Before You Use a Password Manager

Password managers help protect your passwords

Password managers protect you by creating a strong, unique password for every service you use, and removing your need to enter those passwords.

Password managers can also put passwords at risk

The old proverb about keeping all your eggs in one basket applies to password managers; yes, you can focus on guarding that one basket, but it just takes one mistake to lose all your eggs [2]. (If this thought of risking all your passwords at once makes you want to stop reading and give up on password managers now, don’t! In the section that follows, I’ll explain how password managers can be helpful even if you don’t entrust them with all your passwords.)

You can start without risking high-value passwords

If the above risks make you reluctant to use a password manager for all your accounts, consider starting with those passwords that you would least worry about losing or being compromised.

Learn a strong master password

Factor recovery into choosing a password manager

Since the one of the biggest differences between password managers is process to recovery your data if you lose your master password, you shouldn’t choose a password manager without researching its emergency recovery process. After you make your choice, the first thing you should do, along with choosing your master password, is to set up this recovery process. You may need it very soon, as you are most likely to forget a master password shortly after creating it, and before you have learned it through repeated use.

Think carefully before storing high-value passwords

Once you want to start storing passwords that have value, the decisions get harder and the answer that’s right for one person may not be right for another.

Summary

You may be doing more harm than good if you install a password manager, let it store your old passwords, and don’t take advantage of the features that can actually improve your security.

Decisions to make when using a password manager

Which password manager will I use?

The password managers discussed in this article along with the features that most impact security and your ability to recover access should something go wrong. See the footnotes for additional information [14].

End Notes

[1]
An impostor website may still trick users to retrieve the password from their password manager and enter it by hand.

--

--

I work on DiceKeys. Formerly researching human factors of security at Microsoft Research, MIT, and Harvard. @UppaJung on Twitter

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Stuart Schechter

Stuart Schechter

I work on DiceKeys. Formerly researching human factors of security at Microsoft Research, MIT, and Harvard. @UppaJung on Twitter