Sign in Subscribe

The Importance of Password Managers and Multi-Factor Authentication In Your Personal Life

Eric Smith

4 min read
The Importance of Password Managers and Multi-Factor Authentication In Your Personal Life

In today's online world, you often find yourself logging into several websites, applications, or services a day. You may create new accounts with each one, or login with a third-party service like Google, Facebook, Discord, etc. You may or may not use the same password for all your accounts, and you may or may not use multi-factor authentication (MFA). Consider the risks involved if you were to lose access to any of these accounts. What if someone broke into your Amazon account? Your Facebook? Twitter (X)? What about your bank? There are lots of risks to consider, as a malicious actor gaining access to an account could be catastrophic.

Within the modern Internet, simple password-based authentication methods aren't enough to keep your data safe. In this article, we will talk about multi-factor authentication, password managers, and their important role in personal data security.

Use a Password Manager

Let's be honest- most people are lazy. I'm no different. I used to use the same password for all of my online accounts. Whenever it had to be changed, I'd make a slight change to it and call it a day. All of my accounts used the same email, username, and password. I have too much on my plate to think too be able to remember safe passwords. I think many people feel the same way. So is there a solution for the lazy person? I think there is, and that's a Password Manager.

Password Managers do a few things for you. First, they do the remembering for you- they store all your passwords in one place, and they can automatically fill-in the passwords into login prompts. They can generate unique and complex passwords for each website you access, and you don't need to remember any of them. Just go to the website, click auto-fill, and you're logging in. That's actually MORE lazy than it is to remember and type in passwords every time. More lazy, and if setup correctly, FAR more secure.

With a Password Manager, you need to have a single strong password and a multi-factor authentication method with your Password Manager. You will need to login to the Password Manager to use it- otherwise, you'd just be exposing all of your account information and passwords to anyone who could break into your Password Manager account. Once authenticated with the Password Manager, it can be setup to remember all your logins for all of the websites you use. It can also be used to setup multi-factor authentication, often with TOTP. Your Password Manager can auto-fill in the multi-factor verification codes as well.

Example of Multi-Factor Authentication

Examples Of Great Password Managers

Here are some examples of password managers. I have a personal preference which I will get into in a minute.

  • LastPass
  • 1Password
  • Bitwarden
  • NordPass
  • Dashlane
  • Keeper
  • Apple iCloud Passwords & Keychain
  • KeePassXC
  • Proton Pass
  • Password Safe

There are many options out there and I haven't tried them all- don't take this list as my definitive list of recommendations, but I'm sure most are great to use. I am personally fond of Bitwarden, and I self-host my own instance on a Docker server. This solution allows me to provide myself with a solution which does not rely on a cloud provider, while also giving me the benefits of web accessibility that a cloud provider enables. Bitwarden comes with mobile apps and browser plugins which enable you to connect to your own Bitwarden instance, giving you insane accessibility to your passwords on all your devices. Frankly, it's the best universal recommendation that I can give someone. If you can spin up your own "vault warden" instance, you're going to be solid.

However, there are plenty of solid options out there. Do you want a cloud solution, or a Local-only solution? Cloud solutions are more convenient and are often easier to access and use than their local-only counterparts, but are less secure and can often come with paid subscriptions, or free options with limitations. I recommend that you look at the different options and choose the one that best fits your requirements.

There are many people out there who use a local password manager, such as KeePassXC, and sync their database with all their devices with a sync tool like FreeFileSync. That way, you retain access to your passwords all while resisting using cloud solutions. Data privacy enthusiasts often prefer this approach, as it may not be ideal giving access to your password data to a cloud solution.

💡
Self-Hosted Bitwarden (VaultWarden) is my favorite Password Manager Solution.

Best Practices

If you have a Password Manager, you should use it for all of your accounts. Generate complex passwords with 13 or more characters, using upper-case, lower-case, numbers, and special symbols. Setup a TOTP Multi-factor verification code for every account that supports it. Other multi-factor options are acceptable such as email or phone authentication, but I always recommend TOTP as a universal solid choice.

Using these best practices, you'll find that your accounts are extremely resistant to compromise. I have had so many accounts which only use password-based authentication get cracked into, but now that I use these best practices, not a single account has been compromised. With the automated tools that malicious actors have access to, you should absolutely employ these best practices to ensure your accounts stay secure.