You really should use a password manager

Tafadzwa Mundida Avatar

I have no idea what my Techzim password is. If you held a gun to my head right now, I wouldn’t be able to tell you the first character of the password for my banking app. I wouldn’t even be able to tell you whether it’s a number, letter, or other character. That is the idea behind password managers.

Over the years, I have accumulated a handful of apps I can’t live without on Android. There is Google’s suite of apps that come built into the operating system (Maps, Gmail, Photos…). Then there is Nova launcher, Swiftkey keyboard, Whatsapp, Podcast Addict, and my banking app.

Over the past six months or so another app has joined this close family: Lastpass. Lastpass solves a basic problem. A good passwords are a long string of random letters, numbers and characters. I could come up with good passwords all day, but I wouldn’t be able to remember a single one of them. Which makes them bad passwords.

Like most people, I have managed over the years by having a handful of passwords that I recycle for all the services I sign up for. Bad idea.

My first email adress 10 years ago was with Yahoo. I haven’t tried to access the account in at least 5 years. Last year, it emerged that there had been a breach of Yahoo usernames and passwords. Now, there is probably not much anyone would gain by getting into my old email account. However, a hacker could try that password on, say, my Facebook account. Or my banking app. You see the problem with using the same password multiple times?

Lastpass has an elegant solution to this problem. You can use it to generate long, random passwords. Having done that, it stores them in encrypted files that can be synced across multiple devices. I have the app on my phone, and I also install the Chrome extension on every computer I use.

The catch is, you absolutely cannot forget your Lastpass password. The company claims they don’t have the key to decrypt your data so if you forget your login they can’t do a password reset. That’s how seriously they take security. Still, remembering a single password is much easier than dozens.

For me what made Lastpass an absolute joy to use is having a phone with a fingerprint reader. Each time I want to log into an app or website, Lastpass asks me for my fingerprint and enters the login details for me.

Did I mention it’s free?

There are, of course, other password managers. Onepassword is another prominent example. Keepass is another. Lastpass just happens to be the one I use.

, ,

4 comments

  1. Imi Vanhu Musadaro

    Well, password managers sound like a great idea until someone dumps all your username and passwords. It has happened with several popular “very secure” and “non-decryptable” password managers over the past few years. Then you have to change passwords on ALL your managed accounts, assuming you are aware they have been compromised.

    Aside from that, you may take pride in the random passwords generated by your password manager, but random passwords are hard for humans to remember and easy for computers to crack. There is a misconcenception that hard to remember or cryptic passwords are more secure, this is generally not the case with bruteforce attacks.

    Finally, there is a single point of failure, if someone guesses or cracks your password managers password, then they have all your passwords. Basically, it’s having one key to your entire kingdom.

    1. Anonymous

      Actually, I disagree about computer generated passwords being easier to crack. Humans have habits that make it easier for brute forcing a password. An example is using only small letters, or having only the first character as a capital. The more unpredictable a password is, the longer it takes to crack. Longer passwords are also harder to crack, and I don’t know about you but I don’t like having to type long passwords, especially on a phone keyboard.
      As for you line about some password managers having failed, thats like refusing to put a lock on your house because some locks have been broken into in the past. Not all locks are born equal, and a really determined person will probably eventually break past your lock, but that doesn’t mean you can’t make it so inconvenient it’s not worth their time and effort.

      1. Imi Vanhu Musadaro

        The ease of cracking a computer generated password is based countering the randomness of the characters by using full character sets, i.e, alphanumerics and special characters to generate wordlists. The amount of effort to crack becomes more of a processing power issue, which is less costly these days.

        The password manager analogy to a lock is flawed. To be more correct, a password manager is like locking your front door, as well as all the rooms inside, but leaving the key’s to those rooms dangling by the door. There’s no point in that.

  2. Marc

    Hi Tafadzwa,
    Thanks for covering the password manager space.
    Many people are concerned about storing their data in the cloud as is the case with Lasspass. Encryption techniques have improved but cracking encryption is not the only way to steal data. Large corporations and government institutions use encryption and yet many of them have been hacked. A common denominator is a centralized architecture that acts a as a magnet for the best hackers in the world.
    Ascendo has developed a Distributed Security Model for Password Management to insure confidential information stays safe.
    http://ascendo.co/iphone-ipad-ipod-password-manager.html
    I hope you will consider evaluating DataVault for future articles.
    Marc

2023 © Techzim All rights reserved. Hosted By Cloud Unboxed