Why Do I Need a Password Manager?

This seems like a trivial question, but you’ll soon realize that it’s a very important issue. The days of having your dog’s name for the one password to get you into everything are long gone. Now days, you need complex passwords, and you need one for every site.

The idea of a “strong” password consists of the following conditions:

1. At least 8 characters (longer is better)
2. Combination of upper-case, lower-case, numbers, and symbols
3. Does not consist of “Dictionary words” or easy to guess words
4. Not used in more than one place
5. Not publicly known to anyone (Don’t use your pet’s name, if you blog about the dog).

So, just by having a password for every site, you realize that it will become impossible to keep track of them all. This is where a password manager comes in.

A good password manager will use an encryption that is hard to break. The Blowfish encryption is one of the toughest out there. The program will have one password that you need to remember, in order to get into the vault. And it will allow you to create your own passwords, as well as have a generate feature that creates them for you. The rules for the generate feature should be customizable, depending on the allowances or requirements of the site that you’re creating a password for. Also it should allow you to "remember" the master password for a short period of time, so you don't have to reenter it if you're visiting a few sites that require passwords. However, you shouldn't have it set for more than 30 to 60 minutes (or less if you're on a corporate computer).

Some of the password managers that I’ve used are RoboForm, PWSafe, KeePass, and the one that was included in Norton’s Internet Security. Since I haven’t used any Symantec products in the past few years, I’m not sure if they still include the Password Vault. But there are a lot of managers out there. Some nice things are, you can start with one, and either export the passwords so you can import them into another one, or just quit using the first and start with the second. I do not suggest using your web browser’s built-in password manager, as everyone knows where those are stored and there are a variety of programs that will get the passwords from them.

You can find some reviews of password managers at http://www.brighthub.com/computing/smb-security/reviews/39203.aspx and http://www.brighthub.com/computing/smb-security/articles/1744.aspx.

You can find more information about what would be considered a good (strong) password at http://www.us-cert.gov/cas/tips/ST04-002.html.