Creating and remembering a unique and complex password for each of your accounts is virtually impossible without some help. And these days, that help can best be found in a password manager.
Also: The 6 best password managers: Easily maintain all your logins
A good password manager will create, store, and apply strong and complex passwords across the board, thereby securing your accounts. I’ve used a password manager for years and wouldn’t be able to juggle all my online accounts without it.
However, since your password manager is home to the sensitive login details for all your accounts, you need to protect the password manager itself from any potential compromise. Breaches against such services as LastPass and Norton LifeLock show that password management vendors are certainly not immune from cyberattack. Though such breaches may not have directly exposed login passwords, they do leave users of these services more vulnerable.
To protect yourself and your password information, there are steps you should take on your own to safeguard your account.
- Devise a strong master password to defend your account from unwanted access.
- Activate biometric authentication for the password manager on your PC and mobile device.
- Enable two-factor authentication to prevent someone from signing into your password manager account should it ever be compromised.
Also: Leaving LastPass? Here’s how to get your passwords out
We’ll look at each step in more depth below. To go through the different steps, I’m using RoboForm as an example, but the overall process should be similar for any of the major password managers.
When you first set up your password manager, you’ll be asked to devise a master password. That password should be strong and complex as it’s the key line of defense for all your login details, both on your own devices and in the cloud.
But you will need to enter your master password from time to time, so you also want it to be one that’s memorable and not too difficult to type. That’s why I recommend using a passphrase instead of a password. Consisting of different words or phrases, the right type of passphrase can be more secure than a complex password yet easier to remember.
Also: You’re definitely not making the most of your password manager
To devise a solid passphrase, use a series of words or phrases with some meaning or significance to you so that you’ll easily recall it. I also like to include a mix of uppercase and lowercase characters as well as numbers and symbols. Just make sure you’re able to remember your master passphrase. If you forget it, you’ll have to start from scratch with your password manager.
This ZDNET article offers several useful tips on creating a healthy passphrase. 1Password offers an online password generator that will suggest and help you fashion passphrases. When you’ve concocted the right one, type it and then retype it at the appropriate window for your password manager.
Biometric authentication provides a secure and convenient alternative to a password or PIN, especially with a password manager. Instead of having to type your master password each time you want to activate the password manager, use your face or finger to verify your identity.
Also: 3 security gadgets I never leave home without
Most password managers should allow you to adopt whatever type of biometric authentication is built into your device or operating system. On a Windows PC, that means Windows Hello. On an iPhone or iPad, that means Face ID or Touch ID. And on an Android device, that means facial or fingerprint recognition.
Check the security settings for your password manager and look for an option to switch to the built-in form of biometric authentication. You’re asked to enter your master password to confirm the switch.
From then on, you’ll be able to open or activate the password manager using your chosen form of authentication. You may still be asked to enter your master password at certain intervals or to make specific changes. Otherwise, your face or finger will do the trick.
Should a hacker ever learn your master password, you want to be sure they can’t sign into your password manager account on one of their own devices. For this, you can turn to two-factor authentication (2FA), which most password managers should support at this point.
Look at the settings for your specific password manager to see if it offers an option for two-factor authentication or a one-time password. If so, enable that option. If given a choice among email, SMS, or the authenticator app, choose the authenticator app as that’s the most secure method.
The next time you try to use your password manager on a new PC or mobile device, you’ll be sent the one-time password via your preferred method. Enter the one-time password when prompted, and that new device will now be cleared to use your password manager. Your password manager’s account page may also list all the devices that have been enrolled so you can check for any suspicious ones and remove any you no longer use.
Beyond the three security options I discussed, different password managers may offer additional ones. Your best bet is to check the security settings for your specific product and avail yourself of any that will help protect your account and login information from abuse or compromise.