Working with passwords is just as enjoyable as cleaning gutters or filing taxes. But it is just as important.
I hate telling people to eat their vegetables – even virtual ones. Still, if you don’t have strong, unique passwords for every online account, it’s time to dig in. Don’t wait for someone to steal your identity or delete your bank account.
You’ve probably heard of password managers. It may sound complicated, but setting your password doesn’t have to be painful. These services remember all your passwords and can generate secure new ones. When you go to a login page in a web browser and even in many applications, the manager will automatically fill in what you need to access your account. Some even comb the web to warn you if any of your information appears in a security breach.
A significant change in one of the most popular managers, LastPass, is why I have passwords in my brain again. On March 1
The best password managers run on as many platforms as possible – which is why we usually recommend independent services over passwords built into browsers and operating systems. I tested the most popular in search of high security, wide capabilities and ease of use. Here’s what I found:
• Easiest to use:1Password ($ 35.88 per year for individuals, $ 59.88 for families under five) has an easy-to-use design and multiple layers of security, baked at a good price. 1Password doesn’t have a free layer – security is something we think is worth paying for. “Free software almost always involves trade-offs,” a spokesman for 1Password said. “We can focus our efforts on developing new ways to protect your data, rather than collecting or using it.”
Like other password managers, you can organize passwords in different collections: one for personal accounts, one for work, another for shared family logins. The travel mode is unique to the service – it is for people who have to hide sensitive information when traveling to countries where they fear their phone may be searched.
Dashlane ($ 59.99 per year for individuals, $ 89.99 for families under five) is also easy to use and is a good choice if you are interested in additional features such as a built-in VPN (also known as a virtual private network) for access internet safer and dark network monitoring service that monitors for hackers who may have your credentials.
In the end, I chose 1Password because of the price. (I also thought Dashlane’s Mac Safari browser extension, now in beta, was a buggy. A Dashlane spokesman said the team was working on a fix.)
• The best service with emergency access: This is a draw between Dashlane and LastPass Premium ($ 36 per year for individuals, $ 48 for families up to six). Both allow you to provide a trusted contact to access your storage if you are dead or incapacitated. Features like this are important because our lives are so connected to our digital accounts, as my colleague Joanna recently said. If something happens to you, your person may request access to your storage. You can set a delay period of between three hours and 30 days during which you can deny this access if you have the opportunity.
LastPass Premium isn’t as sleek as Dashlane, but it’s a very capable password manager, also with dark network monitoring, plus a gigabyte of encrypted storage file (and a good Safari browser extension). If you use Safari and do not need a VPN, use LastPass.
1Password views this type of emergency access as a security threat. In a forum post, a company employee explained that a domestic abuser could detain a victim against his or her will in order to enter the password vault. It offers to keep a printout of your secret key code and your master password in a safe or with your lawyer.
• The best free option:Bitwarden has a full-featured free plan for individuals and businesses from two people, which syncs an unlimited number of passwords between devices. The service has many basic basics: end-to-end encryption, secure password generator, two-factor login and applications for any desktop platform, browser and mobile operating system, plus network access.
Premium membership ($ 10 per year for individuals, $ 40 for families up to six) is required for bells and whistles, such as an open password report and improved login protection.
SHARE YOUR THOUGHTS
How do you manage your passwords? Join the conversation below.
“We are a non-profit company, but we find it perfectly harmonious and compatible to offer a free general manager,” said Michael Krandel, CEO of Bitwarden. Many users who start with the free plan eventually decide to upgrade, he added.
After selecting a password manager, you can manually add all your old passwords. If you store passwords in the Chrome browser on your computer, you can export them and then import them into your new password manager. (Apple doesn’t have a similar option for exporting passwords.) If you’re switching from one password manager to another, exporting passwords is usually also an option.
Password managers will improve your digital life. Whether you get one or not, there are four simple password protection rules you need to know.
Rule №1 – Do not rely only on passwords.
Use two-factor authentication, also known as 2FA, where possible. This requires additional code or verification sent to another device.
In general, including 2FA is better than not having it at all. But if you have a choice, use an application certifier (I like Authy) on a plain text message. It works when you don’t have cellular reception and isn’t susceptible to SIM card hijacking – where a hacker targeting someone with a valuable account takes that person’s phone number from the wireless carrier. You can call your carrier and add a password to your wireless account for extra security.
Rule # 2 – Make long passwords.
The term “password” must be removed. The new heat is a passphrase. “The length of the password is a more important factor than the complexity, as a longer password is more difficult to decrypt,” said Jameeka Green Aaron, chief information security officer at Auth0 client authentication company.
For example, the Raccoon Doorknob Spacecraft pass will take centuries to break through, according to Bitwarden’s free password strength testing tool. Meanwhile, according to the inspection, a string of 12 characters, with uppercase and lowercase letters, symbols and numbers, can take the attacker only three years to break through. Most password managers allow you to set the length of automatically generated passwords.
Rule # 3 – Make it unique.
Whatever you do, don’t reuse passwords. This is the most common way to hack accounts, Ms. Aaron said. If hackers find your password used in one place, they try it in other places. This includes password managers. Use them to create strong unique passwords and store them for all your accounts.
Rule # 4 – Have a backup plan for your backup plan.
The key to your password manager is the master password, along with a device to authenticate your login. A good password manager doesn’t know what your master password is and can’t help you recover your account.
So to be a good parent with a password, you need to think about the worst-case scenario: What happens if you lose the device to which your two-factor authentication codes are sent? What happens if you forget your master password?
Authy syncs the authentication codes to multiple devices (say, your phone and your iPad), which helps if you lose one. Setting up a physical security key, such as YubiKey, as an additional authenticator is another security measure. When it comes to remembering your master password, the best solution is low-tech: Write it down on a piece of paper and put it away with the other most important documents. It is safer in the physical world than in the digital.
—For more analysis, feedback, tips and titles from WSJ Technology, sign up for our weekly newsletter.
Write to Nicole Nguyen at firstname.lastname@example.org
Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8