Are You Making These 6 Password Manager Security Mistakes?

Dann Albright 18-07-2016

When it comes to making your digital life more secure, it’s tough to beat a password manager How Password Managers Keep Your Passwords Safe Passwords that are hard to crack are also hard to remember. Want to be safe? You need a password manager. Here's how they work and how they keep you safe. Read More : they make it so you only have to remember one master password, instead of individual ones for the dozens (if not hundreds) of sites you’re a member of. They also tell you if you have strong passwords, let you get your login information on your phone, and all sorts of other conveniences. But there are a number of things you can do to negate the benefits of password managers, and you’re probably doing at least a couple of them.


In fact, these mistakes can make your password manager a downright risky app to use. And some of them are really easy to make. Let’s take a look at what you might be doing wrong and how it affects your security.

Staying Logged In

This is certainly one of the most common mistakes; if your password manager is logged in when you open your computer or your browser after closing it, you’re opening yourself up to some risk. If someone grabs your laptop off of a table while you’re getting coffee, or manages to steal the password to unlock your machine, they’ll have instant access to all of your passwords and any other valuable information you’ve stored in your password manager.

While it’s not likely that someone will have physical access to your computer, is it worth the risk of giving them access to every account you have saved in your manager? That probably includes email (though that should be protected by two-factor authentication), banking, social networking, and every other site that you log into. That’s a pretty big risk, even if the chances are low.


To mitigate this risk, you should make sure that your password manager automatically logs you out when you close your browser, when your computer goes to sleep, or after a certain period of time (one to two hours is probably a good place to start). If you want to be extra secure, you could see if there’s a setting that requires your master password every time you fill in login information. This might be a bit unwieldy, but it’s definitely very secure.


Weak Master Password

Although your password manager will generate and remember strong passwords for all of your sites, you still need a good password that unlocks the manager. Choosing “password” or “123456” (these are the two most popular passwords 7 Password Mistakes That Will Likely Get You Hacked The worst passwords of 2015 have been released, and they're quite worrying. But they show that it's absolutely critical to strengthen your weak passwords, with just a few simple tweaks. Read More ; seriously) as your master password means someone might be able to guess their way into your account, and that’s bad. Yes, you want to make sure you don’t forget your master password, but if you make it really simple, you’re compromising your security.

Instead, use some of the tips we’ve provided in the past about creating strong passwords How to Create a Strong Password That You Will Not Forget Do you know how to create and remember a good password? Here are some tips and tricks to maintain strong, separate passwords for all of your online accounts. Read More . For instance, use a passphrase Why Passphrases Are Still Better than Passwords & Fingerprints Remember when passwords didn't have to be complicated? When PINs were easy to remember? Those days are gone, and cybercrime risks mean fingerprint scanners are next to useless. It's time to start using passcodes... Read More instead of a password to make it really hard to guess or brute-force. Grab one of your favorite books 13 Ways to Make Up Passwords That Are Secure and Memorable Want to know how to make up a secure password? These creative password ideas will help you create strong, memorable passwords. Read More to make up a secure password. There are all sorts of methods you can use. Just make sure that you use one and get a secure password! And then check it with an online password strength tester like How Secure Is My Password?

Not Using Two-Factor Authentication

We’ve written a lot about two-factor authentication What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More (2FA), because it’s one of the best things you can do to secure any account. You should do it with as many accounts as possible Lock Down These Services Now With Two-Factor Authentication Two-factor authentication is the smart way to protect your online accounts. Let's take a look at few of the services you can lock-down with better security. Read More ; email, cloud storage, financial sites, and anything else that allows it. Fortunately, more and more services are offering 2FA, including password managers. Adding an extra layer of security to your password manager sounds like a hassle, and it is, but only a little bit. And if someone gets access to your computer and has managed to steal your password, this will keep them out of your accounts.



If you don’t have 2FA set up for your password manager, you should do it immediately — it’s a big step toward security.

Reusing Passwords

Humans are creatures of habit Points For Everything: How I Tried to Win At Life With Gamification My brain is stupid. It thinks I can get done tomorrow what I need to do today, and that I can do this afternoon what I need to do this morning. It puts everything off.... Read More ; we tend to do the same things over and over. Which often includes choosing a specific password multiple times. Even when using a password manager. This doesn’t completely nullify the benefits of a password manager, but it does come close. If someone gets a hold of one of your passwords, they may very well try that password on your other accounts, and if you’ve reused a password, they could gain access.


Of course, there’s a very easy solution to this problem: use the password generator included with your manager. You don’t have to go through the process of thinking up a new password every time you create a new account; just let the password manager do it for you. Then save it, and you’ll never have to worry about it again. And if someone gets a hold of one of your passwords, they can try it on all the other accounts they like, but it won’t do them any good.


Choosing Weak Passwords

Because we tend to repeat the same mistakes, even people who use password managers might not take full advantage of them. We’ve said it over and over before, but it’s worth repeating: choose strong passwords. Even if you’re using a password manager, you need to have guess-proof passwords. It’s especially easy to keep your weak passwords Test Your Password Strength with the Same Tool Hackers Use Is your password secure? Tools that assess your password strength have poor accuracy, meaning that the only way to really test your passwords is to try to break them. Let's look at how. Read More right when you start using a password manager for the first time, but take the time to change them (some managers even have an auto-change feature that let you change them with a single click).

Not Taking Advantage of Extra Features

Most password managers have some cool features that you can take advantage of to improve your security. And while not using them won’t necessarily make you less secure, you can definitely be more secure with them. For example, LastPass has a feature called Security Challenge that looks at all of your passwords and gives you a score. That score is based on the strength of your passwords, how long it’s been since you’ve changed them, and whether any sites that you have passwords saved for have had password breaches in the past.


Check out your password manager to see what capabilities you could be taking advantage of to further secure your digital life. You might be missing out on some really useful stuff!


Do You Make These Mistakes?

Not many people probably have perfect habits when it comes to password managers, and it’s pretty unreasonable to expect that everyone will adopt all of the security recommendations above.

But even if you start using one or two of them, your passwords — and therefore your digital accounts — will be much more secure, and that’s good for everyone (except cyber criminals). Take a few minutes to think about how secure your password manager really is, and then take some steps to improve it.

How many of the bad habits above do you practice? (I’ll admit to at least two of them.) Do you ever worry about how secure your password manager is? And will you change your ways now that you know how to make it more secure? Share your thoughts in the comments below!

Related topics: Online Security, Password Manager.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Ted
    July 21, 2016 at 8:25 pm

    #7 Using LastPass - Don't store your passwords online. Use KeePass or another program that allows you to store the password file where you can protect it. Having thousands of customer password files with a company is too tempting for bad people.

    • Dann Albright
      July 25, 2016 at 8:04 pm

      That is a potential drawback, but as far as I'm aware, LastPass hasn't had any major breaches. I believe they lost the hashes of some passwords once, but they have to know that if they suffered a breach, they'd be done, so I'm sure they've invested in absolutely top-notch security. Obviously that only goes so far, but it seems to have done the job well. Also, having them online is really useful for people who move between computers.