Why you should use a password manager

Today I want to give you 2 reasons why you should start using a password manager. I realise that there are many similar articles online but here I'm going to focus on my use case thus giving you a unique perspective on the topic. Once we're done with the why I'll briefly discuss how to begin your journey with password managers. Yup, there are many of them but don't be intimidated just yet. Let's get started.

The Why

There are many reasons for using a password manager. For me, the most obvious one is convenience. Let me elaborate. I first wrote my logins and passwords on a piece of paper which I then kept in a drawer. It was a long time ago and password managers weren't even on the horizon. It wasn't the most elegant solution but it worked at the time. Later, I remember that browsers started implementing basic password storage mechanisms. So I decided to jump on the bandwagon. It was definitely more convenient. It turned out, however, that you couldn't move your passwords between browsers. There weren't separate apps that would, well, manage your passwords. It later turned out that it wasn't the most secure way to store your credentials. Then, about 4-5 years ago (around 2018) I finally discovered real password managers. Over time, I tried 2 options: KeePass and Bitwarden. Both with their pros and cons. Long story short, I settled on Bitwarden. Why? Convenience. It encrypts your passwords locally and then stores them in the cloud, allowing for synchronisation between different devices. You have access to your credentials on any device and you can easily fill in password fields in browsers and apps. In my opinion, there's no better solution right now.

Another major reason is security. You might think that your drawer or safe is the best place for sensitive data. It might be for some high profile individuals. But for most of us out there a password manager is secure enough AND it prevents your data from being destroyed. Let's assume that your physical safe goes up in flames or is otherwise unavailable. If it was the only place where your passwords lived and you didn't memorise them, you're in trouble. In contrast, if you have your passwords and other sensitive data stored in a cloud-based password manager, it only takes one device (typically your smartphone) to recover the data. Don't worry, the so-called cloud, or the provider of the service, can't see your data: it's end-to-end encrypted. To put it simply, password managers offer superior security. They would be out of business if they didn't.

I'm sure there are many other reasons for opting to use a password manager but the ones I mentioned should be convincing enough. Now, let's talk about where to start when it comes to password vaults.

The How

If I were you, I'd start with a free Bitwarden account. You can always upgrade to a paid version if you think you need it. It's only 10 USD per year so it's very cheap and it's a great way to support the company. Setting up an account should be rather straightforward. In short, you register on their website using your email and a master password. Your email can later be used as 2FA (second factor authentication with one-time codes). Your master password is the only password that you'll ever need so it must be both long and easy to remember. I recommend using a passphrase that's at least 16 characters long. One way to come up with such a complex passphrase is to pick some random words from a dictionary, stack them together and add some special characters and/or numbers. For example: pearcatslavewoman!

The other method is to take a quote, use the first letter of each word and add some extra characters here and there. Can you guess the quote behind this password? HgttgSlatfatf42. Hint: the first couple of letters refer to the book and the rest is about the quote.

After creating an account you can install Bitwarden apps or extensions on any device / OS. Fun fact: once synchronised, your passwords are always stored in a local vault even if “the cloud” is temporarily unavailable or your device is offline. One final tip I'd like to give you concerns the browser extension. By default, your vault is locked once you close the browser. You'll need your master password to unlock it (security, remember?). If entering a long passphrase is too cumbersome you can set up a PIN to unlock the database. I did that because of extra convenience. I'm not sure about the security aspect though. So proceed at your own risk when it comes to PIN unlock.

Self-hosting

A note for advanced users: Bitwarden offers excellent data portability so you can export your credentials and then import them into another password manager. Or you can take your data and host your own Bitwarden instance. My suggestion is to look into Vaultwarden since it offers a light back-end and is fully compatible with Bitwarden apps.

Your turn

You should now see the benefits of password managers. The most serious advantages are convenience and security. Due to strong encryption your data remains yours alone. Even if you end up not enjoying Bitwarden you can export your vault and take it elsewhere. That's the beauty of portability. Thanks for reading and until next time!

Reply to this on the fediverse: @michal@101010.pl