I’m not going to bore you with the same old argument of why you should be using a password manager, you probably already know this.
The major reason you’re not using one already is probably because you think it’s hard, or too much effort, or you just don’t know how to make the switch.
Well as someone who’s been using one for the last few years, let me tell you that it’s easier than what you’re doing now.
Remembering your current passwords sucks.
Do you feel a sudden tinge of anxiety when presented with a login screen?
“Oh crap, which one was this again?”
You try your usual password.
“Nope… then it must be the other one…”
You put in your old password you’ve been using since high school. That shorter one you know is probably not the greatest.
“Ah not that one either, OK, then it’s probably the one with the all the numbers and symbols in it…”
You enter it in meticulously, careful of every keystroke, sure that it this is certainly the one you would have used.
No?
Maybe you pressed the wrong key accidentally. Whatever…
“Screw it, I’m just gonna reset the password.”
You click that smug looking “hurr durr I forgot my password again” button, follow the link they emailed you and type in that same password you use everywhere. You set a new password. One you know you’re gonna remember next time for sure.
Using a password manager is easy.
If instead you were using a password manager, this is how that entire situation would go instead:
You press Ctrl-Alt-A.
You smile briefly as you watch your login details filled in automatically. It’s satisfying somehow. Briefly though, because it’s over in less than a second.
Setting up a password manager is easy.
There are many password managers out there. My strategy is to use one that I have full control over, can be used offline, in any app (not just a web browser), and on any device.
KeepassXC is (in my opinion) the way to go.
It’s free and open source, meaning you don’t have to trust one company to know what they’re doing or even exist forever. Hundreds of developers in the community keep it secure, and being a standalone program you don’t have to worry about some company staying profitable enough and keeping their servers online.
Whatever password manager you choose, the first thing you need is a master password.
This is the key to the kingdom, the one password that could grant access to your whole life.
It’s a big deal.
So you need to come up with a good one: The last and only password you should ever really need to know.
Coming up with a master password is easy.
Despite being a big deal, it is actually also easy.
A good password is a long password. Each character adds exponentially to the amount of time it would take to guess – as long as you don’t use real words.
Using real words is less secure than purely random characters because of dictionary attacks, so try be a little nonsensical. Pronounceability will help you remember it, so take your time to think of something unique.
At the end of the day the most important thing is length. Make it more than 15 characters at least, but don’t go too crazy.
Flourish it with a few numbers, symbols and uppercase letters. It might start to look quite insane, but you’d be surprised how easy it will be to remember…
Remembering your master password is easy.
Your new master password might look intimidating, but you’ll find that with one simple technique, it’ll actually become impossible to forget:
Repetition.
That’s it. That’s all it takes.
Did you ever have a school teacher with an impossible name? Mine was a Greek lady we called Mrs. A. But we couldn’t just write that on all our tests and assignments, we had to write her full name, and we had to write it correctly. To this day I can still spell Mrs. Anastopoulos better than I can pronounce it, all because I was forced to repeat it hundreds of times.
Every time you sit down at your desk, you’ll need to unlock your password manager. This simple act of repetition, a couple times a day, will make you remember your master password permanently.
In the first few weeks, make sure you unlock it every time you sit down, even if you don’t necessarily need to log in to anything any time soon.
If you’re using a password manager that will stay unlocked for hours, or based on connection to some nearby device, or lets you unlock it using a fingerprint, turn that shit off.
For now anyway. You need to type in your master password regularly for the first few weeks, or you will forget it.
I have mine set to lock after an hour of inactivity, but you should keep this shorter while you’re still trying to persuade those brain cells to remember your password.
I’ve been harping on to my friends and family about using a password manager for years, and the main reason I’ve seen them stop using their password manager is simply because they forgot their master password.
That’s a scary thought for sure, but it’s entirely avoidable using a simple strategy:
Making the switch is easy, but it’ll take time.
The other common hurdle to switching to a password manager is the thought of having to change all your logins.
But you don’t have to do them all at once.
The next time you need to log in to a website, don’t type in your old password, simply reset it and create a new entry in your database.
Never type in your old passwords ever again.
I mean that. Stop using them completely. Quit cold turkey, and you’ll naturally move over to your password manager over time. This will also force you to need to unlock your password manager a lot early on, and thus also help you remember your master password.
Using Auto-Type
This is the best part. Getting your computer to type in your passwords for you:
You can turn this setting on here:
Backing up your database and syncing to other devices
To make sure you don’t lose access to your whole life, you need to keep your password database file on some cloud service. I use Dropbox.
Don’t worry this is completely safe. The file is extremely well encrypted, nobody will be able to open it without also knowing your master password, or owning a time machine to travel a few billion years into the future (and back again) after brute-forcing it.
I also keep the portable version of KeepassXC in a subfolder on Dropbox next to my database to make it quicker to open on new devices.
On my phone, I use Keepass2Android Offline. The screenshots there are out of date, it’s actually quite nice 🙂 It supports fingerprint unlocks, auto-fill, and selecting the database file directly from Dropbox, which is all you really need.
TLDR:
It might be a little bit of a hurdle to make the switch, but the time and energy you’ll be saving by never having to remember another password again, and being vastly more secure as a bonus, is well worth it.