Password managers. Something most of us have heard of, but how many of us actually know what they do?
We all use passwords, with 60% of people using the same password across multiple websites/apps. This in itself causes huge risks in terms of your online security and you may not even realise what risks you are taking.
Say you have an account with Myfitnesspal, and you use the password hello1234. You also might use the same password for Gmail. What would happen if Myfitnesspal had a breach, and a hacker managed to get hold of your login details. This might not seem like a big deal, but with your email and password from Myfitnesspal, the hacker could not login to your Gmail if you use the same password. Sure you could change your password in Myfitnesspal and now you can rest easy knowing the account is secure, but re-using the password has now given the hacker access to your emails.
You still might be thinking this is not a big deal, but with access to your emails, they can not only read every email you recieve but also access any other account you have. All the hacker has to do is head over to your bank account and click “I forgot my password” and your bank will email a password resent email to you. All the hacker has to do is wait for that email and click the link. Now they have access to all of your finances, not to mention any other accounts you have, just by trial and error until they find a site you are signed up to.
It’s also worth remembering that hackers aren’t stupid. Just because you use hello1234 for one account, doesn’t mean they wont try other options for your other accounts to see what works. You might change your password for each site, but hello123456 or 1234hello wouldn’t be too hard to guess.
How secure do you think your password actually is? Luckily, there are people out there that want to help. To check how secure your password is, you can head to HaveIBeenPwned.com/passwords. Here you can type your password into the site and it will let you know how secure the password is. The site does not save your password, and will tell you how many times the password has been found in a data breach. You can also enter your email address into HaveIBeenPwned.com to see how may times your email has been found in a data breach. If it appears, I would strongly suggest logging into those websites, changing your password and also, changing your password on any other website that uses the same one.
You might be wondering why I chose Myfitnesspal as my example website. Well in February 2018 they suffered a data breach, with hackers stealing 144 million unique email addresses alongside usernames, IP addresses and passwords. In 2019 the data appeared on the dark web marketplaces so at this point, who knows who has your details.
Annoyingly, any password that is easy to remember is easy to guess. Even passwords that on the face of it look complex may actually be simple to guess. Below is a list of the most common passwords used in 2024:
Although it looks obvious these wouldn’t be strong passwords, using a single word and some numbers isn’t enough anymore. The suggested format for a password is a passphrase. Something similar to “yellow-chocolate-fitness”. Although it looks easy to guess, in actual fact the chances of someone guessing the 3 words in the correct order are very slim. But this still does not solve the issue of remembering each password for each website / app you use, which is the main cause for people re-using passwords.
There are a whole range of password managers available. Most browsers remember passwords for you now, and even suggest strong passwords for you. Firefox, Chrome, Edge – they all have the facility to suggest strong passwords, save them securely and help you be more diseplined with your password security across platforms. They sync with all of your devices (providing you are signed in), meaning you always have access to your login details no matter what device you pick up. Often locked behind FaceID, Fingerprint scanner or a single password you’ll need to remember, it takes all the effort out of choosing and remembering passwords.
1Password is one of the more popular password managers, reccomended by many tech professionals. They're well established and the app is clear and easy to use. Its billed in Euros but at time of writing, costs £2.22 per month. Like the other options, it includes multiple devices
Laastpass costs £2.60 per month and can be used on unlimited amount of devices. It includes dark web monitoring should your details show in any breaches and will generate a secure password in app
Protons mission is to provide secure and transparent security with no logging. Fully encrypted it costs nothing if using the free plan. It inlcudes dark web monitoring and password suggestons, as well as browser extentions
Keeper is a paid for password manager, that works across multiple platforms. The lowest monthly cost is £1.83 per month. It allows use on up to 10 devices across Android and Apple.
Google provide their own password manager for anyone using an Android device or the Chrome browser. Its completely free and works across all of your devices as long as you are signed in
Apple provide their own password manager for anyone using an Appled device or the Safari browser. Its completely free and works across all of your devices as long as you are signed in
Choosing a password manager will depend entirely on what features you’re looking for. For most, the built in Google / Apple password managers will do the trick, but questions have been asked about how much of your personal information they can actually see. For the everyday user, these free built in password managers will work just fine with minimal setup and easy to use UI. Paired with good Two Factor Authentication where possible, you can sleep easy knowing your sensitive data is safe and secure.
