A quick check in my password vault reveals I have 462 stored passwords.
Admittedly, a hundred are in my archive folder—just in case. And many are used infrequently. Nevertheless, you can't escape the fact that passwords are part and parcel of our everyday online lives.
It feels like every time you land on a website, and dodge the cookie warning, you're prompted to sign up or sign in. The first part is relatively painless: enter your email address. But then you need a password. And so the fun begins.
In our home, this can go one of two ways. For me, it's relatively straightforward: I can tap into my password app and either bring up the existing password or create a unique, strong one (number 463). For my wife, the pandemonium ensues. There's a scramble to find "the notebook" with all her passwords. After much rummaging, said notebook is retrieved, but alas, it somehow doesn't contain the required password, which means password reset time.
You get the picture. With the right tools, managing your passwords is a breeze.
Why passwords matter
So, why all the fuss about passwords? Or more to the point, why must you create and maintain a long, complex, and unique password for every online account you have?
In short, it boils down to data breaches. Personal info, including passwords, gets exposed whenever an organization has a data breach. And you'd probably be surprised how many data breaches occur.
In 2021, more than 4,100 publicly disclosed data breaches occurred, exposing 22 billion records.
In 2023 to date, 953 incidents have exposed over 5 billion records.
Although those are significant numbers, one data breach often spawns more trouble. For example, if you've used the same password on multiple sites, those hackers can also access your other accounts. And to make things worse, those hackers will sell your stolen credentials to other criminals. If the accounts are work accounts, that opens up a whole other can of worms, as hackers now have access to any sensitive data your company stores.
So that's why long, complex, and unique passwords matter.
How to set yourself up with a password manager
According to Dashlane, the average internet user has 240 online accounts requiring a password. There's no way you can remember that many unique passwords, especially if they're long and complex—i.e., at least 12 characters, but preferably longer, of mixed-case letters, numbers, and symbols.
That's where a password manager comes in. It can generate, remember, and autofill your password credentials, so you don't have to memorize them.
Here's how to make your life easier with a password manager.
1. Select a password manager
First, you need to choose a password manager. While there are many excellent options, the four Zapier recommends are 1Password, Bitwarden, Dashlane, and iCloud Keychain.
1Password is the best choice for most people as it's easy to use across multiple devices. Bitwarden offers a generous free plan, Dashlane provides additional security features like VPN, and iCloud Keychain works seamlessly with Apple devices.
2. Set up your password manager
Most password managers have a similar setup process. You download an app on your device and follow the prompts to install it. Then, guess what? You'll need to create a username and password for the password manager itself, often called the master password.
That master password is probably the only password you'll need to remember going forward. So, how do you create a long, complex password that you can remember?
Well, 1Password recommends using a passphrase, which combines several unrelated words, like "ball-orange-moon-car." Research suggests it would cost a hacker about $76 million to crack a passphrase like that. But, as with all passwords, make sure you choose something unique, and in this case, make it memorable.
Also, save your master password somewhere secure. If you forget it, most password managers do not allow you to reset your master password via email for security purposes. In fact, 1Password asks you to save your Emergency Kit when you create an account.
It's basically a PDF document you can print off, write your master password on, and store safely. If your password manager doesn't provide something similar, you can create your own version.
3. Download the app for other devices
It's advisable to download and install the password manager app on all your devices because any password changes you make on one device are immediately available elsewhere. The best password managers also have browser extensions. Be sure to install and log in to the browser extension, as it's the key to making your life easier and more productive with a password manager.
Generally, password managers aren't really worth it if they don't work on all your devices, so make sure you choose one that fits your workflow. For example, Apple's iCloud Keychain doesn't work with the Google Chrome browser, so it's no use to me because I don't use Chrome.
4. Get all your passwords into it
With downloads and initial setup complete, it's time to start importing passwords (if you have them saved somewhere else) or adding them as you log in to sites.
If you're importing passwords from another application, your password manager will most likely offer a couple of options to import it directly or let you move it manually via a CSV file.
The import also prompts you to change any compromised passwords it detected.
When you log in to a site that requires a new password, you can use the suggested password from the password manager, which will usually pop up automatically or on right-click.
With the password details securely stored in your password manager, the app will now auto-fill the credentials for you whenever you land on the site again.
5. Run a password audit
After using the password manager long enough to record a few dozen passwords, you should conduct a password audit. Many of the best password managers, including Dashlane and 1Password, can help you with this.
A password audit assesses your ongoing password security. It detects weak or duplicate passwords and advises of compromised passwords following a data breach or hack. It also tells you if there are any sites with two-factor authentication that you haven't enabled yet.
You can then change any online accounts that are vulnerable. For example, in 1Password, you click on Watchtower in the sidebar. Any Watchtower category that has items in it will appear on your dashboard.
For example, this shows 331 items imported from LastPass, which suffered two major data breaches. In this scenario, although the passwords were strong, they've been compromised, so I need to take action and change all those passwords. Using the password manager, I can step through each one and change the password on the affected websites.
6. Change your passwords often, or not
Aside from tools like Watchtower alerting you to change your passwords after a data breach, do you need to change your passwords often? Some IT departments enforce rules where you must change your password every 30/60/90 days. But an opposing view questions why you need to change a strong, unique password. It's possible you could inadvertently choose a weaker password.
So, unless you're prompted to change your password by your IT department, keep your strong, unique passwords and only change them when they appear in a known leak or if you discover a company, platform, or service has been compromised.
7. Explore other password manager features
Bonus: some password managers also allow you to save other sensitive information, such as credit card details, addresses, security questions, driver's licenses, financial information, medical records, software licenses, and attached encrypted files like passport scans.
Bolster your online security with a password manager
A password manager is an essential app. Aside from saving you time, it increases your online security. The right tool lets you create strong, unique passwords for all your online accounts, auto-fills the details every time you revisit the site (on any device), and advises you of any weak, vulnerable, or compromised passwords. And whenever you need to update a password, it only takes a couple of clicks.
If you're not using a password manager, start today. Take one for a free trial spin, and see how much easier it is to make all your passwords strong and unique.
Related reading: