The Ultimate User Guide for Managing Your Passwords [Part 4 of 5]

Our last three posts have covered how to create strong passwords, how to secure a primary email account for all of your online accounts, and how to set up multi-factor authentication. In this part, we’re going to discuss setting up a password manager and going through the process of documenting all of your accounts into that password manager with all new, extremely secure passwords.

What we are covering:

1. Create a few strong master passwords
2. Choose a primary email that governs your accounts
3. Secure that email with a new, strong password
4. Choose a Multi-Factor Authentication app
5. Set up Multi-Factor Authentication on your primary email
6. Select and set up a password manager
7. Update every account, secure it, and log it in the password manager
8. Delete old passwords stored in your browser
9. Maintain the course and continue to practice good cybersecurity hygiene!

Step Six: Set Up Your Password Manager

How to Choose a Password Manager

First thing’s first; if your company provides its workers with a password manager, check to see if they supply personal or family plan licenses. A few business-class password managers include pricing for personal licenses as a perk—why spend money on something when you can already get it for free?

For most typical home users and families, it comes down to whether or not the solution is secure and if it works on all the devices you need it to work on. We will showcase a few password managers that are all pretty good options for most home users. 

Note that they cost money, but most options will at least let you get started with a free trial, and it’s worth the investment when it comes to how much of a headache they can remove from your day-to-day life. Considering that about $75 per year will cover most families, you can take a huge step into protecting those you care about too.

You DO NOT want to use your work account to store personal passwords! Keep them separated!

The Leading Consumer-Friendly Password Managers

Keeper Password Manager - Keeper works on nearly every platform including Windows, Mac, Linux, Android, and iOS. While there isn’t a free version, you can try a free trial, and there are family plans, business plans, and special pricing for students, military, and medical users. If your company uses Keeper, you can get a free personal account.

Learn more at https://www.keepersecurity.com/

NordPass - Nord is a company that specializes in user security, and their password manager has been getting very high review scores. It supports iOS and Android, as well as seven of the most popular web browsers. There is a free version; however, we urge users to consider the Premium or Family plans for added security and features.

Learn more at https://nordpass.com/ 

1Password - 1Password has been around for a while with a proven track record. It works across Android, iOS, and most browsers. It offers a 14-day free trial, as well as plans for individuals, families, and businesses.

Learn more at https://1password.com/ 

Dashlane - Dashlane is a little pricier than the other options (it costs about twice as much as the competition), but Dashlane started out as a business-centric password manager first. If your company already uses Dashlane, employees can get a personal license.

Learn more at https://www.dashlane.com/ 

Worth Mentioning: LastPass - LastPass has been around for a long time, and works on both Android and iOS, and can be installed on most popular web browsers. Unfortunately, LastPass suffered from a pretty bad data breach back in 2022 and early 2023. While we believe that they take security seriously, the way they handled this security breach left us wanting better from a service that stores passwords.

Most of these password managers are going to be pretty similar for most home users. However, for businesses, there are definitely some big differences that you’ll want to weigh when it comes to equipping your employees with a centrally managed password manager. We can help your business make the right choice—just give us a call at (717) 620-3042.

Your Password Manager’s Password Needs to Be Extremely Secure

Once you select your password manager, setting it up is pretty simple. Use your primary email address to make the account, and create a new, complex password that you’ll use to log in. 

This is the password you’ll need to memorize, but it’s also the password that rules over all of your other passwords, so complexity is extremely important. Use our suggested method from Step One, where you string several random words together and then utilize capital letters, numbers, and symbols.

Follow the password manager’s instructions for securing the account, setting up MFA (keep in mind that it’s sometimes referred to as 2-factor authentication, multifactor authentication, MFA, or 2FA), and if the account makes any recommendations for further security, take it seriously.

You’ll also want to set up your subscription for the password manager so you get all of the premium features. Most will have you set this up while subscribing to the free trial.

Finally, you’ll want to install your new password manager on the devices you regularly use and sign into it. Most of the time, you can download the app for your password manager from the Google Play Store or Apple App Store, and look for browser extensions for the web browser you prefer.

Step Seven: Go Through All Your Accounts, Update Passwords, Secure Them, and Log Them Into Your Password Manager

Here’s where we roll back our sleeves and get to work.

This step will likely take you the longest. Over a year ago, I spent about two days over my holiday break setting this up, but I am pretty sure I hold more accounts than the typical person (at well over 350 logins).

The effort is entirely worth it.

Once you have everything properly documented and logged in your password manager, keeping things maintained and organized is infinitely easier. You’ll never have to do this again if you take your time and commit to it.

Your new password manager will have a password generator. Every time you add a new record, you can use it to generate a long, complex, unique password that the password manager will save for you. We will be doing this for each and every account, but there are some other housekeeping steps you should do, too.

Here’s What You Are Going to Do For Every Single Account You Have

1. Log into the account.
2. Find the account settings/security settings area for that website or account, and confirm that the account is set to your primary email.
3. Update any and all information under the account (add in a phone number if they offer SMS authentication, check to make sure your address is up-to-date, etc.)
4. Log the account into your password manager—put in the URL of the account, the username/email used, and generate a new, complex password using the built-in password generator.
5. Update the password for the account with the new one, and follow any steps required to authenticate the change (some accounts might send you a link or code to your email to verify).
6. Look for options to enable and set up multifactor authentication, 2-factor authentication, MFA, or 2FA. Follow the steps to enable it and set it up in your authentication app.
7. Save the password record in your password manager and move on to the next account to repeat the steps.

Ensure that Every Password is Unique
Most of the suggested password managers will warn you if you are using weak passwords, so as long as you use their password generator tool to create a unique, complex password for each account, you should be golden. 

You should rarely have to type in these passwords by hand, as you can install your password manager onto just about any device, so be sure to generate long, healthy, complex passwords. We recommend 16-24 characters with capital letters, lowercase letters, numbers, and symbols.

How to Find Websites and Services You Have Accounts For
Remember, your goal is to find every website, service, and account you have a login for and get it documented and updated. That’s going to include the following:

• Bank accounts and credit card accounts
• Online payment accounts like PayPal, Venmo, and Zelle
• Online stores and marketplaces like Amazon, eBay, Etsy, and more
• Social networks like Facebook, X, LinkedIn, and Reddit
• Subscription services like news websites, Patreon, and others
• Entertainment sites like Netflix, Hulu, and Disney
• Services like Turbotax/Intuit, Microsoft, Adobe, your antivirus, and others
• Local, state, or nationwide accounts like IRS.gov, the DMV, and others
• Alternative email accounts
• Video game accounts like Steam, Nintendo, Sony, Microsoft, Epic, and others
• Website domain, hosting, and CMS logins (WordPress, Joomla, etc)
• Applications that you use that store information like Evernote, Microsoft, Notion, etc
• Home technology equipment like your router, smart home devices, guest networks, and more

It’s easy to forget just how many accounts you might have, so here are some tips for jogging your memory and finding them all:

• If you were storing passwords in your web browser, you might be able to find them there. For Google Chrome, click the 3-dot menu at the top right and go to Passwords and Autofill > Google Password Manager. For Microsoft Edge, click the 3-dot menu at the top right and go to Settings > Profiles > Passwords. For Firefox, click the hamburger menu at the top right and go to Passwords, or Settings > Privacy & Security > Logins and Passwords > Saved logins. Finally, for Safari, go to Settings/Preferences and click Passwords. 
• Look at your bank account statements over the last year. If you get billed for any subscriptions, chances are you have an account to adjust.
• Go through your email. Look for terms like “account” or “welcome.”

Don’t Forget to Check Out the Other Parts of This Guide!

This is a five-part guide! Head on back to our blog to see the rest of these articles (we’ll be posting each one every other weekday). You can also click on #Password Guide below to see all of the parts that are currently published.