I feel bit late to the password manager trend, mostly because I am. It seems that everyone hopped on the bandwagon years ago.

If you don't exactly quite know what a password manager is, here's a quick primer from Wikipedia.

Ever since password managers started to gain mainstream popularity, I had some idea of why they were fantastic and great, but I still had some reservations in completely depending on one.

Notably the following:

Convenience

  • How would I quickly log in to all my accounts on non-primary computers?
    I'd only really have a few choices...
  1. Enter my generated password for an account by hand manually (ick!)... Randomly generated passwords aren't the easiest things to type by hand.
  2. Access my password manager on the secondary computer... Which I may or may not fully trust with my master password. That also takes time, something that I might not always have.
  3. Find some other method to get my generated password for the account to the secondary computer (Pastebin? Email? iMessage?)... That also takes time and coordination, and exposes that single account password to a medium that I might also not fully trust.
  • How would my workflow change?
  • Will the potential loss of convenience hinder my workflow in any way?

Security

  • What happens if my master password becomes compromised?
  • Anyone who knows me personally knows how obsessive I am over using strong passwords, but hey, things still can happen right?
  • What happens if I lose access to my password manager? Or worse, forget my master password?
  • Whelp, I'd be screwed.

Sync

  • How in the hell am I going to manage all of my passwords across all of my devices?
  • Also, how will the added convenience of syncing across devices affect security?

And last, but not least (this was honestly one of my biggest worries)

Feeling Out of Control

  • Not in the sense that I start going crazy with passwords but instead with the fact that I'm trusting single entity with all the keys to my digital life. That's kinda a huge commitment, one that shouldn't be taken lightly. I like to know that I'm in control of everything in my digital life (including my passwords), and when you have some password manager randomly generate one for each of your accounts, it kinda takes away some of the feeling of control that I had.

Then, last December, we found out that Yahoo previously got hacked... Big time.

Yahoo mandated password changes, and it was as I was changing my Yahoo password that December evening that it hit me.

All of my worries over password managers were superficial. Each and every concern had a
somewhat reasonable solution that I'd be stupid not to consider.

Let's go over what I realized about those major worries I had...

Convenience

  • How would I quickly log in to all my accounts on non-primary computers?
  • For me, this happens way less frequently that I imagined. When it does come around, depending on the site, I just bite the bullet and type it manually, or find some way to get it to the computer I want to sign in on (usually a private Pastebin). It's only the password for a single online service, and I can always regenerate it if I'm overly paranoid that it might have gotten compromised from Pastebin in some way. Overall, this isn't the way I'd like living with a password manager to be, but that's one of the downsides of making the transition to one.
  • How would my workflow change?
  • It hasn't. In fact, it's made my life easier. I login once, and my password manager fills in my username and passwords automatically in my browser and somewhat automatically on my phone. It's great actually. The only place where my workflow has changed is when I'm logging in to secondary computers (and I just address this above).

Security

  • What happens if my master password becomes compromised?
  • What would have happened if the one password I had previously everywhere got compromised? I was basically using it everywhere. It would have only taken one hack to some large online service for my password to be out there in the wild (hopefully at least hashed). It'd literally result in the same thing. At least with the master password for my password manager vault, the attack surface is much, much smaller, as I'm only using that master password for one thing — to unlock my password manager.
  • What happens if I lose access to my password manager? Or worse, forget my master password?
  • Give yourself a contingency plan. I have my entire password manager backed up (and encrypted) locally, and I've given a copy to my family to keep at home. Sure, it isn't kept up to sync with my main one, but it's a backup, and it's better than nothing. If something happens to the password manager company I use tomorrow, and they go out of business, I'll at least know that my data is other places, safe.
  • If I forget my password manager password, things get tough. Unlike forgetting the password I had previously used everywhere, resetting my master password to my password vault is tricky, very tricky. Your password vault is encrypted with your master password, and forgetting it means that you've basically locked yourself out, forever. I feel confident enough in my memory to remember my master password, and given that I type it in almost everyday, I'm not counting on forgetting it anytime soon.

Sync

  • How in the hell am I going to manage all of my passwords across all of my devices?
  • Depending on your choice of password manager, this is already done for you, usually handled by the company or people that develop it. Some password managers also have you deal with syncing yourself, leaving you to rely on something like Dropbox or Google Drive to get your password vault between all of your devices. As for security, sure you're basically trusting a company, or digital service with your password vault, but it's encrypted, and not very useful to hackers if it's compromised without your master password.

Feeling Out of Control

  • I don't really feel any less out of control than I did before I migrated to a password manager. I can see all my randomly generated passwords in my vault, and change them quickly if need be. I'd say in some ways, I actually feel more in control. I don't find myself wondering which variant of my previous password I used for a given website, or meeting strict password requirements, it's all taken care of, and it really puts me at an ease of mind.

After addressing all my concerns, I felt pretty stupid for not making the move earlier.

Now, I just had to make a choice, which password manager should I choose?

I evaluated most of the major contenders, and a few open source variants too.

Eventually, I ended up picking LastPass. Their free tier is basically anyone could want from a good solid password manager. It's a way to see if you like using it without much commitment. After a month of using it (and trying out many more to see which I liked best), I don't ever see myself going back to how I handled things before.

I'm not here to advertise or endorse one specific password manager, that totally a decision you should come to based on your own research. No matter which one you decide to go with, just know that you're taking the next step in securing your online life, much like you'd secure your house, against people and entities that don't have your best interest in mind. That's important, because as more and more of our lives go online, securing your digital life is necessary to protect not only yourself, but the ones you love.

Dashlane (another major password manager company) has written an excellent blog post very similar to this one (I didn't steal inspiration from them, I swear) and it's worth a good read.