Windows 1
Protect your online account
May 2019 | |^51
Password managers offer a Windows
app and browser extensions to make it
easy to copy and fill in login details
without having to type anything. They
should offer apps for all your devices –
includingphoneandtablet– and
robust security, so if there is a breach,
your data remains encrypted and out
of touch. A good password manager
should also provide alerts to data
breaches, and offer various tools that
can help you target any weak and
reused passwords.
We recommend one of three
password managers, according to your
needs and budget. Have I Been Pwned
endorses 1Password, which costs
around $36 (£28) a year for a single user
or $60 (£47) for families, and can be
downloaded from https://1password.
com. It certainly checks all the boxes –
we like its Secure Desktop mode, which
runs 1Password in an isolated process
to keep it out of reach of any
keyloggers – but it is expensive.
LastPass (www.lastpass.com) has
generously made all of its core
functionality free, and we love its
security audit, which makes it easy to
spot and update weak and breached
Create a new account following our
advice to set a strong master password.
This is also a good moment to consider
adding two-factor authentication (2FA)
to your password manager – see the
box on page 53 for why and how.Update weak passwords
If you’ve set up a password manager for
the first time, you now have to log in to
each account individually – when
prompted, allow your password
manager to save the password in its
vault. Next, locate the section where
you can update your password –
typically under Account or Settings.
Use the password manager’s random
password generator tool to create a
new random password – the longer the
better. Use a mix of upper and lower-
case letters, numbers, and (if allowed)
symbols. In short, make it impossible to
remember. Copy this to the clipboard,passwords. But its Firefox extension is
rubbish, and the data breach it was
involved in still rankles, even though
user vaults remained encrypted and
out of reach.
We’re personally currently using
Bitwarden (www.bitwarden.com). It’s
a little less developed than the other
two, but catching up fast. It’s open
source, most of its functionality is
completely free, and its Premium tier is
just $10 (£7.66) a year, which unlocks
various reports that can identify weak
and compromised accounts.
Whichever manager you opt for, they
all work in a similar way. Install
the browser extension to access your
passwords through your browser. A
desktop app is also available, but not
strictly necessary. Some features in
LastPass and Bitwarden are also
restricted to access through your
web vault in a browser window.Read in depressing detail where your
email address has been compromised.Identify and update exposed and weak passwords with LastPass’s Security Challenge.Find out which of your passwords have been
breached at Have I Been Pwned?