Password Managers

A password manager is one of the most bang for the buck changes you can make for securing your accounts. Depending on which one you choose, it can range from free to a small yearly fee and there's great options for both ends. Password reuse is still a popular thing people do, despite the fact it's known to be an unforced error. If you're reading this site and still don't have one, now is a good time to find one, especially if you're going to use other security measures I discuss on this site. Not losing access to accounts is an important part of security/privacy, as a bad actor can farm sensitive data about you from compromised accounts.

In this section, I discussed encryption and why it's important. One aspect of encryption is having a strong password, since a weak one will be easy to break. For example, using "password" as a password would take about 1 second to break with a dictionary attack and a modern GPU. Using a 20 character password with random upper and lower case characters, numbers, and symbols would take ~25 trillion trillion years (with 2025 hardware; this isn't factoring for improved hardware and quantum computing). You can now use passwords with that level of strength and only need one strong password to unlock your password manager vault.

There's multiple options to choose from but I'll give you three good ones that are a solid bet. If you want free and self hosted; KeepassXC or BitWarden. If you want free and cloud hosted; BitWarden (they also have a $10/year plan with a few extra features). If you want to pay for a manager; 1Password ($36/year). There are a lot of other choices as well. If you want to use something different, be sure to research thoroughly. There's a lot of fake software and you wouldn't want all your passwords to be stored in malicious software.

When you are setting up a password manager, spend some time familiarizing yourself with all the features and how they work before you import all your account creds. Each provider has differences in how they work. If you choose self hosted and aren't already familiar with self hosting, make sure to spend extra time in keeping backups and knowing recovery procedures. When you choose a password, it needs to be strong while also being something you can remember. Be sure to save your backup access method in a safe and secure place in case you forget the password. If you use extensions, be sure you only get them from the official provider and not a 3rd party store. It's not common, but some providers have desktop apps for password managers and 2FA. It's your call if you use these or not, but if you get malware on your computers, this could be a critical point of failure as the vault will be compromised (though extensions aren't likely to fare any better in a case like this).