prompts you for the password. You can retrieve it from your password manager instantly or, in some programs, you enter the master password and your specific password is retrieved automatically. It’s like retrieving something from a locked vault.

Which Password Manger should I use?

An important point here. There are two approaches to saving passwords. Some managers keep them on a file on your hard drive; others keep them on a server in the manger’s (or sponsoring company’s) own drive.

Let’s review the options and they we’ll explain how this difference relates to your choices.

For most users, we recommend KeePassXC.  It works on all operating systems and you can download it and start using it right away.

KeePassXC keeps your passwords on your hard drive and you access the “bank” with a single main password. It all happens on your computer. If you use multiple computers, you can save the KeePassXC database via Nextcloud or even Dropbox (since the password are protected by your main password – however, if you use this option, you may want to use the KeePassXC option to secure your passwords with a key file and ensure the key file is not synchronized but kept in a separate folder). Then, you can access your password from any device, even your cell phone (see the android app or the iPhone app).

You also may be interested in integrating KeePassXC into your web browser.

An alternative to KeePassXC is Bitwarden which keeps your passwords on a cloud server, encrypted so nobody can read them except you. That makes life a bit easier if you move around without your computer and log in on other people’s. Bitwarden is fully open source – and you have the option of using the service provided by the software developers or install it yourself. Bitwarden can also be installed on any operating system or cell phone and has a web site where you can directly access your passwords.

Another good alternative is Dashlane. It’s simple and works (more or less) like Bitwarden.

While it may seem easier and more convenient to use a service like Bitwarden and Dashlane since your information is always available to you no matter where you are and which computer you’re using. But not everyone is willing to install their passwords on another server that might fail or go out of business or, more seriously, be breeched by investigators or criminals.

One option is to use a cloud back-up of your KeePassXC information.