< Index

Use a Password Manager!

Please use a password manager! I know many people don't use one, and I wonder how do they not get hacked daily. Some people (including me in the past) even reuse the same password on every website!

I know why that happens. People are lazy. They don't want to keep track of all of the different passwords they have, so they keep a single one. Some services have different password requirements, on some services they get hacked - and the service forces them to use a different password. They end up having around five different password variations - why further complicate things by keeping a separate password for every site - it would be impossible to remember!

Well, consider a simple situation. It's not that rare you have to register an account on a new website, right? So, what if the site you registered on had an Evil owner that logged your password in their database? Even if they aren't evil - if they store it insecurely, a hacker might get access to that database and crack your password from a hash, or worse, the hacker will simply not have to do anything extra as your password will be stored in plaintext. That happens fairly often, you can check out Have I Been Pwned to see if your passwords are in the database. There are paid services that can show you the exact password, and password databases are easy to find online - even if your password isn't there yet, if you keep reusing the same password, it's just a matter of time until it ends up there.

So, how do you solve it? That's easy - use a password manager. It can keep track of your passwords, it can generate new long and secure passwords for you (don't worry, you won't have to enter them manually), it can keep track of your 2FA codes, it can store your ssh keys and other information used for authentication, it can integrate with your browser to enter passwords automatically, it can let you keep track of the passwords you had been given by other people, or help you pass your passwords on to other people after you die. There's no reason not to use one!

"I'm convinced! So, which password manager do I use? There's so many!"

As a rule of thumb, if a security/privacy-focused product isn't open-source, it isn't even worth trying. With that in mind, consider one of the following password managers:

No matter which one you pick, as long as your master password stays safe, your chances of getting hacked will drastically decrease!

But there are other attack vectors - for example, if an attacker gets access to your Email account or phone number, they can simply reset your password. Make sure to enable 2FA wherever possible. If the attacker is physically near you, they can simply capture you entering your master password on video - in that case, using a physical key such as NitroKey, SoloKeys or OnlyKey may be useful - even simply using a USB drive with a keyfile on it might be beneficial. Know your threat model and act accordingly!

Have any comments, questions, feedback? You can click here to leave it, publicly or privately!