Password Managers – Making Sense of Too Many Logins

Quick: name all of your online accounts that require your input of a username and password. Are there more than five? More than ten? Twenty? It might surprise you to learn that the average Internet user has 26 online accounts, and yet uses an average of five passwords amongst all of them. For individuals between the ages of 25-34, the number of online accounts jumps to 40, with the same average of five passwords recycled amongst them. (Source: Experian)

Recycling is good for the planet, but not for your online life.

We’ve all been cautioned against creating weak passwords, and there is a wealth of information online on this very topic. We’ve talked about password security before and I hope you’ve taken the advice given and strengthened your passwords. And yet, even the strongest password is no match for repetition across several accounts.

Using so few passwords is understandable, if ill-advised. If you’re suffering from TML (Too Many Logins), the temptation is pretty strong to just reuse the handful of passwords you’ve committed to memory. Real words, pets’ names, important dates – all are easy to remember and that’s why the majority of people use them as passwords. And the trouble with strong passwords is that, if they’re really strong, a lot of the time they’re difficult to commit to memory. After all, the human brain is wired to remember names and dates and phrases and mnemonics, while a seemingly random string of letters, numbers, and special characters is a little more difficult to call to mind. Yet it’s precisely that disjointed string of letters, numbers, and special characters that’s difficult to crack, and the more random it seems the better.

Over the span of 26 to 40 online accounts, accessing strong (and differing) passwords is pretty daunting. That’s where password management software comes in. The software keeps track of your 26 to 40 logins, and accessing any of these sites only requires that you remember the login information for the password manager. When you input your master login for the password manager, the software automatically fills in the appropriate data for the website you are logging into.

enter your password

The benefits of using such software are obvious. First, you don’t have to recycle passwords amongst your accounts – a good practice to give up, regardless of how many accounts you have. Secondly, you can make the passwords for each of your accounts strong (and different). And finally, you only really need to remember one password, which is the key to accessing the rest. Instead of remembering dozens of passwords, you can use your brain for other and better things.

There are different forms of password management software, and it makes sense to examine the options available to you. Which one you choose will depend on your personal preferences and just how much security you need:

Desktop/Laptop Password Apps

These reside on your computer hard drive as an encrypted local file. Also known as standalone managers, these apps include the free version of Roboform, Norton’s Identity Manager, and the free version of KeePass, among others.

Web-based Password Apps

Web-based apps, which store your passwords locally, but also sync across all your devices (laptops, tablets, smartphones, etc.). Examples of this type of app include LastPass, Dashlane, and SplashID.

Web-based apps, which store your passwords off-site on secure servers and allow you to access your passwords on any device. Apps that use this format include LastPass and Roboform Everywhere.

Cloud-based Password Apps

Cloud-based apps, which store your passwords off-site on secure servers but require password management software to be installed on your machine in order to access this information. Cloud-based apps include 1Password, Clipperz, and LastPass.

Token Manager Password Apps

Token managers, which require the use of a secure USB, smart card, or other external device in addition to a PIN or password to unlock stored information. Also known as two-factor authentication, apps that utilize this technology include KeePass, Stickypassword and PasswordSafe.

If it seems that several of the above-mentioned password managers fall into several categories, they do. Password management software is offered with several levels, from basic (free) to increasing levels of (paid) coverage. It pays to carefully assess the level of security you need and choose the manager that best suits your online life, even it if costs a bit. In the grand scheme of things, password management software isn’t terribly expensive, but the coverage it provides can be invaluable.

Using a password manager can make your online life a little easier and a lot more secure. A quick search online will turn up dozens of options for this type of software, with a good many articles reviewing and ranking the best available. Read the reviews and choose the password management system that works for your needs. If you’ve been recycling passwords amongst accounts, then one account compromised could mean several others compromised, as well. A password manager can help to keep that from happening.

Do you already use a password manager? Tell us about it in the comments!

{photo used under Creative Commons from marc falardeau – flickr}

  • I’ve read about password managers, but then I’m worried that someone from the password manager company will then have access to ALL of my passwords. Is that a valid concern, or is there some safeguard against that? Wish I was more tech savvy!

  • Pat Heck

    Great question! In almost all instances, and especially for the ones discussed here, there are safeguards. Passwords are stored encrypted and only you know the key. LastPass for example (the one I use currently) never receives/sees your master password. In the terms of service they make it clear that they’ll never ask you for your master password. Two statements they make in describing their technology: No one at LastPass can ever access your sensitive data. We’ve taken every step we can think of to ensure your security and privacy. and We use firewalls and best practices to protect the servers and service, but our best line of defense is simply not having access to data even if someone got in. If LastPass can’t access it, hackers can’t either

  • William Sail

    Really enjoyed the article, I just moved over to Roboform a short while ago after reading this article and wanted to thank you for such a great lead. It’s so easy to use, it makes me wonder what I’ve been doing with my life without a password manager.