Last updated: July 18, 2020
Why do you need a password manager?
Password managers are regarded by security experts as the most secure way to protect your online accounts.
For more information, see one of the many articles in reputable publications about why password managers are important:
- New York Times (see also this)
- The Guardian
- Wall Street Journal (paywalled)
- Wired in 2016 and again in 2020
Which password manager should you use?
As of March 2019, The Wirecutter recommends:
Both are cross-platform and have been around for a number of years. I have used both, but prefer 1Password’s interface. As of May 2017, security expert Thomas Ptacek recommended 1Password.
LastPass has both free and paid plans; 1Password is paid only and costs a few dollars per month.
You may run across some concerns (article from March 2019) about the security of LastPass. I am not aware of similar concerns about 1Password, but a security issue may be discovered at any time. If you are concerned about security, read Password managers don’t have to be perfect, they just have to be better than not having one by web security expert Troy Hunt.
If you use Firefox’s password sync mechanism, you can get a free, lightweight password manager app for your phone called Firefox Lockbox.
You should also use two factor authentication (2fa)
See this NYT article for more details.
2fa is especially important for your email account. Don’t use an email provider that doesn’t support it. Both Gmail and Fastmail support 2fa.
Avoid 2fa over SMS if possible
See this article for why (it’s about cryptocurrency but it could apply to anyone).
A lot of websites that support 2fa use the TOTP standard, which involves scanning a QR code with a 2fa app and then entering in a 6 digit code from your 2fa app along with your password when logging in for the first time on a device. Common 2fa apps that support this standard include:
Some websites and platforms use their own app for push notifications for 2fa: