Setting up and using a Password Manager

by

What is a Password Manager

A Password Manager (PM) is a service or app that stores and enters usernames and passwords for you into online services or mobile apps. A good PM will also generate strong passwords for you and also help you identify weak or compromised passwords.

The core concept is that you have a single strong but memorable Master Password that secures your PM. All the passwords for everything else should be complex and impossible to remember or guess (and often tricky to type). This makes them secure. In theory, the only passwords you ever need to remember is the Master Password of your PM and any passwords that can’t be entered for you by your PM. For example, an online banking site that asks you to enter the 3rd, 4th and 8th characters of your password.

Why should I use a PM?

Read my post titled Stop using the same password everywhere!

Important to understand

Obvious stuff:

  • A PM cannot enter a password to unlock your device i.e. desktop, laptop, tablet or smart phone.
  • A PM will not enter passwords for you or give you access to them unless you’ve logged-in with your Master Password.

Important stuff:

  • A PM will not generate easily guessable or memorable passwords. The whole point is that the passwords are not memorable or guessable.
  • A PM will not force you to use multi-factor-authentication.

Scary stuff:

  • If you forget your Master Password and have not set up any emergency access methods, all your passwords will be inaccessible – and effectively lost.
  • If you don’t set up multi-factor-authentication to protect your PM and someone obtains/guesses your Master Password, all your passwords will fall into enemy hands.

Getting started

There are a few password managers out there and at time of writing, two popular ones are LastPass and 1Password. Both offer their basic features as a free service. They both also offer a paid-for service for more advanced users.

I’ve been using LastPass for many years and this guide continues assuming you’re using the free service offered by LastPass.

Disclaimer

I have personally paid for the more advanced services provided by LastPass and have not received any incentives or payments from either of the two PMs mentioned in this post.

Golden Rules

These are non-negotiable tenets that must be adhered-to if you are to realise the protection a PM can offer:

You will not use the same PM account for work and personal stuff.

You will disable, clear-out and never use the “password remembering” features of any browser on any of your devices.

You will use your PM as your sole repository for passwords.

You will never write down any passwords ever again.

You will use the password generation feature of your PM whenever you are required to enter a new password.

Ignoring any of these Golden Rules will greatly reduce the security of your passwords and the effectiveness of a PM.

Checklist

Here’s are the steps you’ll be going through to switch over to using a PM:

  1. Identify the devices you have that are currently storing passwords for you. These could be desktop computers, laptops, tablets, phones etc.
    For each device:

    1. Install your PM of choice and all available extensions.
    2. Identify the browser(s) that are remembering passwords for you.
      For each browser:

      1. Disable the password remembering function your browser(s).
      2. Export the remembered passwords (if possible).
        If you can’t export the credentials:

        1. In a separate browser, log into each site and manually enter the credentials your browser has remembered for you.
        2. Allow your PM to store these credentials for you.
        3. Log out of the site and log in again using the credentials offered by your PM.
        4. Verify the site works with your PM before moving to the next site.
      3. If you can export the credentials:
        1. Import the credentials into your PM.
        2. Go to a few of your most important sites and check that the credentials in your PM work.
      4. Delete all the remembered credentials from your browser.
      5. Move onto the next browser.
  2. Move onto your next device.

Do this straight away

Choose a strong un-guessable password for your Master Password.

Read my guide here about weak passwords.

content to follow

Living with a Password Manager

content to follow

Using multiple devices

content to follow

Gotchas

content to follow

Tips & tricks

content to follow

Leave a comment