For Faculty Archive, For Staff Archive

Why you should use a password manager

You probably know it’s a bad idea to use “password,” your pet’s name, or your birthday as a password. But the worst thing you can do with your passwords is reuse the same ones across multiple sites. If even a single account is compromised in a data breach, no matter how strong your password is, hackers can easily use it to access your other accounts.

The average person has at least 50 passwords. Remembering strong passwords for that many sites is nearly impossible without resorting to some sort of trick. The best trick is to use a password manager.

A password manager is a secure, automated, all-digital replacement for the little notepad, sticky note, or unencrypted Word or Excel file where you might keep your passwords now. Password managers generate strong unique passwords for each of your logins, and store all of your passwords—and, if you choose, your credit card numbers, addresses, bank accounts, and other information—in one place, protecting them with a single strong master password. As long as you remember your master password, your password manager will remember everything else, filling in your username and password whenever you log into a site or app on your computer or phone.

While many web browsers have integrated password managers, those options are not ideal as they generally store passwords on your computer in an unencrypted form. This means someone could access your computer’s password files and view them in clear text. Using a dedicated password manager that stores passwords in an encrypted file is a far superior solution.

While ITS does not recommend any specific password manager, there are a variety of options available for little to no cost. Taking the time to install and learn how to use a password manager greatly increases your security profile and makes it easier to enter your credentials, especially on a mobile device.

Protecting passwords is a critical step in maintaining online security. Remember to never enter your login credentials on a website unless you have verified its authenticity. Be especially wary when clicking on links in emails that take you to sites asking for a username and password. To help you recognize fraudulent sites, ITS will continue to simulate phishing and assign training to those most susceptible. If you believe you’ve been targeted by phishing, see Reporting a Phishing Message (How-to).

— Chris Mielke, ITS