Why you should use a Password Manager

Below you find the notes and three short informative videos from an online Presentation held at the Jávea Computer Club on 11 March 2021.

Peter Bayliss

All Computers Group Leader

Before the presentation we carried out a short anonymous survey.

Why use a password manager?

This short video summarises what a Password Manager is, and why we should use  one.

Poll Results

Results of our survey. 15 participants. 10 voted.

7 participants admitted reusing passwords

  1. Passwords should be strong, 
  2. but most importantly unique. Whenever a company that is storing customer passwords is breached, all the used passwords become public. You can buy a file of all the passwords that have ever been breached on the dark web. Or check if a particular password has been used before on haveibeenpwnd website or from a password manager.

With a password manager you will never need to reuse passwords and you can gradually and easily change any weak existing passwords.

4 participants keep their passwords on paper or in a document

We tend to do this because it seems like the obvious thing to do. When faced with a request from a website to provide a new password, and, having just struggled to think of a new one, our first reaction is to write it down somewhere before we forget it.

But actually this just creates a new set of problems. We often find that later on we are not sure if we have written it down correctly, for example which letters are capitalised. 

And worse still, it might not be clear which account the password belongs to. 

At one time or another we have probably all had to reset a password because we couldnt find the right one.

And of course you have to find your paper or document and retype the password correctly each time.

You could store all your passwords in a password protected document or spreadsheet but this just makes all your passwords vulnerable to info stealing malware that you could get on your device.

Arguably writing your passwords on paper might be the safest option, but it is not at all helpful in creating new passwords or in filling in the passwords when you need to.

We will see how with a password manager you will not only effortlessly create a new password each time, but it will automatically be saved and filled in next time you need it.

2 participants keep their passwords in the browser

You  might say “why do i  need a password manager when I can save my passwords in my browser?” 

This is true, and provided that you use the same browser on all your devices, it is possible to sync the passwords so that they are available whenever you need them.

One  limitation is that the browser will only store passwords , so you will need to record the answers to other security questions “first school” etc or 3rd,5th 7th letters of a codeword, elsewhere.

And of course this does not solve the big problem of creating new, secure passwords on demand.

The main Problem is that browsers store passwords in plain text and despite recent improvements in browser software, they are only protected by a simple PIN or PW that can be easily revealed or removed.

There are lots of articles on the web about why you should not store your passwords in a browser, (some of which come from companies with a vested interest).

Storing passwords in the browser is probably safe- ish but bear in mind that  browser password data is an obvious target for infostealing  malware as it is usually only protected by your login password.

2 participants use a Password Manager and 2 participants selected “Other” 

A good password manager program which will also

  • Generate secure pwds
  • Store other secure data
  • Work across different browsers
  • Warn against pw dangers

So let’s look at the option of using a password manager

What is a Password Manager? 

The next video reinforces some of the points I have already made and goes on to explain how a password manager works

Is it safe to store all my passwords in the cloud?

I know that this is the big question most of you have.

As explained, the plain text of your passwords are not stored anywhere, only an encrypted version of each password. And the effectiveness of the encryption is dependent on the strength of the master password you choose. Lets see how this works

We want to create a unique and most importantly, long password

Easiest is to create a memorable phrase 

Look at the effect of length as we increase the number of characters using https://howsecureismypassword.net/

For example: ch@tncoffeeatjccjavea 

It would take a computer about 5 QUADRILLION YEARS to crack this passphrase

So this passphrase for example, would strongly protect all your passwords and will be the ONLY password you ever need to remember 

The next important thing to be aware of is that your master password is not actually stored anywhere. 

It is like a key to a safe where you have the only copy.

Obviously this means that you have to make a record of your master password and keep it somewhere VERY secure because you can never recover it.

But by the same token it means that your passwords are safely encrypted in the cloud.

I hope at this stage I have at least got you interested in password managers, so you may be wondering

Which Password manager is best?

I would suggest that the most important criteria for selecting a password manager are:

  • The company should have a good reputation. (important not store master pw in program)
  • Main Feature: should support different types of devices. In other words you should be able to use on your PCs, phones, tablets etc.Other: password sharing
  • Price 
  • For convenience I recommend using a browser based version if this is available.

Comparison of entry level versions

NameRatingPrice p.a.Comments
Dashlane ****gratisone device only, max 50 passwords
LastPass***gratisOne type of device only
Enpass**gratisPC only. Quirky
KeePass****gratisNot cloud based
Zoho Vaultgratis
LogMeOncegratisBiometric options
RoboFormgratisdoes not sync across devices

The rating shown reflects the recommendation derived from several reviews.

Lastpass. There are currently many articles about how to change from LastPass. Generally highly recommended but a few vulnerabilities were identified in the past. These were rapidly fixed before they could be exploited.

The clear winner for most people is Bitwarden

Lets see how simple it is to set up and start using Bitwarden 

If you think that using a password manager is probably a good idea, you can try one out, adding a few passwords at a time, to see how it works for you.

In summary

The reason I use a password manager is because it is easy to call up and use my passwords and other personal information wherever I am. And most importantly, I will never need to invent a password again or even know what they.are.

There are risks and compromises however you store your passwords but for everyday use a good password manager gives maximum convenience for minimum risk.

P.S. This review is based on the assumption that the browser add-in version of these programs is the most convenient. Most of the programs also exist as standalone programs.

This is the full beginners user guide for Bitwarden