Advent of Security: Day 5 - A Password Manager
On the fifth cyber-mas day my true love gave to me: a Password Man-a-geeeer a clean file-tree an antivirus scan, a key rotation and a clean cache with no more cooooooo-kiiiiiiiiiiiiiies
the Role of a Password Manager
I cannot overstate the role of a password manager in your digital hygeine. To have a password manager is to know what accounts you have in your digital life. It is the method by which you can purge the compromized and heal the weak.
Most password managers will provide you with a secure, encrypted way to store
- A password
- A username
- The service to which it is associated
- Notes
And will also help you assess weak passwords. In IT, the greatest barrier to organizational security is observability, and the principles apply to individual digital hygeine as well: if you don't know it is there, then you can't protect it.
Once you know the accounts you have, you can clean up accounts you don't need (which you should most likely delete) and change your information on sites that get compromized.
Using a password manager as a family
I suggest (strongly) that a family keep a unified password manager. If you don't trust your family enough for this, well, you have other problems... Keeping a common interface for you to identify your accounts helps prevent leaking information about you and your family to companies and technology that would abuse it. You don't need three WalMart accounts, that informs WalMart that there are three people in your household!
A password manager also provides a clean way to share accounts between you and your { spouse, child, babysitter } so that everyone can get access to the most important digital tools easily.
Links
A few password managers:
- GNU
pass - Passbolt
- LastPass
- BitWarden
- ProtonPass
Some other good articles on why to use password managers
- NIST probably
- On organiztional security