If you are not using a password manager in 2020, then you have fallen woefully behind the times. Let me explain…


How Password Systems Generally Work

In the old days your password probably looked like this:

hawaiigirl

And on any responsible web service, this password will be stored in an “irreversible hash” that looks like this:

1296438802338ede0bfd935f8f709916f24b4573481f83e0f91df436f0f25da8

So, lets say I’m an entry-level hacker and I get your super-high-security password hash shown above. I go to https://crackstation.net/ and enter the hash “1296438802338ede0bfd935f8f709916f24b4573481f83e0f91df436f0f25da8”.

This is what a free hashcracking service online will give me: Password hash cracked

In the above image, (the green bar), you can see that the site reverse-checked the hash against a database of known passwords, and returned “hawaiigirl”.

To find this site, I just had to do a simple google search: https://www.google.com/search?channel=fs&client=ubuntu&q=crach+hash+online

What you’ve witnessed here is where entry-level bad guys start. However, the experienced hackers can do much, much, more, and even !hawaiigurl808!supergeek! is not safe these days.


Why You Must Use a Password Manager

Here is an example password generated by keepass:

Keepass Example of High Security Auto-Generated Password

An auto-geneated password like |w@7^fBnB2V?_B#m.T+bPXwrL@a,_C&2 is exceptionally secure, and if the database of your bank or other online service gets hacked, hawaiigirl will have much to worry about, but you (|w@7^fBnB2V?_B#m.T+bPXwrL@a,_C&2) will not.

More Reasons You Should Use a Password Manager

  • You cannot lose your password by forgetting it (because the password manager saves it for you).
  • Companies are demanding more complex passwords.
  • In 2020+, you will probably have dozens of passwords already.
  • You can easily use password diversity (not just one password for many services).

How to Choose Your Password Manager

I use Keepass https://keepass.info/ because:

  • It is not a “service” run by a password-saving company (very common, and a joke).
  • All passwords are securely encrypted.
  • It is portable.

Do not trust companies who offer password services (and charge you for it!) as this idea, in concept, is completely silly.

Remember: Password Managers are generally protected by a top-level password (which should be secure and un-guessable). If someone obtains your password to the masterfile, then they also get the keys to the kingdom.


Grandpa Password Manager: Pen and Paper

One of the most secure ways to store a password is via pen and paper, hidden away in a place only you know, such as a safe.

In fact, if you are not a high-ticket-target for hackers, printing your password list onto a piece of paper (from a file NOT saved, or saved-and-deleted) is also perfectly fine.

Welcome to the Wild West, the Pirate infested waters of the internet. If you feel safe, you don’t know what your doing…


And, Really, Don't Be Paranoid

Speaking on passwords only (not general security) you might not be that interesting a target…

If you are not one of these people:

  • Politician
  • Celebrity
  • Wealthy Person
  • Criminal
  • …etc …

Then your really not that interesting to would-be password crackers, and you don’t have much to worry about. So don’t worry, hawaiigirl you are probably safe in your average-ness.

See the graph below.


From https://www.reddit.com/r/coolguides/comments/i7r34v/crackable_password_chart/

How long does it take to crack a password?