Woman walking outside looking at phone

How a password manager can help you create and remember passwords

More than 60 percent of people surveyed said they reuse passwords across multiple sites1—a very dangerous habit—because they’re afraid of forgetting them. That’s reasonable: If you want to avoid password reuse, and want to use sufficiently complex passwords, remembering dozens of variations for accounts is an almost impossible task. One tool that can help is an encrypted password manager.

Password managers, which range from free to $60/year, generate unique, complicated passwords and fill them in when you log into a site from a computer or, in most cases, a smart phone (though phone use sometimes involves a few extra screen taps). Password managers stash your heavily encrypted password list either in the cloud or locally, behind a master password you create.

Of course, like all technologies, password managers are themselves vulnerable to attack, and can be hacked. “If hackers find a vulnerability in there, now they have the keys to the kingdom,” warns Don Boian, Chief Information Security Officer at Huntington. His advice: If you’re going to use a password manager, make sure it’s highly rated by the latest independent reviews.

"I would say do your research,” agrees Chuck Peirano, Chief Security and Fraud Officer at Huntington, “but there are some very good, highly encrypted technologies out there.”

If you choose to use a password manager, here are three tips:
  • Use it to replace all your current weak passwords. Yes, you’ll have to go through each site’s “change password” process, which can be a hassle, but you don’t have to do it all at once. Start with your most important accounts—banks, credit cards, email—then change a few a week to get through the rest.
  • Create a great master password and don’t forget it. Password managers require a master password to unlock your vault. Make it strong enough (using some of the rules in this article) so that even if your laptop is stolen it would take a long time for crooks to crack open your manager list. If you forget the master password, it can be tricky or impossible to recover, but don’t write it in your phone’s contact list or other obvious place. The worst-case scenario is that you’ll lose all your stored passwords and have to reset them on each site. That’s a pain, but less of a pain than dealing with a stolen identity.
  • Watch for “change password” advice. Most managers will alert you to a hack at a site where you have a login, and will prompt you to create a new password.

1 “The Psychology of Passwords: Neglect is Helping Hackers Win,” LastPass, Page 7.

Third-party product, service and business names are trademarks and/or service marks of their respective owners.