Password Managers

Posted on by vivsterNZ (she/her) in Tech How-To, Whanau & Personal

I promised a while ago that I’d write about password managers. I think the reason it’s taken me so long is that there are quite a few out there, and when you think you’ve settled on one that you like, something happens and suddenly, we’re back to square one!

So, I’ll try to be general and also transparent about how I’ve come to find password managers and which ones I’ve given a go myself personally.

A long long time ago, I was managing a bunch of tech at a charity. For those that know me, and know who I mean, let me pre-empt this by saying that this was so long ago, that it wasn’t the slick professional outfit it is today, we had minimal staff and a bunch of ancient desktops, none of which talked to each other! This is in no way a reflection of its current state, and in fact, I’ve been out for almost a decade, so I really have no idea where they are at these days!

One of the things I desperately wanted to fix was how we were sharing passwords and creating accounts! Anyone who has ever worked in any kind of collaborative environment will know what I’m talking about. There are some sites and software which you need to share a password to, there are some you can create individual users to, and there are all the myriad of options in between.

Then, when you work in a low-budget environment (think: non-profits, charities or just a small business that would rather spend their OpEx on business needs!); sometimes you can get away with ‘sharing’ one user, when you know you really shouldn’t.

All this does is create a headache as to where you store your passwords, how you share them and how often you change them.

We decided on Last Pass, and then, in a typical small charity, low-budget vibe, we went with Last Pass Family – we didn’t need more than 5 ‘users’ after all – and it was way cheaper than their business plan.

Let me pre-empt yet again to say that this was definitely a LONG TIME before the series of breaches that hit Last Pass in 2022, which you can read all about in their blog here if you were so inclined.

(when you write about password managers and cyber-security, you’re gonna have a load of disclaimers, it’s just a thing)

I liked it so much that I signed my own whānau (family) up to Last Pass families – which led to a personal drama where I couldn’t have devices logged onto both at the same time!

My whānau has since changed to a different password manager – partly because of the aforementioned breaches, but partly because the one we’ve now chosen is cheaper. This is, in no way a reflection on Last Pass and how they do business currently, we’ve just gone in a different direction.

So having given this whole pre-amble – and I do admit, it’s starting to feel like one of those recipe blogs where you never really get to the point, but also, this is my personal blog, so really, can you blame me for a personal story? Here are some things I’ve used and why – I’m not endorsing any brand over another – I’m just going to talk generally about password managers and why they’re useful for whānau.

101 – why?

I guess the first thing I’ll start with is “WHY?” – some people I’ve chatted to keep their passwords on bits of paper and notebooks, others use the password managers built into their devices, and others use the same password for everything.

Keeping it in a notebook or on paper

To be honest with you. If you are struggling with anything technical at all, and really only have 2 or 3 passwords, having it in a notebook or diary is probably the most secure option for you, over anything else. It can only go as far as that notebook can physically travel, and hopefully it means you will be prompted to use different passwords if you’re writing them down, and you can see you’re using the same password too much.

Same password for everything

This is the other most common option. Sometimes people use very small variations (maybe different numbers on the end of each password, for example). This is, by far, the worst option of all. Whenever you hear of someone being ‘hacked’, more often than not, it is because someone has guessed their password, or worse, they’ve given their password to someone.

If some large database has been breached (and this happens almost on the daily), your username (usually your publicly available email address) is now linked with that password, forevermore.

So then unscrupulous people who download these breached databases will then try that username/password combination on all the sites they can find. If you’ve used the same password for everything, it’s like you’ve left a skeleton key to every lock you own in public with a sign on it.

Using the in-built password manager

Most internet browsers (Google Chrome, Microsoft Edge, Mozilla Firefox, Apple Safari etc) will have in-built password managers. It’s by far the most common way for non techy people to save their passwords. In fact, a lot of people I’ve talked to, don’t even realise it’s happening, and are surprised when I show them the list of their passwords within their browser.

In the past, some of these browsers were sharing password data, unencrypted, across all your devices – admittedly some have always been better than others. Most will still keep copies on your device, which means, you’ve really just got a slightly more complicated version of the paper notebook example above.

OK now that I’ve attempted to answer the why, let’s talk about the what.

The what

What are some of the things password managers can help you and your whānau with.

sharing passwords & emergencies

In a whānau environment, and I’m talking about one where kids are involved, it’s probably a good idea to share some of the passwords. We still have some of our kids’ social media accounts (yea, I know they’ve started new ones that aren’t shared in our family password vault, but there is something to be said about how tech can be used to how it is used!) and definitely have access to our kids’ school and important accounts – think NZQA, their AT Hop cards (bus cards) etc.

In terms of me and my partner, we’ve got a shared family folder with passwords that we need to share, and then everything else is still private.

What is important to me is that almost all password managers have emergency access rights. If I die suddenly (and vice-versa) my partner gets access to all my passwords – i’ve set it up so that there is a 24 hour stand-down. The idea being if they try to do it when i’m not dead, then I can stop it and question why they need access to all my passwords. If I am dead, then they can access all my things and sort out all the things that might need to be sorted after death. It’s a dark thought, but in 2025, a vitally important part of any death plan.

complicated passwords

Nowadays sites are getting more and more complicated with password requirements. Most regular humans I know struggle to remember long passwords and definitely which one goes where. A password manager can save you all that remembering.

I’ll let XKCD explain about password complications (check it out on their site here)

So using a password manager means you can have long passphrases that are hard to guess using modern computing power, and still easy to type in, if you have to type it in.

Multi-factor authentication

I wrote a while ago about multi-factor authentication – and one of the reasons we chose our current password manager is because it has multi-factor authentication built in. It means you can install one app instead of two on your phone, for example. However, I’m sure there will be many many cyber-security peeps that will argue that I’ve reduced ‘multi’ factor to single factor, but it is still a whole other thing you have to get into, so I guess hit me in the comments on social?

One of the things that I have found vitally important about multi-factor authentication is that it always gives you a backup key. One of the most common queries I’ve ever gotten from non-techy people is “where do I store this long and complicate backup key?”. Which is a fair question. Every password manager should have a note section for each entry – an encrypted area for you to save vitally important information!

Other things (not passwords)

This leads me to talk about how handy password managers can be to store encrypted notes as well as data that you want to access globally, and to keep safe. Think passport details, driver’s license details, certificate details. It means you can store it encrypted in your password vault and be able to access it anywhere you have your device!

access

One of the biggest things that I’ve found as an advantage of having a password manager is that you have access to your passwords wherever you have access to an internet connection. Most password managers that are cloud-based have a website you can access from anywhere. Be warned that you should be super careful logging onto things like this from shared computers, but if you have your phone or tablet with you, then you can access your encrypted data anywhere.

what next?

So if you’ve gotten this far, you might still be confused about how to do something. Your next action is to pick a password manager.

Some popular ones include (but are not limited to, of course!) – also note that I’ve put these in alphabetical order – I’m not endorsing one over another – i’ve also never really looked into self-hosted versions, only cloud-based versions – this is because of my list above – all the functionality that I need, means a cloud-based version is what I need.

This is a campaign by our NZ Government’s cyber-security department – there is a wealth of information at https://www.ownyouronline.govt.nz/