2.4 Installing and using a password manager
This section is part of the amber and green pathways.
Alternatives to a browser’s password management are dedicated password management applications.
Before choosing any product to manage your passwords, you should make sure that it meets your requirements – in particular:
- Is the software available for your computer?
- Does it manage passwords on one machine or more than one computer?
- Can it synchronise passwords between multiple machines?
- Does it have a good reputation?
Check that the password manager software has a good reputation by making sure that it has been evaluated by a reputable organisation. Don’t depend on anecdotal evidence.
Some examples of password manager applications are:
- is available for a range of operating systems, including mobile devices. It can generate and store passwords, and manage them across multiple devices.
- 1Password is available for Windows and Mac computers as well as mobile devices running iOS, Android and Windows Phone. As well as generating and storing passwords, 1Password can be used to hold other confidential documents. It offers password synchronisation through the free Dropbox cloud service where encrypted copies of all 1Password data are shared between your machines.
- KeePass is available for Windows, Mac and Linux operating systems. It is an open source password manager, which makes it easier for security experts to check its program code and identify potential security problems.
The protection offered by a password manager is only as good as the password you select to control access to it – the ‘master password’. Therefore, make sure to select a long, hard to guess password – ideally a phrase or combination of random words. This will prevent attackers from getting access to all of your passwords, even if they steal the password store from your machine or an online password system. For example, in June 2015 attackers were able to steal a large number of password stores from LastPass, putting those users with very weak master passwords at risk of having all their passwords used by hackers.