Thing 2: Password managers

There are many commercial and free password manager applications which can help you organise your passwords and stay secure.

Three common examples are:

• LastPass
• Dashlane
• 1Password

PC Mag UK has published a comparison of these and others on their website. It’s important to consider your own requirements from a product before making your decision on which one to choose.

If you want to, you could spend an evening adding all your online accounts to your new password manager. But adding your accounts to a password manager as and when you login to them is a less intensive task and means the accounts you access most frequently will be the first to be protected.

Since you no longer need to memorise your passwords, you can make them very long and very complex. Like this:

@YIrvwSD1II#hmjFRTVXK&Q$^KZyrYRx

This 30 character long password would take a computer about 206 quattuordecillion years to crack it according to howsecureismypassword.net.

Most password managers will generate these random and unique passwords for you whenever you create a new password or change an existing one.

Depending on which password manager you choose, you’ll have a range of extra features that can help you manage your online accounts and password hygiene. These might include:

• Password generator – A tool that creates random and complex passwords.
• Autofill – A feature that enters your details on login pages and apps automatically.
• Sharing – The ability to securely share a password securely with other people.
• Secure storage – A space to add notes or files that will be encrypted and stored for you.
• Weak password warnings – You will be warned if a password used on one of your accounts is weak or has appeared in a known list of stolen passwords.
• Old password warnings – You will be warned about passwords that have not been changed for a long time.
• Duplicate password warnings – You will be warned if you are using the same password across more than one of your accounts.

Whether you're using a standalone password manager or a built-in one, it is important to keep the password manager account secure because if someone can get into this then they'll know all your passwords and associated accounts. You also need to take steps to make sure you can always get in yourself, so you don't lose access to all your passwords.

The NCSC strongly recommend that you:

• Set up two factor authentication (2FA) on the password manager account. If you have the option, set up more than one type of second factor so you have a backup plan to get into your password manager account.
 
• Install updates for your password manager app as soon as you're prompted to update. If you're using your browser, always make sure you are using the latest version and you keep this up to date.

Choose a strong password for the password manager account by using three or more random words.

If you're using a built-in password manager through your browser or device, it may be protected by one of your existing accounts. For example, passwords saved in Apple's Keychain are protected by your AppleID, and passwords saved in Google's Chrome browser will be protected by your Google (or Gmail) account, if you have logged in. Again, make sure that you are using a strong password and 2FA for these.