Security Chapter 2 : Using A Password Manager
If you have not read part 1, why you should not share site passwords, you can do so here first.
A password manager (surprise surprise!) is software that helps you generate, save and manage your passwords.
Good ones will be almost transparent – only appearing when you need to log in or generate a password.
I personally use 1Password. It’s not free but I’ve used it for several years chiefly because it has been around for a very long time and has a corresponding mobile app that seamlessly works with the desktop
There are several free alternatives
There is also LastPass but this one was hacked some years back and their database was compromised. I like to think they have since tightened up their security.
Of course, the question arises – if these can be compromised, what is the point?
My reasoning it is much easier to breach your lax security than it is a password manager.
For illustration purposes, I will walk you through setting up and using Enpass.
Disclaimer: I have no affiliation with 1Password (other than I use it) or Enpass, or any other password manager.
Also, I have never used Enpass before, and just picked it at random. The experience for me will be just as it is for you setting it up for the first time.
First, let us grab Enpass. Go to the site https://www.enpass.io/downloads/ and download the appropriate version for your operating system. For purposes of this demonstration, let me grab the Windows version for my (virtual) machine
Double click on the downloaded file to set it up
Accept the license agreement
Finalize the installation
Now, launch Enpass
The next screen is the most important one. Here you are expected to supply the master password. This is the one true password that will secure all your other passwords and the only one that you will be expected to remember. If you forget this password – you’re done!
The indicator (in green) shows the strength of your password. Type a nice long password. Try to make it something memorable that is easy to remember for you, but difficult for someone else.
You can use an entire sentence as your password – for example, a bible verse or a memorable line from a poem. Just make sure the indicator turns green.
Once you have typed and confirmed it, click done.
By the way, the reason you are asked to confirm passwords is to make sure that if you have made a typo, it will be caught.
You should have the following screen.
If you leave this screen idle for more than a few minutes, it will lock
To unlock, enter the master password
The next order of business is to enable browser integration.
For Enpass you do this by going to Tools > Settings
In the screen that opens, click ‘Browsers‘
Then click ‘Install browser extensions‘
This will redirect you to this page https://www.enpass.io/enpass-browser-extension/
Click the button to install in your browser of choice. You can come back to this page and install the plygins for each of the browsers that you use.
In my case, I clicked Chrome.
You will be taken to the following page
Click on ‘Add To Chrome‘
You should see the following
Click ‘Add extension‘ and you’re done.
You will see a new icon on the browser bar. (The far right key in a circle)
There is one last thing you need to do.
- Launch Enpass, go to Tools > Settings
- Click Browser
- Check ‘Enable browser extensions‘
To check that you are good to go, lick on the icon in the browser toolbar.
You should see the following
Now let us see how it works.
Let us set up, for example, an Amazon account. Here is the screen for creating an account
Provide a name, and then an email.
At the password, don’t provide your usual go-to password. Hit Ctrl and then / (at the same time)
If you are logged in to Enpass, you will see the following popup
If you are not, you will see the following. Go on and log in
Once you are logged in, click the gear icon at the bottom.
You will see the following
What you are seeing here is a password that Enpass has automatically generated for you. You can customize the password length and set whether it is pronounceable.
Of note is the password, usually something like !Ly3*4i*;U\3WGdNpm
This is an 18 character long password that is almost impossible to guess, and very difficult to crack (a discussion for a future post). Which makes it pretty secure.
A pronounceable password looks like this
Click the chef hat to customize the password further – the number of digits, symbols, etc. There are some sites that have niche password requirements such as maximum length and allowed characters.
Once you’re done, click Fill & Copy
The Enpass extension should auto-fill the password and the confirmation, and then copy the new password to your clipboard in case you want to see it.
Once Enpass has filled in the password and confirmation, click ‘create account’.
You should see the following prompt, showing that Enpass has recognized you have created an account and saved both your login and password. Go ahead and click Save
And we’re done.
If you launch Enpass you should see the following
Now let us verify that it works.
Go to the Amazon login page
Hit Ctrl and / (At the same time)
If you are logged in to the Enpass application, Enpass will fill in your details and automatically log you into the site.
If you are not logged in to Enpass, you will get a prompt to log in. Once you do, Enpass will fill in your details and log you into the site.
And that is how you use a password manager.
Any time you are creating a new account or logging into an existing one, hit Ctrl and / to generate and autofill the password.
This should work for most sites.
You no longer need to remember your passwords! I do not, in fact, know any of mine. Except, of course, the master password
A good password manager also allows you to save and autofill additional data such as:
- Credit and debit card details
- Software serial keys
- Frequent flyer numbers
- Remote server credentials
- Router username and passwords
So try one out and let me know your experience.
One thought on “Security Chapter 2 : Using A Password Manager”