On the web today, there many different services we use. We use email, Facebook, GitHub, Google, Twitter, dozens of various services. Each of these require their own username and password.

We're told, of course, to use a different password for each account. Only 70% of us, however, actually do so. How are we supposed to remember a dozen random passwords, each different? Traditionally, we use the same password for each, perhaps with slight differences. This makes it very easy for hackers to get into your accounts.

There are very few common remedies for this - there's ways to check if you've been hacked and multi-factor auth, but most peoples' response is to either write sticky notes of passwords, or ignore the problem altogether.

This does work if you don't [leave your passwords lying around]( {{ site.baseurl }}{% link /assets/password.jpg %}). It is inconvenient, however, and doesn't scale to a large password database. What you should be using is a password manager.

Password Managers

A password manager is an easy way to keep track of passwords. It can be anything from an encrypted Excel Spreadsheet to your browser's builtin manager. It takes one 'master password', and in return keeps track of everything else for you. There's no need to remember multiple passwords, it's easy to meet any complexity requirement, and it doesn't matter how often you're required to change your passwords (which is bad practice, by the way.

What to use

Wikipedia has an extensive list of password managers.

When choosing a manager, you should consider several things:

  • What features are you looking for? What would be a dealbreaker?
  • How much security are you looking for? What is your threat model?
  • How much convenience are you willing to sacrifice?

I recommend Keepass because it

Once you start using a password manager, you can start using passwords like W(xv|u7N''fAs,{t|J for all your accounts.