Major actors are pushing for passwordless authentication in supporting FIDO2. Web browsers starts supporting WebAuthn, an API to support device authentication. Instead of using a username/password, you just need to connect a device such as a YubiKey. However, this authentication method is not very popular at the moment. So, you still have to deal with passwords for at least a few years 😦 And good passwords are not easy as mentioned by xkcd:
It's not uncommon to be registered on more than 100 websites. This means you have lots of usernames/emails/passwords to remember. The easy way is to always use the same password, but this is not very safe. That's why password managers are helpful. But they do more than just storing your passwords. Let's see the 5 reasons to use a password manager!
#5 reasons to use a password manager
#1. List all your accounts
I currently have 150+ registered account in my password manager. There are some services I use multiple times a day and others that I use only once a year. I sometimes don't remember that I already have an account on these websites. A password manager prevents me from spending time reseting passwords.
#2. Improve security by using unique passwords
Password managers come with a password generator feature. So, you know your passwords are unique and match the security requirements for passwords.
#3. Check your security health: password reuse, vulnerable passwords, 2FA not enabled, etc.
Many password managers check that your security is ok. They will ensure your passwords are strong enough, unique, and are not part of a leak using Have I Been Pwned?. Some of them can also change your password automatically, so it's a one-click fix. Some of them will also advise you to enable 2FA when the website supports it. This is surely the best way to increase the security of your account.
#4. Avoid fishing attacks
The password manager fills passwords on the sites where they were saved. So, if someone tries to fool you with a fake website the password manager will not recognize the website URL and won't fill your authentication data.
#5. Simplify the registration process
A password manager will fill registration forms automatically and generate a unique password. This is very convenient!
#Which password manager is the best?
I clearly won't recommand a specific password manager. I use 1Password because it works on the devices I use, the UI is ok, it stores everything online, and it provides a functionality to share passwords with other people. There are many choices depending on your needs. Here's a non-exhaustive list (ordered by name):
I'm aware that it can be scary to save all your passwords in one place, but they all explain how they store your password and why you and only you can read the passwords. Also protecting your passwords is part of their business model, so doing it wrong could just ruin their companies. If you want to have an idea of how password managers work you can read the 1Password documentation: About the 1Password security model. They almost all do the same. Also, the 1Password client for Windows is written in .NET, so you can decompile it to check the source code.
Do you have a question or a suggestion about this post? Contact me!