Cybersecurity New Year’s Resolution #1: Get a password manager
This January, we’re going to offer you the chance to make some changes which will improve your cybersecurity posture and keep you safer all year long. To do this, we’ll give you some background information on each “cybersecurity New Year’s resolution” and also walk you through the steps needed to take action.
For many people, these may be things that they’ve been putting off for a while — things that they know are important, but which they haven’t gotten around to just yet. If that describes you, now’s the perfect time to turn over a new leaf!
And by the way: If you have already taken these precautions, consider sending these guides to a friend or relative (or even better, sitting down with them and walking them through the process).
Why you should do it
When we interviewed data breach expert Troy Hunt, he had this to say about password managers: “Password managers are unequivocally the single best thing you can do for your security posture as a normal, everyday person”.
Why is that? Because we’re all suffering from account overload. We have dozens of different accounts to manage, and each one is supposed to have a strong, unique password to keep it safe. Without a password manager, most people do one of two things: They either create simplistic passwords (which are easy to hack) or they reuse passwords on multiple sites (which means hackers can access several of your accounts if one of the sites suffers a data breach).
Password managers allow you to create ultra-secure passwords for each and every account you own — and they do the hard work of remembering these for you. You only have to keep track of one password: the master password to your password manager app.
Time investment: Low — about 30 minutes.
How to do it
The first thing to do is to pick a password manager. There are several excellent options on the market, some with free versions, some by subscription only. If you’re willing to spend a little bit of money for security, we like to recommend 1Password. Free options include LastPass and Dashlane. We’re going to walk you through the setup for Dashlane, but remember: You aren’t married to your password manager. You can always switch to a different one later on if you like (or upgrade to Dashlane’s premium version for a few dollars a month).
Dashlane has the advantage of being well-made, easy to use, and — at least for the basic, single-device version — free. So without further ado, here’s how to get started:
Go to dashlane.com and download the installer for your OS (either a .exe installer for Windows or the .dmg file for macOS). On Mac you can also install Dashlane via the Mac App Store, just be aware that you’ll have to use your Apple ID and password to download it. Install the app as you would any other app.
Start the desktop application. You’ll be given the option to open a new account — choose this one.
You’ll now be prompted to enter an email address and choose a master password. This step is very important. Make sure you pick a strong, unique password. Don’t pick something simple or reuse a password you’ve used elsewhere, which would defeat the purpose of a password manager! At least for the time being, write the password down and keep it somewhere safe if you think you might forget it. For security reasons, Dashlane never stores your master password … and they can’t help you get it back if you lose it. So don’t lose your master password!
(optional) At this point you’ll begin setting up Dashlane. If you’ve already stored some passwords in Firefox, Safari, Chrome, or another browser, Dashlane will first give you the option to migrate the management of some or all of these account passwords to your new password manager.
You’ll next be prompted to add Dashlane to your web browser as an extension. Do this now. Different browsers have slightly different procedures for adding extensions, so just do what you normally do to add an extension in your default browser, and be aware that you may have to click through an extra confirmation to make sure the extension is fully enabled.
Dashlane will now give you the option to go through a quick setup process, which includes providing personal details to automatically fill commonly used fields in online forms. You can skip this if you like.
You should now be able to log into your Dashlane “Vault” at any time by using your Dashlane master password. Your Vault is where you can see all of your stored accounts and passwords, fine-tune how they’re managed, and make changes to them.
You can add all of your accounts to your Vault manually, one by one, if you prefer, though for most people this will be fairly time-consuming. Thankfully, Dashlane will also prompt you to remember passwords for different accounts each time you log in to a site that it hasn’t saved for you yet.
Password managers are great tools, and the more you use them, the easier they are to use. So once you’ve gotten started with one, don’t stop! Just try to use it a little bit more every day, adding a new account here, changing a password there, and before long, using a password manager will be second nature to you. Remember that if you ever get stuck, Dashlane has an extensive knowledge base covering just about every possible scenario, so make use of it.
While the basic setup described above is enough to vastly improve the security posture of most people, password managers like Dashlane also offer other features which are worth exploring. Here are three things that you should check out once you get used to your new password manager:
Password Health Checkup
Consider using Dashlane’s Password Health functionality to see if you’re really using strong passwords on all of your accounts — and to check whether or not you’ve accidentally reused a password, or to see if one of your accounts has been caught up in a known data breach. This kind of insight into the quality of your various passwords is invaluable, and gives you a great opportunity to shore up any weak spots in your defenses before they become a problem.
Random Password Generation
And as you grow more confident with this technology, consider taking the real plunge and letting your password manager automatically generate long, random passwords for all of your accounts and services. Dashlane has a feature called Password Changer which can do this for supported websites with just one click. You can also use their Password Generator to get the same result manually on sites that don’t work with Password Changer. To do this, go to the password reset area of the account in question and in the “new password” field, click on the Dashlane icon to be given the option to automatically generate a random password.
Lastly, for really rock-solid password security, consider using turning on two-factor authentication for your Dashlane account. If you do this, you’ll need to log into your password manager with both your master password as well as an authenticator app on your smartphone. While this does add an extra step each time you log in to your password manager, it also means that even if someone gets hold of your master password, they still won’t be able to access your account.
Beginning to use a password manager requires a bit of effort and takes some getting used to. But it’s possible to get started in half an hour, and continue building your skills and confidence gradually. And the potential benefits are enormous.
For one thing, the headache of remembering and resetting passwords for multiple accounts is gone forever. And in terms of security, there are few better ways to protect yourself. If your master password is strong, your password manager is protected by 2FA, and your phone has a passcode or biometric lock on it, the chance of someone accessing your accounts will be vanishingly small.
That’s it for Cybersecurity New Year’s Resolution #1. We hope you’ll give it a shot. Feel free to let us know if you have any questions about the process. Next week, we’ll move on to Resolution #2 — so stay tuned!