I use a password manager and it currently has more than 150 accounts in it, ranging from my checking account and other personal stuff to logins to MSDN, various client VPN’s, and more. Almost all of the passwords are unique. Ideally they would be unique, but sometimes I sacrifice ease of use for maximum security. Most of them are strong passwords, and mostly generated by the app. Earlier this week I spent an hour reviewing and pruning those accounts, deleting some that I no longer use and where possible deleting the accounts they were associated with as well. Next week I’ll do a check for duplicate passwords and fix ones I think need to be fixed. Password Managers are more than just a convenience. In the event that a web site you use is breached and credentials leak out, being able to quickly assess your risk level is important. You want to see what other places use the same password and you want to see where you’re using your email as your ID (probably a lot of places). No good way to do that without keeping the list as you go.
Plenty of options to pick from, free and paid, local and online:
- Top 10 Password Managers (InformationWeek)
- Which Password Manager Is Most Secure (Lifehacker)
- Some Password Managers are Safer Than Others (PCWorld)
- The Best Password Managers (PC Magazine)
I’m always aware of the risk embodied in such a central store. If it’s compromised someone would have basically unlimited access to everything – credit cards, checking account, retirement, phone, etc, etc, etc. In the scheme of things having the app is a risk worth taking, but choose your password manager based on how you see the world – do you manage it locally only, or use one with an online data store? Whichever path you take, get one that will automatically capture/enter credentials – it’s the only way it will get used often enough to be worth doing (in my view). Definitely check to see if there is an option to enable two-factor authentication. Finally, my rule is to never access the file on a computer I don’t trust – I trust my laptop at home, my laptop at work, and my phone.