”Before You Use a Password Manager”
Medium June 5, 2019
By Stuart Schechter
I cringe when I hear self-proclaimed experts implore everyone to “use a password manager for all your passwords” and “turn on two-factor authentication for every site that offers it.” As most of us who perform user research in security quickly learn, advice that may protect one individual may harm another. Each person uses technology differently, has a unique set of skills, and faces different risks.
In case you haven’t received this advice, or didn’t understand what it was, Password managers are programs that remember passwords for you, along with the email address or other user identifier you use for each account. They make it easier to use strong passwords: those that are sufficiently random, long, and different for every one of your accounts. They also make it easier to lose all your passwords at once, or for attackers to steal all your passwords in one instant.
In this article, I’ll start by examining the benefits and risks of using a password manager. It’s hard to overstate the importance of protecting the data in your password manager, and having a recovery strategy for that data, so I’ll cover that next. I’ll then present a low-risk approach to experimenting with using a password manager, which will help you understand the tough choices you’ll need to make before using it for your most-important passwords. I’ll close with a handy list of the most important decisions you’ll need to make when using a password manager.
There are a lot of password managers to choose from. There’s a password manager built into every major web browser today, and many stand-alone password managers that work across browsers. In addition to remembering your passwords, most password managers will type your password into login forms. The better ones will create randomly-generated passwords for you, ensuring that you’re not using easily-guessed passwords or re-using passwords between sites. Some will even identify passwords you’ve re-used between sites and help you replace them.
Password managers help protect your passwords – Password managers can also put passwords at risk
About the Author:
“Hi. I’m Stuart Schechter. I spent over a decade of scientific research rigorously testing the human factors of security technologies while at Microsoft Research [15], MIT, and Harvard. I’m currently brewing new authentication technology for backing up password-manager data and second factors [16] from deep within Seoul’s plastic surgery district. To learn more about them, please follow me on twitter (@uppajung). More importantly, if you don’t follow me on twitter, my daughters will continue to accumulate a larger social media following than mine at less than a third my age.”
