“Change your password” is something that everyone hears all the time. It is the truth that passwords are the bane of everyone’s existence when it comes to technology. For users because they need to come up with, and remember, a password for literally every website they ever interact with. For IT professionals because we constantly need to help people reset passwords that they forget or otherwise need help changing.

The scary truth is that 81% of hacking incidents occur because of a stolen or weak password. I’ve seen it happen where a client leaves an insecure method of remote access turned on, has a weak or stolen password; they get hacked and their data held for ransom.

For better or worse there is no good alternative to passwords for the foreseeable future, even the biometric features some of us take advantage of on phones or the like still require a password be set! Also for better or worse, people are terrible at remembering very many passwords. We might have a couple or a small few that we remember, and we end up using them everywhere.

This is where the stolen passwords come in; if a hacker can get a hold of your ‘regular’ password he has a fair chance of being able to use it on multiple websites with ease. Some people use the same password for Facebook, their bank account, and their email, just to name a few. So in the space of less than an hour someone can go on Facebook to make a post as you saying “I’m stuck in Texas, send me money via this method”, transfer money out of your bank account, and use your email account to do “forgot my password” prompts on your other online accounts!

Analytics Computers provides a service where we monitor the internet for these leaked or stolen passwords or sensitive information available. Currently priced at $25/month per corporate domain name.

There is a relatively simple fix to this password issue that everyone knows exists, but frighteningly few people take action on. A password manager.
There are several of them that exist, they all have their pros and cons, but all of them provide the same critical feature: they have you remember one *good* (and I mean good and complex) password, and make up and remember every other password for you. You just have to come up with the one password you remember from now on (and hopefully change once in a while), and don’t have to bother remembering any others.

For the password you make, I suggest a short phrase (spaces are fine to include!); something like “I L1ke Hotdogs @ Lunch” is an example of a very strong password. Protip: don’t use easily found information such as your children’s names or any birthdates in passwords.

I myself use password managers, and I have grown to where I can’t imagine life without them. I’ve slowly, but systematically, been changing the passwords for all my many online accounts so each one is unique and is stored in my password manager for me.

I can’t say enough how important it is to use good passwords to keep your information safe, and a password manager is by far the easiest (and least expensive) way of handling this task that none of us are any good at.

Plus, I strongly urge you to use multi-factor authentication (also called two factor authentication) everywhere possible; but that’s another conversation entirely!
Here are some recommendations for password managers to consider, with a couple pros and cons for each. This is not an exhaustive list of options, just ones I am familiar with and can comment on. I have no relationships with any of these companies other than my past experiences.

Dashlane:

Cloud based password manager. This service is free for up to 50 passwords (last I checked) and has paid options beyond that. Personally I found this one so helpful and pleasant to use I broke down and paid for it. It makes life with passwords about as easy as it can get, I barely even notice the login page for most websites anymore it makes the experience so seamless.

It also comes with a ‘compromised password’ reporting feature as part of the paid subscription which is a huge benefit.
They also make a pretty heavy focus on account security, with excellent multi-factor options available.

One small downside: It is almost entirely website focused. It can store passwords for other needs but isn’t the most convenient for it. You do so through a locally installed application, but you have to authenticate yourself each time you want a password which is a mild (but livable) annoyance.
www.dashlane.com
(Our referral link provides 6 months of Premium Dashlane for free: https://www.dashlane.com/cs/gfx_XOGznK0J )

LastPass:

Cloud based password manager. Works in a very similar fashion to Dashlane, except there isn’t any limit to how many passwords it will store as part of the free service. The paid has some additional features including security features; it’s up to you if they are necessary to pay for.

In my experience LastPass generally works well, but it will get a little glitchy with putting in passwords to websites sometimes. As someone who is hopping between website accounts constantly this became a problem for me. That said LastPass is a strong password manager and provides an excellent service; and I feel any good password manager is worth a whole lot more than none!

Like Dashlane LastPass is almost entirely website focused; and is even less of a convenient method for storing passwords for other needs; but it can do so.
www.lastpass.com

RoboForm:

Cloud synced password manager, locally installed convenience. Roboform is a little bit of a hybrid platform in that it provides much the same features and functionality that Dashlane or LastPass does for logging in to websites. It also has a locally installed application you can not only interact with to pull out information you need; but it will store and supply passwords for Windows programs too.

This lets you use the software to login to programs like Quickbooks or other software that makes you remember passwords to access the information inside. Only small downside is it can’t do the same for your Windows login, but this is understandable.

Unlike Dashlane or LastPass the free version doesn’t let you sync passwords across devices which is frustrating. Roboform’s pricing for their paid service is halfway between LastPass (which is the cheapest) and Dashlane (which is the most expensive); but also their free version is a bit more crippled in our multi-device ‘need to work anywhere’ modern world.
www.roboform.com

KeePass:

Locally stored password manager. Unlike the others in the list, KeePass is exclusively stored locally with no built-in cloud sync capability. It’s also 100% free and open source. This software is more manual in how you utilize it, but this is both good and bad. You manually create entries in the software, let it generate new passwords for you that you copy-paste to where you need, organize the entries where you want in its internal folder structure and manually change the stored passwords if you change them.

This software works almost exclusively through the clipboard of your computer, you copy-paste everything as you work along. It has a security feature where it clears the clipboard after a few seconds so it’s not hanging out for someone to paste later. You can also view the secure info with a click or two. This lets you use the password manager for practically *anything* that requires passwords since you just paste the password in when you need it. This also makes it convenient as a method of storing other secure information that’s not really a password but should be kept secure (social security numbers of family members, pass phrases for when you have to call in to some financial institutions, etc).

Personally, I use KeePass for my financial-related passwords or other sensitive-but-not-a-password information. I like the idea of keeping this information away from the cloud where they might get scooped up if any of the cloud-hosted services are ever hacked. It also keeps the information segregated and easily managed. To get around the ‘no cloud’ limitation I store the file in one of my Dropbox type accounts; yes it’s on the cloud that way but hackers would have to specifically go after it and decrypt it to gain access.
www.keepass.info

Analytics Computers provides a service where we monitor the internet for these leaked or stolen passwords or sensitive information available. Currently priced at $25/month per corporate domain name.