Criminals crack passwords by quickly checking combinations of words from a list, including words with simple letter-to-number swaps (such as 0 for o, or 3 for e). A strong password is free of such words, and ideally includes punctuation and numbers too.
However, even the strongest password can be compromised if a website is breached. That’s why you should use a unique password for each site – if someone hacks an online store you used once, you don’t want them to have access to your email as well.
So strong passwords are hard to remember, and you need lots of them – which is where a password manager comes in.
What is a password manager?
At its core, a password manager is a virtual vault containing all of your passwords, either in the cloud or on your device.
They often work with web browsers to automatically enter your passwords into login pages. They can also help you by generating a unique and complex password for each new site you log into.
Most passwords managers work on both computers and mobile systems.
Also known as 2FA or two-step verification, this security method adds a second kind of identity check before you can log in.
The most common types of two-factor authentication are:
- a secret code or PIN sent to you by another means, such as text message – even if someone cracks your password, they need your phone to complete the break-in
- a physical biometric, such as fingerprint or face recognition
- a passcode stored on a physical object, such as a memory card or USB drive
Some password managers use a specific type of two-factor authentication, which locks your vault so only devices you’ve previously approved can gain access.
Vault master password
Even with a password manager, you need to remember one master password that gives you access to all of your others. But what happens if you forget the master password?
Some password managers provide hints to help you remember. A few offer a reset option, but that’s a security risk if not handled very carefully. You may be forced to wipe your entire account, including all passwords, and start again.
Your master password should be strong but also memorable, since forgetting it can be such a hassle. Try to base it on a phrase you can easily remember, such as a line from your favourite song, but make it more complex by including punctuation, numbers and both upper and lower case letters.
Here’s a breakdown of some of the jargon involved with password managers.
Cloud storage: A “cloud” is a network of servers accessible through the internet. Google Drive and iCloud are examples of cloud storage services. Most password managers have their own clouds for storing your data.
Synchronisation: This is how your password vault is updated and maintained when something changes. Online sync means your passwords are synced with a vault in a cloud. Local sync means your passwords are synced between your devices on a home network.
Browser: This is the program your computer uses to access the internet. Examples are Chrome, Safari and Firefox. We recommend you regularly download any browser software updates, to maintain security.
Operating system (OS): This runs everything on your device. The most common operating systems are Microsoft Windows and Apple macOS on computers, and Google’s Android and Apple’s iOS on mobile.
In-app browser: Some password managers open a browser inside the app, instead of launching your regular browser (for example, Chrome or Safari). In-app browsers avoid features like bookmarking and storing history for security reasons, which makes them less convenient.
Secret question: Some sites offer “secret questions” for logging in or recovering your password. Examples include “What was your first pet’s name?” or “What is your mother’s maiden name?” They’re often guessable – especially through your social media presence – so try to pick the question with the least obvious answer.
Secure password sharing: This allows you to invite another person, such as a family member, to use your password. They’ll usually have to install the same password manager on their device first.