Are You Making These 6 Password Manager Security Mistakes?
When it comes to making your digital life more secure, it’s tough to beat a password manager : they make it so you only have to remember one master password, instead of individual ones for the dozens (if not hundreds) of sites you’re a member of. They also tell you if you have strong passwords, let you get your login information on your phone, and all sorts of other conveniences. But there are a number of things you can do to negate the benefits of password managers, and you’re probably doing at least a couple of them.
In fact, these mistakes can make your password manager a downright risky app to use. And some of them are really easy to make. Let’s take a look at what you might be doing wrong and how it affects your security.
Staying Logged In
This is certainly one of the most common mistakes; if your password manager is logged in when you open your computer or your browser after closing it, you’re opening yourself up to some risk. If someone grabs your laptop off of a table while you’re getting coffee, or manages to steal the password to unlock your machine, they’ll have instant access to all of your passwords and any other valuable information you’ve stored in your password manager.
While it’s not likely that someone will have physical access to your computer, is it worth the risk of giving them access to every account you have saved in your manager? That probably includes email (though that should be protected by two-factor authentication), banking, social networking, and every other site that you log into. That’s a pretty big risk, even if the chances are low.
To mitigate this risk, you should make sure that your password manager automatically logs you out when you close your browser, when your computer goes to sleep, or after a certain period of time (one to two hours is probably a good place to start). If you want to be extra secure, you could see if there’s a setting that requires your master password every time you fill in login information. This might be a bit unwieldy, but it’s definitely very secure.
Weak Master Password
Although your password manager will generate and remember strong passwords for all of your sites, you still need a good password that unlocks the manager. Choosing “password” or “123456” (these are the two most popular passwords ; seriously) as your master password means someone might be able to guess their way into your account, and that’s bad. Yes, you want to make sure you don’t forget your master password, but if you make it really simple, you’re compromising your security.
Instead, use some of the tips we’ve provided in the past about creating strong passwords . For instance, use a passphrase instead of a password to make it really hard to guess or brute-force. Grab one of your favorite books to make up a secure password. There are all sorts of methods you can use. Just make sure that you use one and get a secure password! And then check it with an online password strength tester like How Secure Is My Password?
Not Using Two-Factor Authentication
We’ve written a lot about two-factor authentication (2FA), because it’s one of the best things you can do to secure any account. You should do it with as many accounts as possible ; email, cloud storage, financial sites, and anything else that allows it. Fortunately, more and more services are offering 2FA, including password managers. Adding an extra layer of security to your password manager sounds like a hassle, and it is, but only a little bit. And if someone gets access to your computer and has managed to steal your password, this will keep them out of your accounts.
If you don’t have 2FA set up for your password manager, you should do it immediately — it’s a big step toward security.
Humans are creatures of habit ; we tend to do the same things over and over. Which often includes choosing a specific password multiple times. Even when using a password manager. This doesn’t completely nullify the benefits of a password manager, but it does come close. If someone gets a hold of one of your passwords, they may very well try that password on your other accounts, and if you’ve reused a password, they could gain access.
Of course, there’s a very easy solution to this problem: use the password generator included with your manager. You don’t have to go through the process of thinking up a new password every time you create a new account; just let the password manager do it for you. Then save it, and you’ll never have to worry about it again. And if someone gets a hold of one of your passwords, they can try it on all the other accounts they like, but it won’t do them any good.
Choosing Weak Passwords
Because we tend to repeat the same mistakes, even people who use password managers might not take full advantage of them. We’ve said it over and over before, but it’s worth repeating: choose strong passwords. Even if you’re using a password manager, you need to have guess-proof passwords. It’s especially easy to keep your weak passwords right when you start using a password manager for the first time, but take the time to change them (some managers even have an auto-change feature that let you change them with a single click).
Not Taking Advantage of Extra Features
Most password managers have some cool features that you can take advantage of to improve your security. And while not using them won’t necessarily make you less secure, you can definitely be more secure with them. For example, LastPass has a feature called Security Challenge that looks at all of your passwords and gives you a score. That score is based on the strength of your passwords, how long it’s been since you’ve changed them, and whether any sites that you have passwords saved for have had password breaches in the past.
Check out your password manager to see what capabilities you could be taking advantage of to further secure your digital life. You might be missing out on some really useful stuff!
Do You Make These Mistakes?
Not many people probably have perfect habits when it comes to password managers, and it’s pretty unreasonable to expect that everyone will adopt all of the security recommendations above.
But even if you start using one or two of them, your passwords — and therefore your digital accounts — will be much more secure, and that’s good for everyone (except cyber criminals). Take a few minutes to think about how secure your password manager really is, and then take some steps to improve it.
How many of the bad habits above do you practice? (I’ll admit to at least two of them.) Do you ever worry about how secure your password manager is? And will you change your ways now that you know how to make it more secure? Share your thoughts in the comments below!