Tech View: Password managers are crucial for account security

You have a weak password. I’m sorry, I shouldn’t assume that, but research consistently shows that the average person uses an easily guessed password and — even worse — uses that password for more than one (or all) of their accounts.

The combination of weak passwords and reused passwords creates a security hole big enough to drive a bus full of hackers through. And if you do reuse passwords, all you need to do is type your email address into HaveIBeenPwned.com to see just how exposed you are. (HaveIBeenPwned.com is a wonderful resource to check whether your information was included in a data breach, and chances are it has been.)

Remembering passwords is hard, to be sure. That’s probably why you use a simple one — perhaps incorporating your birth date or your pet’s name — for many of your accounts. Or why you write it down on a Post-It note tucked under your keyboard or just stuck on your computer monitor. You know you shouldn’t do these things, but security and convenience are at opposite ends of a spectrum, and people always choose convenience.

The triumvirate of security measures is something you know, something you have and something you are.

Biometrics — something you are — have become so successful in consumer technology because they’re convenient. Biometrics switch the keys to the kingdom from something you know (passwords) to something you are (fingerprints or facial scans), so you don’t have to remember anything or carry another key.

How can we take advantage of the convenience of biometrics on our smartphones and apply it to more conventional account logins? The solution is to use a password manager.

Don't miss out on what's happening!

Stay in touch with top news, as it happens, conveniently in your email inbox. It's FREE!

By clicking to sign up, you agree to Star-Advertiser's and Google's Terms of Service and Privacy Policy. This form is protected by reCAPTCHA.

Password managers are not new and most people know they exist. And once people start to use them, they grow to love them because not only do they help increase security and privacy across the board, but because they make logging into different systems incredibly easy. The barrier is taking the step of installing one, which can be intimidating.

Here’s a modest proposal: Try using a password manager for just one corner of your digital life. Start with your financial accounts, for example, or accounts you use at work. (Your information technology team will thank you.) Change just those passwords to something stronger, rely on your password manager to remember them and see how you feel after a month.

My prediction is that you’ll have all of your passwords upgraded and safely stored by then.

There are a lot of password managers out there, and if you stick with any of the major players, you’ll be fine.

KeePass is free and open-source but a little rough around the edges. Keychain is built into Apple devices.

LastPass is owned by LogMeIn, a popular remote access service. Dashlane offers a reasonable balance of simplicity and flexibility.

My password manager of choice is 1Password. It’s available for all major platforms (PC, Android, Mac, iOS) and is both elegant and powerful. It has helped me step up my security game across the board.

1Password is so much more than a list of passwords on my phone (which is where I started, years ago). It shines especially bright on the web, where browser extensions make it one-click easy to fill in and submit login credentials. 1Password also suggests passwords, and you can adjust them to be as complex as you like, from total length to the count of letters, numbers and symbols included. If a service supports token-based two-factor authentication — a constantly changing set of numbers to enter along with a password — 1Password can generate those, too.

Everything is secured behind a strong master password or biometrics, and kept in sync among computers, laptops, phones and tablets. There are even team features, so I can share sets of passwords with different departments and co-workers at the office.

Though advanced features are not free, the benefits are priceless. Indeed, the typical ways businesses store and share account passwords is so risky, I dare not even describe them.

Whether you use 1Password or LastPass or KeePass or Dashlane, use something. Achieving both security and convenience is not impossible, and worth the effort.

Ryan Ozawa is the communications director for local tech company Hawaii Information Service, and a lifelong technologist. You can follow him on Instagram and Twitter at@hawaii.