Here’s why you need to start using a password manager — and how you can get started

We’re all guilty of it: You’re signing up for a new account online, and it’s time to create a new password, so you reuse the same one you always use, and it’s probably your birthday or dog’s name, maybe with some extra numbers at the end.

And we get it, it’s tough to remember all those passwords for our email, social media, bank accounts, shopping sites and other online services. But if you’re not using unique and complex passwords on every site, you’re making it easy for hackers or criminals to compromise your sensitive information. 

A password manager can help. It keeps all of your accounts secure by creating, encrypting and storing your passwords so you don’t need to write them on a sticky note next to your computer anymore.

Here’s a quick guide on how to get started using a password manager to help secure your online accounts.

What is a password manager?

If you’re reusing your passwords, you’re not alone. According to a recent study, more than 50 percent of all people reuse or modify similar passwords across their internet accounts — and this is a big problem, especially if you use similar passwords on very sensitive accounts, like banking, investments, and your primary email account. 

With the alarming rise of data breaches and leaks — and the buying and selling of user data on the dark web — reusing the same password could put your information at risk. Even if you use the same, long, complex password across multiple sites, once hackers have that password, they could access other accounts that use the same or similar password. That’s why it’s so important to utilize a password manager to create strong and unique passwords for each site you use. 

Here’s where a password manager can help. It can create long, complex passwords that you’ll never have to remember, then encrypt and store them in a digital vault that only you (or a loved one) can access. When you visit the login page for a site, the password manager automatically fills in your credentials from your vault. Additionally, password managers can also help protect you from phishing scams, because the password manager typically will only fill in your credentials on the correct site, not a fraudulent one.

How to get started with a password manager

This all may sound a bit confusing, but it’s pretty simple. Here’s how you can get started:

1. 1. Choose a password manager. You may already be using a browser or operating system to store your passwords (like in Chrome, Safari or iOS), but we like password managers that are cross-platform and work across browsers. So, for example, if you save your password on Firefox on your PC, a cross-platform password manager will allow you to still seamlessly access that password on your iPhone or Android apps.Some popular password managers are LastPass, 1Password, Keeper, BitWarden and Dashlane. They all charge a monthly fee for premium accounts, but we think the protection they provide is worth it.
   2. Download the password manager, install its browser extension on your computer, and install the accompanying app to your phone. The process should be pretty straightforward and the password manager should guide you easily through each installation step.
   3. Choose a master password or passphrase that allows you to access your password manager and start storing your passwords. This will typically be one of the last passwords you’ll ever need to remember and enter manually. LastPass has a good blog post on how to choose a strong and easy-to-remember master passphrase. We recommend you also write this master password down, and store it securely in a locked desk or fireproof safe, in case you forget it.
   4. Audit your current passwords. As you begin logging into sites or apps, your password manager will start saving your account information in your vault. After you’ve logged into most of your important sites, like your email, banks and other sites, your password manager should allow you to run a security audit of your current passwords to let you know which ones are being reused and suggestions for which passwords to change. You may also have alerts for email addresses and passwords that have been found on the dark web, which would also need to be changed.