One password to rule them all

Combating password fatigue with a password manager

By Saba Sultana

Last week, Atilade, Pooja, and Brechin talked about passwords and recommended the use of password managers in their account workout. In today’s digitally interconnected world, where we navigate a spectrum of online services ranging from secure banking websites to food ordering platforms and streaming services, it is mandatory to establish a username and password. While it might be quite tempting to use a single password for all your accounts, doing so exposes you to a multitude of potential risks. But it’s simply not practical to remember all the passwords you’ve created for various accounts if you make them all unique. This is precisely where a password manager proves to be extremely useful.

What is a password manager?

Password managers are like secure wallets in which you keep all your credit/debit cards, identification cards organized and secure. Password managers help you store information about all your accounts in one place, and helps in creating random secure passwords so you don’t have to think about one. This means you only have to remember one password to unlock your wallet, and the software will remember all of the other passwords for you. First time users of a password manager will be required to create an account to access it. It is recommended to create a strong password or passphrase as this is a key to all your accounts, or as Brechin would say “one password to rule them all.” There are many password manager options available, with a range of choices from paid to free alternatives with various features. In this discussion, we’ll examine some features and questions you should ask yourself when choosing a password manager, and give a walkthrough of a respected free option called KeePass.

Choosing a password manager

When choosing a password manager, you should ask yourself some questions. Just like a physical wallet or purse that holds cards, you want your password manager to be easily used and convenient to access.

How and where do I need to access these passwords?

If you have multiple devices, like a phone, tablet, and laptop, a password manager that is accessible from each device is probably preferred. Some password managers also have a website where you can access the passwords from any browser in case you don’t have your usual device at hand.

Do you want to set-up a shared password manager or family account?

Access to online bills or household related accounts could be a shared chore between spouses where multiple people may want to have access to that one account.

Are you planning on putting all your passwords into the password manager?

While a password manager can greatly reduce the burden of remembering passwords to things like email accounts, Netflix, or social media platforms, you may want to consider whether you want to input your banking or other highly sensitive accounts into the manager. Password managers are increasingly being targeted by cyber criminals. While some have been compromised, the passwords are secured in such a way that attackers will still take several years to decrypt any passwords. Since the randomly generated passwords are quite tough to crack, it buys users time to update their passwords in case of a breach.

KeePass/KeePassXC

KeePass is a robust and open-source password manager that provides users with a secure and convenient solution for managing their passwords and sensitive information. It’s available on a wide variety of devices. Known for its robust encryption and user-friendly interface, KeePass allows individuals to store and manage their passwords and sensitive information with ease. The program’s key feature lies in its ability to generate and store complex, unique passwords for various online accounts, reducing the risk of security breaches.

Download KeePass from https://keepass.info/download.html

KeepassXC is a modern/updated version of KeePass with better interface and is available for download on Windows, Linux, MacOS for free.

Download KeePassXC from https://keepassxc.org/

PRO TIP: KeepassXC is the latest, offers a better interface and it’s free!!

Setting up KeePassXC

1. Once you have installed KeePassXC, if you are a first-time user you can begin by creating a new database or open an existing database.

2. Name your database file

3. Choose default encryption settings

4. Create a password for your database (you will need to remember this password and enter it every time you use KeePassXC). For this one password, you should think carefully and consider a passphrase.

KeePass is now ready for you to create new accounts or add already existing accounts.

Walkthrough of KeePassXC

1. Click on the plus sign at the top to start creating new accounts.

2. Fill in the Title and Username.

3. Using password generator: Let KeePass create a password/passphrase for you.

PRO TIP: Use the password generator to generate a random password/passphrase as they can be more complex, harder to guess and lack your personal information.

4. Fill in URL and Notes:

PRO TIP: Use the Notes section to fill in important account details, track the history of your accounts and to keep a note of any information shared. For example, if you have shared your credit/debit details, phone number, or alternate email address, make a note of it here.

Password managers for Mobile Phone

KeePass is available for both Android and iPhone. https://keepass.info/download.html

However, a better alternative for the iPhone is to use Apple’s built-in and free password manager, which offers all the functionalities discussed above while also alerting you if the password is compromised. To open Apple’s password manager, go to settings and scroll down to passwords.

For more information check out https://support.apple.com/en-ca/guide/iphone/iph3ee1dd6e7/ios

PRO TIP: The password you use for your password manager should be secure and hard for a computer or other person to guess. Passphrases are a great solution for this, you can read about passphrases here: Use a Passphrase.
You may have heard in the past that passwords should be changed every three months. What we’ve learned is that this is very hard for people to manage, and forces bad password habits like using “spring23, summer23, autumn23, winter23” followed by “spring24″… The current best practices are to generate a stronger password or passphrase and change it yearly instead. PSM technology has a great summary of current best practices for passwords here: NIST Password Best Practices: How to Keep Your Password Secure (psmpartners.com)