What is a Password Manager?

Password Managers store your passwords, along with the usernames and web addresses they are for, as well generating new, random passwords. By storing the official websites into your Password Manager, you can access them directly from the manager, rather than clicking on links or risking typos that lead you to phishing (fake) websites.

Where do I get a Password Manager?

Password Managers are available on Google Play or the App Store and can attract a cost. Some also have a free version, with certain limitations (so you can upgrade to a paid version if you like it and access all the features). Others are always free without limitations.

Always do you your research, read reviews, and search online for the name of the Password Manager you are considering to see what others are saying.

‍

Are Password Managers safe to use?

Password Managers are as safe as you are with your online activities. IDCARE recommends Password Managers that have multi-factor authentication (such as requiring username, password and code) and can limit specific device usage. This means that the Password Manager can only be accessed using a specific device or devices that you have authorised.

The benefits of using a Password Manager include ensuring that you have variable passwords and complex ones that you do not have to remember. Remembering passwords is one of the main reasons people use the same password for several different accounts. Using the same password is also one of the main reasons why online accounts are vulnerable to being hacked.

Be careful about where you store and how you store your recovery keys and codes to your Password Manager. If you don't protect these, then "the keys to your Kingdom of passwords" can be at risk. It is really important to store the key safely and not to share it with anyone. If you lose the key and forget your master password, it is often impossible to access your Password Manager again.

‍

How do I choose a Password Manager?

Choose a Password Manager that you find easy to use.
Make sure that you login and download the software from the legitimate site.
Look at all the services that the Password Manager provides, and choose the one that best suits your needs.
Take advantage of the free trial periods, so that you can make sure that you are comfortable using the product and give yourself time to get used to it. If you don't think you have chosen the right Password Manager, export the data you have saved there so that you can put it into the next Password Manager you trial.

‍

Starting with a Password Manager

Try before you buy (or commit). Most Password Managers will allow you to export your saved data and import data from other Password Managers. If the Password Manager you are considering using doesn't allow this, then you may find it difficult to change to another Password Manager down the track.

When you first choose a Password Manager, you will need to create a master password to access your account manager. This is your most important password, so make it something easy for you to remember, but hard for anyone else to guess. Suggestions for this type of password include using a combination of phrases and numbers that are significant to you (but not someone's date of birth!), and a favourite symbol that you will remember. For example, you could use a combination of your first postcode, your best friend's nickname from primary school, the last four digits of your partner's phone number, and your favourite drink at the pub or coffee shop, with a random symbol at the end.

Make sure you also set up multi-factor authentication, so you need both your password and that extra level of protection to access your Password Manager. This could be using facial recognition on your phone, SMS verification codes, or codes sent to an authenticator app.

‍

I've chosen a Password Manager to trial. Now what?

Start putting your passwords into it. You can do this by manually entering them into the Password Manager, or as you log in to each website your Password Manager will ask if you would like to add that site and login details to your Password Manager.
As you enter more and more passwords, you might see a warning appear telling you that you have used that password somewhere else, or that it is not a strong password. In either case, that is the time to update that password so that it is both unique and strong.
Some Password Managers will also alert you if there is a two-factor or multi-factor authentication option for each of your stored services, and remind you to set this up.
Password Managers may also let you know if your username or password has been involved in a data breach. If so, change your password, just to be safe.
Check out your Password Manager's autofill options. Sometimes this is only for autofilling the login credentials (so you don't have to click "copy" to enter that auto-generated password). Or it may also have autofill options for online forms, so that you don't have to fill in your personal information every time.

Remember, whatever Password Manager you choose, it is only as safe as your online activities. Never share your master password, master key, or verification codes, no matter how legitimate the request seems. Always make sure you are using legitimate websites or apps before entering your username, password, verification or other personal information.

‍

More information

IDCARE offers a wide range of Fact Sheets and information related to cyber security and identity protection. Please see some of our other Fact Sheets for more information.

For additional support or information, contact IDCARE by submitting a Get Help Form or call 1800 595 160 (Aus) or 0800 121 068 (NZ).

Disclaimer

Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:

IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. IDCARE is a not-for-profit and registered Australian charity.
The Services provided do not constitute legal advice. IDCARE recommends that you consult your own legal counsel in relation to your legal rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
While every effort has been made to ensure the accuracy of the content provided, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of the Services which might otherwise be binding upon IDCARE are excluded.
IDCARE’S liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limited liability for any negligent act or omission, or statement, representation or misrepresentation of any officers, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed or not performed as a result of any recommendations made in the course of providing the Services.
If you would like to provide feedback please use our Feedback Form.