I started using a password manager in 2010 right after Gawker was hacked. The hackers have only gotten more sophisticated, powerful and clever since. And now since the Snowden revelations, you also have to worry about the NSA, FBI, CIA, and other state-sponsored organizations who subscribe to the “collect it all” mentality.
We use LastPass Enterprise at my organization to manage all of our digital credentials. They have a 30% discount for non-profits, and for the value that it provides it is absolutely worth it. There are other password managers out there too if you want to do a bit more research. But whichever you choose, definitely choose one. The days of repeated passwords and shared passwords in a shared spreadsheet are over. It’s not a matter of if you will be compromised, rather when.
Switching over is a pain; you will need to go through all of your accounts and change the password to one randomly-generated by the app. But once done, it’s actually easier to use than trying to remember which password and variation you used for each site.
You will still need one strong password to secure your password manager. Bruce Schneier’s method is the best out there for generating a secure yet memorable master password, which essentially boils down to choosing a memorable phrase or sentence and then encoding that in a unique, difficult to guess way. Scroll down half way to the paragraph that starts with “There's still one scheme that works…”
Enabling 2 factor authentication for your password manager is also highly recommended. There are authenticator apps out there for smart phones that make this a fairly painless process, where you only need to click Yes to confirm you are trying to sign into a new device. And you can always fall back on a code sent via text message. And if you are traveling without network access, you can generate single use codes that you can print out and take with you in your wallet. Of course be sure to never include your account name, email address, or any other info with the codes that would tell someone where they could use them.
One side benefit to using a password manager: it will greatly reduce your chance of being phished.However if you copy/paste passwords it could still happen. Which is why 2-factor auth is so important. Even if a hacker gets your username and password, they will not be able to sign in without the code from your phone.
Comments