Finding The Hidden InfoSec Story

A Password Manager is Like an Accountant

– Do You Need One?

Having the same simple password for multiple accounts is one of the best ways to make an identity thief happy. That has been common knowledge for more than a decade, but people still disregard the advice of having long and complex passwords, a different one for each account, in favour of making their lives easier by using the same passwords over and over.

Companies have been trying to change this mindset in their customers and employees: More often than not, they nowadays require a certain length of the password and inclusion of numbers, capitals and/or special characters. Some corporate IT departments even require employees to change their passwords regularly – a practice that possibly does more harm than good when users resort to simple sequences or dates to include in their passwords, or just write the current password down on the infamous sticky note on the monitor or under the keyboard.

Still, even supposed you don’t change your passwords often, keeping track of several complex passwords, a different one for each account, is not easy.

A commonly recommended tool for dealing with the problem is a password manager, a  program that safeguards your passwords and automatically feeds them into login forms in web browsers and other clients. For this purpose, they store all of your passwords in an encrypted state. To decrypt them and enable the password manager to deliver them as input to your logins, you have to enter a master password.

The advantage of the password manager is that it facilitates the use of more complex passwords and different passwords for each account. The major caveat is: Do not lose the master password.

But do you need one? Having a password manager is bit like having an accountant: If you have a small digital footprint you just have an e-mail and an Amazon account), you can probably manage without a password manager and work with your memory and/or a slip of paper in safe keeping. Similarly, if you are a regular employee without any extra income or liabilities, having an accountant is most likely overkill; you would rather put in a little extra work to do your own bookkeeping and taxes.

If, however, you have five e-mail addresses, eight online shopping accounts, three online banking logins and six different social media profiles, a password manager will make your life easier without compromising security. Similarly, if you hold a position as an employee, but also make extra income on the side from freelancing, get some social benefits for parenting or invalidity and rent out your grandmother’s cottage on Airbnb, it might be useful to have someone else do your bookkeeping for you – it will save you time and headaches.

You are, of course, putting your eggs in one basket by having a password manager or an accountant: If the master password falls into the wrong hands – or if the accountant cheats you – your are worse off. But such is the nature of our increasingly complex world that sometimes we have to put our trust in something or someone we cannot entirely control.

Share This Post On