Creating, remembering, and typing passwords is horrible security practice. Stop doing it.

Human nature makes us lazy and cut corners. Use a tool to make password management easy, and therefore, secure.

Author
David

I haven't had to type a password in years, yet I have accounts on hundreds of websites.  All of these sites require a password, yet I can't remember the last time I created one.

I don't create or type passwords because it's horrible security practice.  Even more perplexing, I don't know any of my passwords for any account.  If my life depended on reciting one of my passwords, I'd be dead.

How is it that I don't know any of my passwords, haven't created a password, nor have I typed a password in years?  The answer is I use a password manager.

The biggest problem with security is it's inconvenient and humans are lazy.  Laziness beats disciplined security policy every time.  The solution to this dilemma is to make it easy and convenient to practice good security.  A password manager makes this possible.

Why is it considered bad security to create, remember, and type a password?  Because human nature kicks in and makes us create passwords that are easier to type and remember.

The passwords will get shorter, and we'll use the same one for different accounts to make things easier for us.  A password manager removes human nature from the login process by making it a simple mouse click.

How do you create a new password?  A simple mouse click.  What about remembering the password?  A simple mouse click.

To put another way, it takes more work to practice bad security than to practice good security with a password manager.

Here's a sample password from one of my accounts:

@h6JBg&j5Uj&iG#[email protected]$#%ERebe$T4uhs4SAkWvaFBNYjdArjFzc

Good luck guessing that one.  For every website on which I have an account, I have a unique password.  If a non-critical website to which I belong is compromised, I don't care.  The thieves will simply be holding a unique password and an email address that's not tied to my name or identity.

There are different products, but I've been using BitWarden for a while.  How does the password manager work?

You install the password manager as an extension in your browser.  When you're ready to create a new account, you simply enter your username or email (whichever the site requires for the username) like normal, but then allow the password manager to automatically generate the long, secure password.

Once you hit the submit button to create your account with the username you selected and password created by the password manager, it remembers your username and password in the login form fields.  That's it.

The next time you visit that website, the extension icon will display a notification to alert you of an available login.

 

BitWarden in use.

When you click the icon, the saved logins for that website drop down and you click on the one you want (for most sites you'll only have one).  The password manager then populates the username and password fields on your behalf with your credentials, then you simply hit the login button.  That's it.

It's easy, and no work beyond a mouse click.  Most importantly, it's secure.