Tech News

6 things I wish someone had told me before I signed up for a password manager

6 things I wish someone had told me before I signed up for a password manager

#told #signed #password #manager Welcome to Alaska Green Light Blog, here is the new story we have for you today:

Click Me To View Restricted Videos

Yes, I’m here to tell you with a straight face that I’ve never used a password manager before. It’s not like I’ve never thought about signing up for one. I’m always tempted to try different options, but part of me always gets itchy when I put all my eggs in one basket, especially when data breaches are constantly reminding us that it might be a bad idea. I know I’m not alone on this boat because old habits are hard to break. I figured I would be “more secure” if I remembered my passwords or wrote them down somewhere. But with a growing list of online accounts, I’m finally struggling to create unique and strong passwords for each one. So my tech resolution for 2023 was to give password managers a chance, so here we are.

Choosing a good password manager can be difficult, and the sheer number of options available doesn’t make it any easier. I’ve learned a lot on my journey, and I hope these tips can help you on yours as well.

Find the features you want

Most password managers do a lot more than just fill in your passwords in a login form. Keeper, for example, is a super-featured password manager that can also store your credit card information, lock files and photos in a secure vault, help you share your passwords, and more. 1Password also comes with plenty of bells and whistles and can perform additional tasks such as B. removing secrets from your clipboard and warning of security breaches.

The 1Password app is free to download and comes with a 14-day trial.  You must purchase a subscription to continue using it. 1password

It’s important to understand what you want from your password manager, unless you want to go down the endless path of options. After all, there’s no point in paying extra for all the extras if you don’t use them. You may already have a secure folder on your smartphone to lock important files and photos, or you may not have to pay for new features like dark web monitoring and notifications. Instead, look for useful features that are important to you.

Here are key features I recommend looking for instead:

Cross-platform support to access and manage your saved passwords on any device or platform regardless of what web browser you use

For example, I was looking for a password manager that would help me avoid reusing the same passwords for different accounts. I got to a point where I started reusing some of my passwords, leaving the door open for attackers to break into multiple accounts. Long story short, I preferred a simple and secure password generator to one with fancy features so as not to spend more than I wanted as a new customer. However, your mileage may vary.

Zero-knowledge encryption is important

Most password managers also use strong encryption like AES 256-bit and XChaCha20 to lock your password before it leaves your device. So even if you use a password manager service that stores your password on a remote server, it may not be immediately accessible to hackers trying to steal it. All reliable password managers out there use complex encryption techniques to secure your vault, so you don’t feel in the dark when handing over important information.

An illustration explaining the NordPass Zero Knowledge encryption method.

For example, Bitwarden uses AES-CBC 256-bit encryption for your vault data and PBKDF2 SHA-256 to derive your encryption key. All your data is encrypted or hashed before being sent to the remote servers and it can only be decrypted using the key derived from your Master Password. NordPass, on the other hand, uses XChaCha20, which is faster and easier to implement than standard methods.

I recommend only selecting those that use a zero-knowledge encryption solution, which means they cannot read or share your sensitive information. Of course, there’s no way to stay 100% safe online, but it helps if you cover the basics.

Choose password managers with secure backups

It’s also important to choose password managers that allow you to create a backup of all your encrypted passwords in case the remote server crashes with all your passwords. Some password managers create a backup of the encrypted password, while others simply allow you to create a backup of the decrypted data in a human-readable format. In any case, it’s important to create a backup in case you lose access to your vault due to a server failure and find yourself in a situation where you can no longer access your accounts online.

LastPass Authenticator

Looking at the recent LastPass mishap and how it handled the situation, I know I never leave a backup of my passwords online, even if it’s encrypted. You can always back up manually and offload a copy of all your passwords, but make sure you move and store it securely to prevent it falling into the wrong hands.

Look for biometrics and other sign-in options

Multi-factor authentication (MFA), as I mentioned earlier, is one of the most important features to look for in a password manager. You should try to combine a strong password with two-factor authentication (2FA) or even biometric authentication like fingerprint or face scan. Biometric protection usually acts as an extra layer, requiring you to still use your Master Password and an enabled two-step login. There aren’t too many layers of security, especially when just one password/key can unlock a vault full of confidential data.

It’s also worth noting that setting up MFA or biometric authentication is not an alternative to your Master Password. You will still need the master key to decrypt the vault data before accessing it after going through additional levels. Technically, you only need to enter the master password once for each device, as the vault data is then automatically downloaded from the server and stored locally. Which also brings me to my next – and probably most important – point.

Don’t forget your master password!

Almost all modern password managers work with zero-knowledge encryption, so they cannot read or retrieve your master password. Some of them offer you tools to recover the password in case you forget it, but you can’t really use them unless you’ve pre-authorized those options. Some of these options include:

A password hint: Your password manager will email you the password hint (if you have one set up). Emergency Contact Access: Provided you have enabled the emergency access option for your account, you can contact your emergency contact to regain access to your vault. Admin password reset: People with a company account can contact their admins to reset their accounts and regain access to them.

The above recovery options will only work if you have authorized them beforehand. Some password managers like Dashlane also allow you to retrieve your Master Password using biometric authentication, but even that only works if you enabled it before forgetting the Master Password.

All modern password managers work with zero-knowledge encryption, so they cannot read or retrieve your master password.

If none of these options give you access, you have no choice but to delete your account and create a new one. It also means you’ll lose the items stored in your vault, requiring you to reset your login credentials for each account.

Getting started as a beginner

I was just as overwhelmed as you are probably now after reading it all. If you don’t feel comfortable setting up a password manager for all your accounts, then why not use it for some basic or casual accounts? You know, the ones you might have created to try a free trial or read an article behind a paywall.

I also recommend testing the waters with free password managers before committing to a premium subscription. As someone fairly new to the world of password managers, I started using Bitwarden to get acquainted with low-risk accounts. Bitwarden includes all important features and does not lock anything important under a paywall. It’s also fully open source, which means you can review, review, and contribute to Bitwarden’s code on GitHub.

A screenshot showing Bitwarden's GitHub repository.

I also find peace of mind knowing that I can ignore Bitwarden cloud storage and the host’s entire infrastructure stack on my platform of choice. Again, it all comes down to the features you want, so browse through the different options and choose the one you think best fits your use case. You can always check out our collection of the best password managers once you know the pros and cons and are ready to jump in.

Click Here To Continue Reading From Source

Related Articles

Back to top button