Use a Password Manager
Password managers have been around for a while, but I've been skeptical about using them and was turned off to the recurring billing model (more on that later).
I didn't think the tool would provide me with enough benefits to be worth it. Boy was I wrong!
Too many password breaches
This was a big reason for me to get on board. Using a password breaches website, I found that I had a lot of affected accounts.
I can't say that I always used a unique or super strong password in those cases either.
In my opinion, password breaches will continue to happen, potentially at a higher frequency. At the same time, I will continue to create new accounts, so I felt like using a password manager was a much better strategy going forward. Here are some of my affected accounts, with my remediation steps.
- Adobe: changed password
- Dropbox: changed password
- Gawker: Gawker is dead
- GeekedIn: changed github password
- Last.fm: changed password and deactivated account
- tumblr: found that no account was associated to email anymore
- livingsocial: delete cards, changed password
- Yahoo!: I had 2 accounts, I changed the password on each use their account termination feature
- LinkedIn: changed password
- Target: changed password
Too many accounts
I regularly use 50+ accounts for personal use online, and it was just overwhelming to try and invent a unique and strong password for each site, and to type it in. For work, we also rely on many third-party web services. Although our team uses a password manager for many of these services, there are still a handful of work specific individual accounts I need, and in some cases the passwords need to be changed regularly.
I used to get hung up on the recurring billing model for a password manager, preferring to be billed once. But it occurred to me recently that recurring billing makes more sense given the software development and maintenance costs 1Password incurs. Over the years, they've regularly added support for new devices, and platform specific features like fingerprint authentication (Touch ID). All of my 1Password content is synced between those devices, and I continually add new accounts at the same price.
Biometric Authentication and Convenience
Typing long passwords is not fun! Biometric Authentication, currently limited to fingerprints, but with the potential for other methods like facial recognition in the future, are a game changer. I can securely authenticate myself in a convenient way, but still provide a unique and strong password to each account with a couple of taps and clicks.
Migrating to a Password Manager
I created all my accounts manually in 1Password. Primarily I harvested the account details from Google Smart Lock, which is built in to Chrome, and had most of my accounts details.
Wirecutter published Password Managers Are for Everyone—Including You which does a great job of comparing the options. Check it out.