It seems that I have a ton of sites I visit that require passwords, and it may be that I’ve been lazy about selecting passwords for those sites, using the same password on a lot of them. I’ve heard that this isn’t a good idea, and the recent Heartbleed scare really made me rethink my policies. I’d like to create unique passwords for each site, honestly, but I don’t have the time or patience to both create and remember all the unique passwords. Surely there must be a tool or web site that can make this easier?
We could not possibly stress enough how important it is for you to maintain unique passwords, different for every Web site that you visit, and we’re certainly glad you’ve asked this vital question. We’ve written previously about password manager applications, that is, applications that can maintain all your passwords and fill them in on sites, as necessary. Using one of these applications, you need only remember a single password to log into the password manager—it does the rest of the work, maintaining the passwords and logging you into each site you visit for which you’ve stored a password using the application. The four most popular password-managing applications are LastPass (http://www.lastpass.com), 1Password (http://www.agilebits.com), Dashlane (http://www.dashlane.com), and PasswordBox (http://www.passwordbox.com). You can find a comparative review of these products from Wall Street Journal here: http://goo.gl/xtO16V. Another favorite, although not rated as highly, is RoboForm (http://www.roboform.com). We’ve tried all these applications over the past few years. Specifically, Ken recently spent a month with Dashlane after several months with LastPass. His opinion? Dashlane is certainly more attractive and easier to manage, but LastPass seems less intrusive and (once you get the hang of living with it), more reliable. All these products are available for Windows, Mac, and mobile platforms, although Windows Phone isn’t supported by all the products.
All the password managers provide browser add-ins, so they can intercede when you create a new password, or need to log into a site. Each application provides a means of storing passwords, and each provides a means of filling online forms with information such as your name, email address, credit card information, and so on. Once you set up the information in these tools, you should (in theory) never need to drag out your credit card when making an online purchase; you shouldn’t even have to type your address when purchasing from a new vendor.
But the question at hand was aimed at creating new, safe passwords. All these tools, of course, include functionality to help you create and manage unique passwords for every site. Having tried them both, Ken can verify that both LastPass and Dashlane provide a means of analyzing your existing passwords, and can tell you how many sites you have set up that share the same password. They can also indicate the strength of your passwords (the longer and more complex the password, the stronger it is). All the password manager applications provide a means of creating a new, randomly generated password for any site, and once you let the application create the new password, it can store it and supply it the next time you log into the site.
Ken recently embarked on a quest to replace all his existing “simple” passwords with new, random, complex passwords. He started the quest using Dashlane, and for the most part, the process worked reasonably well. Problems occurred at times when DashLane attempted to replace an existing password with a new one in its own storage—many times, Ken ended up with duplicate entries for the same site, leading to some serious confusion. He continues the task currently with LastPass, and is finding the number of misfires less than with DashLane. Your experiences may differ, of course.
In any case, if you find that you use the same password on multiple sites, it’s time to consider changing your ways. Most importantly, on your email and bank account(s), make sure that you use a unique password for each site. In other words, for email and banks, make sure you select a password that’s difficult to guess, and is significantly different for each site. (And never consider using one of the passwords listed on this description of the 25 most popular passwords: http://goo.gl/mzjBWy). Check out LastPass, DashLane, 1Password, or one of the other available password managers. Plan time to grow accustomed to the way the application works—it will certainly be intrusive and bothersome at first, but it will save you time, and most likely, your online identity, if you use it correctly.