How to Use a Free Password Manager—and Make Your Logins Safer
Start by saving a few logins in your browser’s built-in manager—and always turn on two-factor authentication
By Nicole Nguyen FollowJan. 16, 2022 9:00 am ET
Some of my old usernames and passwords are floating around the internet, and maybe yours are, too.
After repeated notices of data breaches at websites, some I haven’t visited in years, I decided to get serious and use a password manager to create unique, unguessable passwords for each of my accounts. They’re so complex I don’t know what most of them are.
To find out if your credentials are exposed, plug your email address into Haveibeenpwned.com, a website by security expert Troy Hunt, to reveal which breaches contained your data. It doesn’t ask for your passwords (and you shouldn’t give them out to random sites anyway!).
Hackers commonly employ an attack called “credential stuffing”: They take usernames and passwords leaked from one breach and enter them at other sites in the hope that people reused them.
This is why security experts always say don’t reuse passwords, especially those for important logins like your bank, your email and your work accounts. But it also means you’ll quickly end up with more passwords than you can remember.
A full-featured password manager is a good idea, but setting one up can be time-consuming, intimidating and sometimes costly. So, as someone who’s gone through the process for myself and several family members, I am recommending cybersecurity newbies start with the fast, free versions baked into the smartphones and browsers they already use.
The Best Password Manager for You
A good password manager:
• Creates strong passwords
• Stores login credentials
• Autofills usernames and passwords
• Protects your data
• Lets you export credentials if you want to switch managers
I generally recommend independent services such as Dashlane and 1Password, because those apps work better across different platforms and have more features. However, a good fit for less tech-savvy folks are Apple’s AAPL -2.10% iCloud Keychain and Google’s GOOG -0.47% Password Manager. They’re free, there’s nothing to download, and they are integrated with software people already use. Plus, they can generate new passwords and send alerts when a password has been compromised.
Even Gary Orenstein, chief customer officer at the open-source password app Bitwarden, agrees: “Using any password manager is better than not using a password manager.”
Just remember, iCloud Keychain is for people who live mostly in Apple’s ecosystem, and Google’s Password Manager is for people who use Chrome or Android for most of their internet activity.