Maybe you already use a password manager? Great – you have increased your security by not relying on notes, spreadsheets or other insecure forms to remember your passwords. To take full advantage of a password manager, it’s a good idea to use as many of its features as possible.
Here are ten tips on features found in free or purchasable password managers. These tips are easiest to implement with a cloud-based service (which is virtually all of them these days).
The password manager recommended in this guide is primarily Bitwarden which is open source based and has most of the features in the free version including support for a mobile app.
1. Use the password generator
Still trying to make up your own passwords and then transfer them to your password manager? Use your service’s password generator instead. It will create much more secure passwords that are truly random. Plus, you can easily adjust the settings to match your site’s password requirements. To make it easy for you, use your password manager’s browser extension. It will not only generate a password, but also save it to your account.
2. Install the browser extension and mobile app
After signing up for an online password manager, some people continue to just log in through a browser to retrieve their login information. A faster way to manage your passwords is to install the above mentioned browser extension, which you can use to automatically fill in your user ID and password.
Similarly, installing your service’s mobile app on your phone means you can quickly and securely use your login information on the go.
3. Make password sharing free
Sharing your Netflix password with your household members in a spreadsheet may be an easy way to do it, but it’s not secure. A better idea is to share the information via your password manager.
This feature is widely available for both free and paid services, but paying users usually get more sharing options. One exception is the free version of Bitwarden, where sharing is not available on a free account. You have to create another type of account to share passwords between two people for free.
4. Run a password audit
Having a password manager is one part of security. The other part is choosing strong passwords. The good news is that managing passwords is much easier with a password manager.
Most have a feature that not only verifies the strength of your passwords, but also checks that they haven’t turned up in a data breach. If you discover that a password was leaked in a data breach, you can quickly change it, especially if you have installed the password manager’s browser extension.
5. Two-factor authentication
Since a password manager centralizes all login information, it’s smart to protect your account as much as possible. Setting up two-factor authentication, in addition to a strong
password, provides better security. If someone cracks your password, they still have to input a second set of information that only you can access.
Even for free accounts, the major password managers support the simplest form of two-factor authentication – authentication apps that generate a temporary, one-time use numeric code, which you enter after entering your password. You can use options like Aegis Authenticator (instead of Google Authenticator) for mobile. Winauth is available if you don’t use a smartphone.
Paying users can take advantage of more advanced forms of two-factor authentication like Yubikey, a USB security key that you need to connect to a computer. It’s a good idea to set up more than one two-factor authentication in case you lose your phone.
6. Change your passwords automatically
Okay, you ran a password audit (see above), and now you have some passwords that need replacing. In some password managers, like Lastpass and Dashlane, this can be fixed quickly, thanks to automated password changes. The time savings vary because the feature only works with supported websites – usually popular ones – but it’s still convenient to be able to fix this quickly.
7. Set up notifications
Many password managers offer monitoring in case your data is discovered in a breach or appears on the “dark web”. Remember that some only send out email alerts to paying users. If you already have a subscription, make sure you are signed up to receive notifications – they will help you act quickly if your information is compromised and you need to change your password.
8. Set up emergency access
Sometimes unforeseen things happen in life, creating an emergency contact allows access to your account for your loved ones (or your estate). Not all password managers offer this option, and the feature varies between services. For example, Bitwarden allows you to give full authorization to an emergency contact, while Lastpass makes a one-time copy of your information and then saves it in a folder in the emergency contact’s account.
9. Add other sensitive information
Many people allow their credit card information to be stored on individual websites. Improve security by storing the information in your password manager instead, so that only one source has the information. This reduces the risk the next time an online store is breached.
Paying users can often benefit from file storage to upload copies of important documents such as travel documents.
10. Take advantage of the unique features you pay for
Some password managers have features that you can’t find elsewhere – for example, 1Password offers a “travel mode” that allows you to hide specific groups of passwords. The idea is that if you’re traveling, you can keep sensitive information private, should you be forced to unlock your phone and hand it over to a government agency.
In short, don’t miss out on something useful, especially if you’re already paying for it.