USA TODAY International Edition
Password manager beefs up security
QUESTION: If someone acquires the master password for my password manager program, then they have access to all my accounts. How's this different than a single password for all accounts?
ANSWER: This is a common and legitimate question that often keeps non- technical users from incorporating a password manager, but it’s important to understand that cybersecurity is never about achieving 100% security as it’s just not possible.
The real focus needs are on evaluating the degrees of security based on a number of variables and whether you are in control of them or not.
Using the same password on all your accounts means that if any one of those accounts is breached, they are all at risk because the standard operating procedure for cyberthieves is to try the same password on thousands of other sites.
You are only as secure as the least secure site that uses the same password.
Password manager security
When you incorporate a password manager, you only have to create, remember and protect one password.
It’s important to use a very long and complex password that you have never used before for the best chances of keeping it secure.
Most password management programs provide lots of additional layers of protection that you can set up that include two- factor authentication and rules that deny access based on location, device or IP address.
When you add these additional layers of protection, even if an unauthorized person acquires your master password, they won’t be able to use it because they won’t have the necessary additional items to be fully authenticated.
You also will get a warning of a failed or blocked sign- in attempt, which lets you know to change your master password to be safe.
What if they get hacked?
Another common question about password management services is “what happens if they suffer a breach?”
Your passwords on all of the services are stored using powerful encryption, which means any breach of the encrypted data would require the hacker to spend time trying to decrypt the information.
The service would automatically require you to reset your passwords.
Suggested programs
For many years, I’ve recommended LastPass because it offered lots of features in its free version, but if you want to use it on both a computer and smartphone, it’s no longer free.
Another fee- based service that has lots of great features is 1Password.
Both services offer individual or family- based plans from $ 3 to $ 5 a month.