Password managers almost always create controversy, because they are directly related to our online security, an important issue that should never be taken lightly. There are those who defend them because they help create and use safer passwords, while those who are against them often argue that having all passwords in one place (and even more, if they are online) is dangerous, in addition to a nearly Irresistible to cybercriminals.
So, password managers, yes or no? In this article, Gabriela and I face each other (against, I favor) to explain our position before them. Gabriela, on the one hand, will explain why she does not use it, and what tricks you can put into practice to have secure passwords even if you do not use a password manager; I, for my part, will list the reasons why I use a manager, and what interesting alternatives there are to prove.
During my early years as an Internet user I was a bit innocent about the subject of passwords. Of course, there were also other times: I did not have two dozen profiles in as many different online services, nor did there exist the amount of threats that we find now.
Then, as the network grew in size and complexity , and at the same time I was creating more user accounts in email services, social networks, streaming music and so on, I was aware of the need to create passwords in conditions for All of them.
However, that was not the time when I decided to try out a password manager. First I tried with the mnemonic techniques that we use many to generate passwords: to use some letters related to the service in question, some number that means something, vowels, some other typographical symbol … and to mix everything with the hope that, You could remember the password.
The trick worked until, frankly, it was too many. And they were becoming increasingly difficult to remember , unless it made them simpler and shorter – with the consequent danger – for online security. At that time, someone recommended me SplashID (the first password manager that I used) and decided to give it a try.
Since then I have not looked back. All my passwords are stored in a database, accessible at any time from any device through an app, and I do not have to worry about memorizing them; Only the one that gives me access to that database.
The fact that passwords are in the cloud is one of the points that throws back those who do not use a manager yet. That, and the danger of an attack by cybercriminals, as LastPass itself suffered in 2015 . All in all, I think using a password manager is a lot safer than having them pointed to in a little book (I also know who does that).
It is safer, because companies that do this already worry about encrypting passwords with powerful algorithms that make it very difficult to access them – that is, a hacker can enter the service, but it will be much more complicated for “Read” what is saved in the database.
In fact, in July of this year a security analyst discovered and reported a security breach in LastPass, and still, he continues to defend its use: “We should not stop using password managers. They remain a much better option than using the same password in several different services.”
What is clear is that we can not rely solely on the encryption algorithms of our password manager, and we must also take some steps on our part to further increase the security of the services we use online. The first and most logical, it is useless to use a password manager if the master password to access it is something like “12345”. That key must be safe, and should never be shared with anyone.
On the other hand, more and more services offer the verification in two steps as an extra security measure, and it is something that we should not hesitate to activate as long as we have the possibility to do so.
Some interesting alternatives
I said earlier that my first password manager was SplashID, but now use 1Password. The two are pay-per-view, and offer similar features, but what finally attracted me to 1Password is its mobile app, with better design (for my taste) and, above all, compatible with the fingerprint sensor of my mobile.
1Password is actually an offline password manager, which saves them on your PC or Mac (for the sake of the enemies of the cloud). But if you also want to have them available in the mobile app to be able to consult them at any time, you can synchronize them in several ways : via USB or wifi connecting your mobile to the computer, or using a service such as iCloud or Dropbox, for example.
Another thing I like about 1Password is its Families feature, with which the five members of a single family enjoy a license to use the program for about 4.5 euros per month. And you can always try it for free for 30 days before deciding to pay or not.
LastPass has had some bad press in recent months, which is why they may have decided to offer free synchronization with multiple devices, which until now was a feature of the Premium version. It’s still good service, but I can understand someone’s reluctance to get an account on it.
Another good alternative I’ve tried is Dashlane. What really catches the attention of this password manager is its careful design , and a particularly convenient feature when you surf the Internet: automatic login to all those websites that ask for a password, and have it saved in Dashlane. It has a free version, but Premium is the one that allows you to synchronize data between devices (what I consider an essential feature).
Finally, the best option for those who want to use a password manager without the potential dangers of the cloud (and is also open source ) is KeePass. This lightweight , easy-to-use and totally offline manager saves your passwords in an encrypted database that can only be accessed with a master key. If you do not need to carry your passwords always on top, it can be an excellent alternative.
Why I do not use a password manager
Password managers have become very popular in recent years, and with good reason. They represent a simple way to have complex and secure passwords in all your services without having to remember them all. However, I am on the side of those who prefer to continue using their less infallible brain to take control.
It is true that remembering too many passwords can be cumbersome, but when you get to the point where you create new passwords or enter them, it is almost automatic for you thanks to the formula you use, the manager looks less and less help and more like a annoyance.
In my particular case there is the problem that I do not use a single platform in all my devices . So as I use Windows use Linux as well as use Android use iOS, and as well as use a browser use three others. Finding a password manager that works equally well on all sides and does not represent the problem that a platform is left out, is sometimes complicated.
There is also the issue that the password manager service is not infallible , and I am concerned that any of the services I use may be compromised in a security breach, but I am afraid that my password manager would store everything under A single master password.
These are quite personal reasons, and I still think that the manager is an excellent alternative for the user who finds him comfortable. But, I do not consider it the definitive method and there are alternatives to manage your passwords safely and keep your accounts safe without depending on another service, which is also usually paid.
What to use instead of the manager
I know it sounds annoying, but using your own mind is not such a crazy thing . You should not even completely depend on your own memory, but on the nemotechnology. A trick that I like to use to create a complex and long password (it is very important that it is long), is to use a song, a number, and something with which to associate the service.
For example, let’s say I want to create a password for Facebook:
- I choose a song that I know by heart (it can be the same song for all your passwords, as long as you enter another variable for the passwords to change).
- I take the first or last letter of each word of the choir, some may be in lowercase and some in capital letters.
- I add a number that I always remember (it can be a constant in the other passwords).
- I add something related to the service to differentiate the password: a Facebook “F”, only the vowels or consonants of the word, the color “blue”, the word “social”, etc.
- I add at least one symbol at the beginning or the end.
I would go something like this :
HftosImhcaTT4378Fbook%. Try to guess the song.
If you use the same formula always (something only you know), the passwords will be complex, difficult to guess by human or machine and also you do not have to remember them literally, just the formula.
The second is to always try to use 2-step verification to give that extra touch of security to our accounts, yes, do not use the SMS method. And, always, whenever your account is compromised in some security failure, change the password again.