The Privacy Raccoon - Digital self-defense against mass surveillance

• Recommendations
• Guides
• Fake Privacy Initiatives
• Contributing
• Donate
• About

• 
• 
• 
• 
• 
• 
• 

Easy Introduction to Password Managers

Remembering the passwords for all the services that the average person uses is really hard. That’s why most people resort to reusing one password for all their accounts, which is a terrible practice you should avoid. The solution is using a Password Manager.

What’s a Password Manager?

A password manager is a computer program that is used to store and manage the passwords that a person has for various online accounts. Password managers store the passwords encrypted, so your passwords are safe and can be accessed with the help of a master password.

This means that by remembering only 1 password, called the master password, you’re able to safely store and access all the rest of your passwords, allowing everyone to have unique and strong password for every account.

Which Password Manager should I use?

Do you want your passwords to be automatically synchronized between all your devices? If your answer was yes, Bitwarden is for you. Bitwarden syncs all your passwords stored in an encrypted vault between all your devices, and their free plan is excellent. It has everything you’ll ever need.

If you’d rather store your passwords completely off-line, then you’ll love KeePassXC. It stores your passwords locally in a strongly encrypted database. If you want to access your passwords from another device you could just copy said database, which is a single file. There are sync tools that will automatically do this in a way that there are no third parties involved, your passwords never leave your own hardware.

How to Create a Safe Master Password

The use of a passphrase is strongly encouraged. We’ll teach you how to create one and which things you should avoid.

A passphrase is a string of words that is easy to remember once you’ve typed it a few times and which will be unique and strong to protect your password manager. An example of a passphrase would be: “motorbike decades monster pizza culture”.

See this excellent comic from xkcd:

However no every passphrase is good. Here there are a few things to avoid:

• Do not include personal information: for example, the name of your pet, or a special date. It’s a common mistake.
• Substituting letters with numbers does NOT effectively increase security. For example, using h4m5t3r instead of hamster has not significant security increase and it makes the password harder to remember.
• DO NOT USE RELATED WORDS, CHOOSE RANDOM ONES. For example, “the small red fox” is a bad passphrase. These passphrases are much easier to compromise. Choose completely random words instead.
• Another bad practice related to the one above would be only using words that fit inside a certain topic. “shark mouse zebra goat”, all these words are animals. It makes your passphrase easier to guess.
• DO NOT REUSE. This should be obvious, but avoid anything you’ve used before. This include variations of what you’ve used before. Create something completely new.
• Avoid short passphrases. At the very least, create a five-word passphrase. It’s not much harder to remember and it exponentially increases entropy.
• If you’re including 5 words this shouldn’t be a problem, but just in case, make sure that it’s at least 20 characters long.
• Do not share it. Do not write it anywhere else. Use it exclusively for your password manager.

Password Manager Usage

Once you’ve setup your password manager with a strong master password, you’ll need to go through the process of creating an entry for every account you have. This can be less of a hassle if you install the browser extension, it will automatically detect logins and ask you if you want to save it. Once you’ve finished, login into websites will be faster than ever, with a huge security increase. It’s worth your time.

While you go through this process, it’s a good idea to change your passwords for every service. You don’t need to think of a password, just use your password manager integrated password generator. It will create a completely random and unique password. Don’t worry because you won’t have to remember it, it stores it for you. Creating passwords of 16+ characters is recommended, after all you won’t have to remember them.

Conclusion

Using a password manager has huge security benefits, there’s no reason for not using one. Just make sure to choose a strong and unique master password and you’ll be fine. Remember to replace your old passwords with new ones generated by your password manager.