We’ve discussed the importance of using a password manager before. Generating strong passwords and keeping them all in one locked vault allows you to greatly increase the security of your accounts.
However, with a few guidelines, your password manager can provide even more online security for you. Let’s look at a few of the most important ways to keep your password manager rock-solid.
1. Use a Strong Master Password
Your master password protects all the other credentials saved in your password manager vault. Because of this, it’s extremely important that this password is strong. If you use a weak or obvious master password, someone could do a lot of damage to your online life if they figured it out.
They could log into all of your accounts and change the passwords, leaving you locked out. This would be even worse if you had your email password in your vault, since they can use that to reset other passwords. You might have sensitive information noted down in secure password manager notes, as well.
While your master password should be memorable so you don’t forget it, make sure that it’s also complex enough to protect your account. Some of the most secure passwords are 3 or 4 random words that you put together into a passphrase, like insecure-cereal-sermon-allocate. Avoid passwords based around a single dictionary word with some supplemental symbols. Those are easier to guess or brute-force.
You can use a tool like How Secure Is My Password? to see how strong your proposed password is. A good password is both complex enough so it’s not feasible to brute-force, as well as not obvious enough to guess.
2. Don’t Store Weak or Reused Passwords
It’s possible to use a password manager to store poor passwords, which isn’t very useful. For best results, you need to take advantage of your password manager’s generator function and create complex passwords that you don’t need to remember. Saving short passwords with little complexity in your vaults is like keeping sensitive info inside a wooden box that anyone can smash.
This is the most time-consuming aspect of setting up a password manager: you need to visit every site you want to save passwords for, initiate a password change, and generate a strong password using your manager. You should make passwords as complex as the site allows—if you can make a 32-character password full of symbols and numbers, that’s great.
In addition to weak passwords, avoid duplicate passwords. These are a danger because if someone figures out a password on one site, they can try it on other sites to also gain access. There’s no reason to do this when your password manager can handle unique passwords everywhere.
Most password managers will warn you if you’re using one password in multiple locations. Use this as a prompt to change one of them to something that you don’t use anywhere else.
3. Remember Physical Password Manager Security
There’s another element to keeping the contents of your password manager safe: making sure that others can’t open your devices and access your vault contents.
If you don’t lock your computer when you step away, and stay logged into your password manager, someone could open it up and start snooping. Or you might have the password manager app on your phone set to not log out until 30 minutes after you use it. During that time, someone with access to your phone could look at the contents of the app and steal your passwords.
It’s thus important to make sure you lock all the devices that are logged into your password manager when you’re not using them. Most password managers also have options to lock themselves after a certain time of being idle.
1Password, which we’ve recommended before, will lock itself when you lock Windows, by default. That way, even if someone gets your computer password, they still won’t be able to log into your 1Password account.
Protect Your Password Manager’s Valuable Contents
With these tips, you’ll make your password manager account stronger, while also upping the strength of the passwords stored inside. Since your password manager holds the keys to so many of your online accounts, it’s definitely worth treating with care.
For more ways to keep yourself safe online, have a look at other vital security practices you should know.