In one simple sentence:
You need one because your passwords should be unique and varied and too complicated for you to remember all of them.
Or, in a much longer version:
Because online security is important, you should use every tool you have including storng passwords and also Two Factor Authentication (2FA) when and where you can, it takes very little effort and can save you a lot of stress. We’ll go into 2FA in more detail in another post soon.
We offer 2FA as standard with every site we host for you, together with SFTP and SSH. We do everything we can to make sure that our servers and the ways that you connect to them are as secure as they can be, but passwords… ah the passwords are down to you.
The importance of passwords
We all log into and use a massive number of services that need passwords, and almost all of them advise you (or should if they don’t) to use a strong password – a combination of upper and lower case letters, numbers and symbols.
A lot of people aren’t doing that though, they are still using their name or the name of a family member, a favourite band or football team as a password. Plenty of us are not even going that far, a recent survey by the UK National Centre for Cyber Security found that 23.2 million data breaches worldwide had been against users using the password ‘123456’.
The problem is that most of us just aren’t great at remembering long strings of pretty random characters. So what we actually do is make the password just complicated enough to pass the requirements of whatever site or service we are signing up for (typically stick a capital letter at the start and throw in a few numbers). We then reuse that password or a close variation of it everywhere else.
And that’s a problem because…
Even if you have chosen the most secure password possible, a long completely random string of mixed case letters, numbers and symbols, companies and websites have data breaches. When this happens someone potentially has access to your password, together with an email address, name and username for one site or service. It’s pretty simple for them to run scripts and try this same login info on other sites, including your mail accounts or online banking services. If you use the same passwords everywhere then someone can gain access to all of your online services.
So, don’t do that! Create individual passwords for individual uses, and don’t for a second think you are going to memorise them all.
You could, as I’m sure plenty of people still do, just write all of your passwords together in one file somewhere. This will work to some degree, but if you lose that file, or someone else finds it, or if you need a password right now and don’t happen to be on that one device, then you have problems.
What you should do!
Use a password manager, give it a password that you don’t use for anything else and then just don’t forget or share that password. There are no ‘forgot your password’ recovery links here, that would defeat the point of all this security.
Most password managers will show you an emergency recovery key once when you set them up, they will advise you to print or write it down and store it somewhere safe. You should follow this advice, keep a record of it and keep it somewhere safe offline.
There are a lot of choices out there, but there are some features that you should be looking our. If your potential choice doesn’t store your passwords in an strongly encrypted way, if it doesn’t give you the ability to access them from multiple devices (including browser based preferably), if it doesn’t offer to generate passwords, and give you the ability to keep secure notes, then it’s probalby time to move on.
Laspass (free) and 1Password (paid) are both good and will do everything you need, but our personal favourite and recommendation is Bitwarden. It’s free, open source and pretty epic. It does everything in the list above and more, and consistently just works without issue or complication. What more could you ask for?
Why not give it a try. It will make your online activities a lot more secure and often easier, because we all forget things from time to time. Just do be sure to remember that one password!