What is a Password Manager
Passwords were invented to limit access to users authenticated to use a system. Today the average business user maintains 191 services that require a password (1) while 59% of users polled by LastPass reported using the same password globally (2). Password managers were built to solve this problem by choosing storing unique and strong passwords without requiring the passwords to be memorized. Modern password managers can be delivered over centralized cloud solutions that rely on a single strong password and portable installations that add the physical security of the device.
Why use a Password Manager
The average user wants to feel in control of their passwords, and can feel overwhelmed by the strain of memorizing over a hundred strong passwords. SplashData creates a list yearly reflecting complete disregard to password systems, the “Worst Passwords List” show weak passwords that thousands of users share (3). When a weak or shared password is used, a breach in security from a single source could make a user a target for all of their services. Another strategy is to use browser caching to save passwords. This strategy reduces the users ability to use services on a foreign device and creates a vulnerability to others that have physical access to the device. Although tech giants Microsoft (4) and Google (5) are pledging to move past passwords, most services will certainly keep their working security systems. Using a password manager to relieve the stress of keeping a secure online footprint is the most reasonable solution to the long-term use of this authentication method.
Nothing is secure
Having unique passwords prevents a single breach from affecting the rest of a user’s online footprint, that is unless the breach affects a password recovery service. This is why along with a strong password profile, users should take advantage of multifactor authentication features. If you are reading this, consider taking the layerup pledge https://www.passwordday.org/#pledge . One argument against password managers is the vulnerability that access to the store of passwords would expose their entire footprint. While this vulneribility is best explored with each individual password manager, some general advice can be given: use a long, strong passphrase for a master password and make sure that if caching is used for accessing the store that the device is strongly physically secure. Many online accounts utilize a password recovery feature through an email account, note that an email account can act as a password store in this way and that the advice should be similarly applied. As stated by Robert Morris:
The three golden rules to ensure computer security are: do not own a computer; do not power it on, and do not use it.
However you can always work against being the scapegoat of the herd.