It all started a couple of years ago. I am guilty of having used the same two or three passwords on almost all the sites for which I signed up.
Then I stopped doing that.
It suddenly made me think that what I was doing was not really secure, given the amount of accounts I have created over the years on the Internet.
I am not going to talk in this article about how I started cleaning up my digital presence and I would dedicate a separate article for that matter.
I started reading about password managers. Even though the amount of articles about this subject is pretty large, I feel like it is still not enough.
As you see, people are still not using password managers as much as I personally would want to.
So this is my journey on how I managed to switch from being one of the 59% who would mostly or always use the same password, from the study above, to having 0% reused passwords. Hopefully you find it useful and change your mind into using a password manager.
In general, the nice thing about password managers, is that you don't have to remember all the different passwords that you have. You only need to remember a single password (sometimes called master password). You literally don't need to know or even care the actual password you use on a website. Obviously, you want to make sure you use a pretty strong password for that single one, because if your master password is compromised, you are in a pickle.
So the journey began
The number of password managers out there is pretty high and finding one that suits you might be hard. I have to admit that I am a pretty picky person when it comes to choosing new things, software or not: password managers, streaming music, browsers, you name it. For me, the thing that I want to use really needs to stand out of the crowd - beautiful design, ease of use would only represent the beginning of my requirements list.
I am not easily impressed by the fancy presentation websites, with all the marketing yada yada, so what I usually end up doing is taking each app for a spin until something catches my eyes.
Attempt #1: KeePass
Well, I must admit, when it comes to privacy, KeePass would be the best pick for anyone caring for their privacy.
The thing about KeePass which make it stands out of the other password managers is that it is an offline password manager. What this means is that whatever you have in your vault (or your database password), this is not synchronized on the cloud. This makes it pretty secure.
But being very secure does not result in ease of use.
What I ended up doing is going full berserk paranoid mode: I made use of a USB drive, with VeraCrypt encrypted drive on it, store the KDBX file (the database itself of KeePass). So in order to get my passwords, you would need to:
- physically have my USB drive
- know the encrypted password of the VeraCrypt drive
- know the (obviously) different passwords which was the key to my KeePass database.
Unless you are a psychic, it would have been a bit hard to get my passwords. Not to say it's impossible, but the idea is you want to give a hard time the hacker that is trying to get to your things.
Long story short, after a week I forgot my VeraCrypt drive password which made my USB drive inaccessible anymore. Only after this stupid thing that I did, I realised that paper passwords is pretty valuable.
As I was saying earlier, ease of use is not there. If I would have approached this route with KeePass, I would have also needed to obviously make a redundant USB drive for backup, because doh, they fail when you least expect it, which I would have needed to synchronize in some way. The alternative with an USB drive would be to put your KDBX file on a cloud provider, like Dropbox.
I didn't feel like is making my life secure in an easy way.
Attempt #2: LastPass
This is one of the most known password manager out there. I have used it for almost an year and I liked the fact that I could easily get any password I need it on my laptop or my phone.
The hardest thing was to move all my accounts from my head to LastPass. It took me a few days, if not, a week to do this. But this had nothing to do with LastPass, but getting into using the full potential of a password manager in general.
After finishing this migration period, I obviously didn't stop there. I wanted to make sure, when applicable, to have 2FA enabled, so it would give me an extra layer of security for my randomly generated passwords.
And everything was perfect: I got autofill for all my passwords, nice design, pretty easy to use and was cross platform (Mac, Windows, Linux) since it was browser based and you didn't need any desktop application.
Attempt #3: 1Password
I read about 1Password during my attempt to find a password manager and I briefly read about it, but it wasn't useful for me at the time, since back then it didn't support other platforms than MacOS. During that period I had a PC running a linux distribution, a work laptop which was running Ubuntu and that was a no-go for me from the start, so I said: Next. That's how I ended up using LastPass in the first place. Also, premium 1Password was also a bit more expensive than LastPass premium and that was another factor in picking the right tool.
Well, after a while, we upgraded from Ubuntu laptops to Macbook Pros at work, but that wasn't the moment I migrated to 1Password.
I think I read about 1Password in a random article talking about it, also I saw Have I Been Pwned website where they were promoting 1Password.
Then I said to myself, since now I have a Mac and I have an iPhone, what if I give a shot to 1Password, since they would offer a free trial.
And then it was love at first sight
I have to say, there is a difference between an only paid software and a free software, having a possibility to pay for it for some features that people might live without.
The user experience, the design, the ease of use are remarkable in 1Password. But it doesn't stop there.
A few key features that I love are the built-in OTP for an account, which basically means you don't need a separate application, like Google Authenticator. And that's amazing. Another cool thing is, when you fill in your credentials on a website, if you have enabled 2FA on that website, the OTP gets copied in the clipboard for a short period of time, meaning that you don't need a phone next to you to write the OTP manually.
Another nice feature is that anywhere I am, if I do `CMD+L`, I get a pop up, which helps a lot, if you have more than one account for a website.
I won't get into more details about 1Password, since their documentation is pretty solid and of course, the purpose of this post was not to talk about 1Password's features.
Is this the best password manager?
Well, for me, it is. And the reason why I say this is that people are subjective and obviously, we have different tastes to different things.
There are other great password managers, like Dashlane, which I also gave it a shot like 30 minutes, but we didn't clicked, so I cannot speak for it, but I do know people enjoying it and they have no problem using it.
Which password manger should I use?
The purpose of this article is not what password manager should you use.
My advice for you is, first of all, make sure you actually use one. Which one is it? It doesn't really matter, as long as you don't come up or make use of the same password or using weak passwords.