Password security can look pretty grim! However, the benefits of a good password manager – generating and saving complex, unique passwords you can easily update – mean that most experts recommend using one. “While it’s impossible to be completely immune from the most advanced threats, selecting the right third-party password manager can help users to protect their credentials from the majority of attacks that they may face,” says Baumgartner.
You can also take the following seven steps to ensure you’re protecting your accounts:
- Choose a password manager without master password recovery
Whatever you do, choose a password manager that does not allow for recovery of the master password. “If a malicious actor is able to get ahold of the master password through account recovery tools, this renders even the most secure password management programs useless,” says Baumgarten.
- Use Two-factor authentication
Any online account has a risk of being hacked. One way to circumvent this risk is to use two-factor authentication to protect your password manager. Chrome supports two-factor authentication with your smartphone, and, along with Firefox and Edge, also works with authentication hardware keys such as Yubico. Third-party password managers including Dashlane, LastPass and Sticky Password supports two-factor authentication with your smartphone. “While two-factor authentication may still have some risks due to threats like SIM hijacking, at a minimum it puts one more layer of defense between the cybercriminal and your full arsenal of login information,” says Baumgarten.
- Turn off autofill
You may want to consider turning off autofill. This also means logging into your password manager, then copying and pasting your passwords into the login screen.
- Use strong passwords
When composing your master password, make it strong. “By today’s standards this means 20 characters or more, randomly generated passwords that contain lower and uppercase letters, digits and symbols,” says Palfy. You might be proud of how devilishly uncrackable it is – but don’t reuse your master password.
- Make sure all of your passwords are unique
Make sure all your other passwords are unique. Dashlane Premium is one of the options that can automatically check for weak or repeated passwords then automatically replace them with a random, complex password.
- Keep your software up to date
Download security updates for your password manager as soon as available – often, they will be patching newly discovered vulnerabilities.
- Be wary of downloads and browser extensions
In general, be wary of your downloads especially browser extensions – unwittingly installed malware could end up logging keystrokes or copying logins.
Choosing the right password manager
The best password managers do not allow you to recover your master password, they let you use two-factor authentication, they monitor your accounts for password breaches and weak passwords, they generate strong passwords for you, they back up your passwords securely online and they let you use a fingerprint or face ID to log in on your smartphone. Our favorite password manager, Dashlane Premium($60 per year), has all of the aforementioned features and more. It also fills out forms, including your credit card information, syncs across all of your devices, scans the Dark Web for personal data and account information and provides VPN service for your computer and smartphone to encrypt all of your data when using internet-based services over public WiFi.
This excerpt is taken from “Is it Safe to Use a Password Manager?”, an article written by Natasha Stoke, Techlicious.com. Click here if you would like to read the article in its entirety.