Table of contents
Why you should care about your digital security
It’s 2021 and you are still using p4ssw0rd123
on all your online accounts, despite being told regularly that you should use strong, random and long enough passwords. All your IT friends laugh at you when you tell them that you have nothing to hide and that big companies have your data anyways.
Yes, if you are just like the average joe, you might not be interesting to be hacked individually, but if your account is hacked along millions of other accounts, it gets interesting for hackers to package all these cracked accounts and sell them to someone as a whole. For example, these accounts could be used for a botnet, making you an unsuspecting participant in some evil scheme on some far away server on the interwebs.
Also you should be aware that your email account is one of the most important accounts that you possess and you should protect it accordingly (strong password and two-factor authentication). As soon as someone has access to your email account, it can be used to reset your password from any website where you log in with that email address, thus making your strong passwords for these accounts irrelevant because they can just be easily changed via email.
But don’t worry, with a few simple guidelines and tools, you can drastically reduce the chance to get your passwords stolen.
Weak passwords are really really really easy to crack
If you want to check how fast your password can be decrypted by a hacker, type a password (do not enter your password on a website you do not know) into HowSecureIsMyPassword. A seemingly random password like Wo@7^c4
will be cracked in about 6 minutes. So, make your passwords loooooooooong and R4nD()m!
On HaveIBeenPwned you can check whether your email appeared in any of the largest data breaches (and which company screwed up your account’s security) or if your password has ever been used in one of these breaches.
Benefits of using a password manager
- You only need to remember one password, while still having a different password for each account
- Also you will never forget a password again, since you only need to remember your one master-password
- Fill out logins faster by using a button or key combination (if I see any login-form I just press Ctrl+Shift+L and all credentials are automatically filled out, very convenient!)
- Reduce risk of phishing: since your saved password is linked to an URL, your password won’t be available to auto-fill on fake websites
- You sleep better knowing that all your accounts are safer and you can proudly pat yourself on the back everytime you hear that you should use strong passwords
- Secure access to your passwords everywhere and synchronisation between desktop and mobile devices
- Built-in password generators help you by generating a long and random enough password so it can not be easily cracked in case of a data breach
Which password manager should you use?
There are a lot of password managers and each year new ones show up in online-ads claiming they are so much safer and better than the already existing password managers. Some of them are free, some of them bill you monthly. Some were very nice and once they had all your passwords, they suddenly changed the free plan to be really inconvenient so you basically had to upgrade to a paid plan.
You don’t want to really care about and maintain your passwords all the time, so be sure to choose a service that fits you right from the beginning. You should consider the following points:
- Security/Trust: Do I trust this service to securely store my password? Have there been any security-breaches in the past or has this service had any bad news in the past? Is the code open-source?
- Convenience: How convenient and easy to use is this password manager? Is it only for my computer or can I use it on multiple devices? Are my passwords synced between my devices or does each device have it’s own passwords stored?
- Price: Do I have to pay for it or is it free to use? How much is this service worth for me? Is it a one-time payment or a recurring subscription?
Why I use Bitwarden
I personally use Bitwarden for about 3 years and never had any problems while using it.
Bitwarden is open-source, meaning all their code is publicly available and everyone can have a look at how it works and where potential security problems could arise. If you don’t trust them to store your encrypted passwords on their servers, you can also just take their code and self-host your own Bitwarden-instance (idea for a future project? ๐).
I generally avoid subscription based services. I want to make a one-time payment and never care about costs again or I want to use stuff for free (who wouldn’t?). Bitwarden is free for normal people like you and me. If you just need the normal core features that you actually need in a password manager, you do not pay anything for this service. You only pay if you need some niche features or you use Bitwarden in your business with multiple people.
If I save a password once, I want it to be available whether I work on my computer, on my phone or on my laptop. Bitwarden is really convenient in that it synchronizes between all devices and it’s available in all necessary flavors (Browser extension, desktop app, mobile app and even on the command line).
Btw. I am (unfortunately) not sponsored by Bitwarden to write all these things, I just really like that this very nice service is also free and open-source.
Some tips for using your password manager
- If a website allows 128-character passwords with all letters, numbers and special characters, use it. You don’t need to remember the password anyways, so let the password generator do it’s magic and generate the strongest password possible.
- You need to only remember one password for the rest of your live. Choose it wisely, make sure it’s strong and not ยซ123456ยป.
- You can store other personal data, not just passwords. For example, in Bitwarden you can store encrypted notes (PIN numbers, crypto recovery phrases, card numbers, license keys, etc.).
- Check which key combination lets you auto-fill forms to save a lot of time (in Bitwarden it’s Ctrl+Shift+L).
Conclusion
No more excuses for your shitty passwords. In 2 minutes you have set up your password managers and over time you will easily migrate all your existing passwords to your storage. It’s easy to use and saves you brainpower, time and bitcoins (since you do not need to pay the hackers anymore to restore your hacked accounts ๐).
Stay safe, do not click on any links you don’t know and do not be this guy:
3 Comments
You 122% convinced me to set up my own password manager!! Looking forward to patting myself on the back for using super strong passwords ๐๐ผโโ๏ธ
That was an interesting and informative post, thank you very much for sharing your insight ๐
10/10 would passwordmanage again.