Most of us have many passwords and answers to security questions floating in our heads, or worse—on paper or in a computer file. Some of us use the password managers provided by our web browsers, but there are concerns about those as well. Third-party password managers offer an alternative option.
The National Institute of Standards and Technology (NIST), part of the US Dept. of Commerce, has provided “technical requirements for federal agencies implementing digital identity services,” and their FAQs (Q-B12) on these requirements state: “Password managers offer greater security and convenience for the use of passwords to access online services.” In addition, NIST recommends the following when using a password manager:
“Choose a long passphrase for the master password to the password manager and protect it from being stolen. A passphrase can be made sufficiently long to protect against attacks while still allowing memorization.”
“Create unique passwords for all accounts or use the capability of most program managers to generate random, unique, complex passwords for each account.”
“Avoid password managers that allow recovery of the master password. Any compromise of the master password through account recovery tools can compromise the entire password vault.”
“Use multi-factor authentication for program manager applications that allow that capability.”
“Use the password generator capability in most password managers to generate complex, random text answers to online ‘security’ questions for those sites still using them.”
If you decide to explore password manager options, below are some recent articles comparing different ones. (Note: the Harris County Law Library does not endorse any specific password manager.)
Best password managers in 2021 (cybernews, 1/12/2021)
Best Password Manager to Use for 2021: 1Password, LastPass and More Compared (c|net, 12/29/2020)
The Best Password Managers for 2021 (PCMag, 12/21/2020)
The Best Password Managers (NYT|Wirecutter, 12/8/2020)