Password managers are tools that are used to store all of your
passwords in a single database. Their usefulness comes from the simple
fact that as we daily deal with a lot of sites where we have to be
authenticated, it only makes sense that each of these sites uses a
It is tempting to resort to using a single password for all your
sites, one that is easy to remember.
Certainly this has got an advantage, particularly when setting up a
- You simply remember your password as usual;
- Set up your favourite services such as
Twitter or even your Google
- Within few minutes, you would have carried on with your digital
The danger is that, if it happens that your password is
compromised–be it online or offline–then your digital life is at
risk as well.
How Password managers work
This post concerns the use of password managers. Most of these managers do not only store passwords for you, but come with tools
for generating new passwords, password expiration facilities and password strength testing.
This is when your password manager helps create a strong password for
you. As you would recollect, most services, during account creation
process, require you to provide a password.
However, as a security step, most will force you to create a password
with certain minimum characteristics such as:
- At least six characters;
- A mixture of aphanumeric characters;
- Having both lower and uppercase characters; and
- In some cases, force you to have special symbols that aren’t
obvious such as the dollar signs, percentages, hash marks etc.
You can create new entries in a password manager and set these
properties and have the password created for you.
Even though you may have different passwords for different sites, it
is recommended that you change them after some time. While you can use
only one password for years, it is not secure in the long run.
Because of that, there are some services that force you to to change
your password. This is true in most intranet sites.
To deal with that, when creating new entries, you can tick that this
password is going to expire within a set number of days. This could be
two weeks or a month.
When the set time would have elapsed, the password manager will either
remind you of this fact, or prompt for a new password.
In my opinion, even with those sites such as
Facebook where you are not forced to
change your password, you should always set your passwords to expire
after some time.
In the same way you regularly change your bank card PIN, so should you
do the same to your online accounts.
The strength of the password is the degree to which a password can be
easily guessed. For example, the following are considered weak
- Dictionary words in your native or official language;
- Serial characters such as numbers 12345, letters such as
“ABCD”. This also includes their variants such as refverse
- Personal ID numbers. These include your national, passport, bank
account number, phone number—anything that forms your unique
fingerprint in the national database.
- Names of family members, sweethearts, birth dates or anything
which anyone who knows you can guess.
Obviously, the strength of a password depends with who is to guess
your password. Because of that, your password mustn’t be obvious even
to your close associates.
Another determinant of password strength is its length: the longer,
the better. Hence, the enforcement by most services for a password
to be at least eight characters.
A password manager can help you with not only creating a strong
password, but even testing its strength. The benchmark used for
testing password strength are password breakers that resort to the use
of brute force.
This practice is when a password breaker will try to guess your
password against a set of dictionary words, certain entries and
Some password managers you can start using today
There are many password managers whether on the Google Playstore, App
Store, Windows Store or in the Linux repositories. You can try them
and see how you would rate them when it comes to
user-friendliness, accessibility and affordability.
For a start, I would recommend Keepass on
Windows. This is not only accessible, but it is free and opensource.
Although it is written in C#, a number of other password managers are
compatible with its specification. This makes it possible to open your
Keepass created databases on Android with Keepass for Android, or
AuthPass on Linux. ON Linux, I often open my Keepass files using
Password Safe, which is in the Ubuntu software repository. You can
simply install it from the Software Center.
Password Managers are only secure to the extent that your computer is
itself free from keyloggers, network snoopers and network
sniffing. They are also effective as long as the services you connect
to are themselves secure.
That last point explains why you should not use one password on more
than one service: if one site is compromised, then whoever hacked the
site can try other sites using the available password.
There are many other ways to secure your accounts, such as creating
one app passwords, one-time passwords and using thumb drives to log
in. All these depend on whether a service has two-factor
authentication in place. Otherwise, I hope this post helped to show
the utility of password managers as part of your security toolkit.