Passwords protect many parts of our lives – from our money to our work and even the appliances in our homes. It may be tempting to reuse a password, but if compromised it can put all your devices and accounts at risk.
Using unique passwords is essential, but it can be challenging to keep track of them all. That’s where password managers can help.
About password managers
Password managers can help you create, manage and store passwords securely for each of your accounts. They can come in a variety of forms, such as an app or website.
To access a password manager you only need a single master password, key or PIN. This means you only need to remember this master login to access all your stored passwords.
Password managers allow you to:
- create strong and unique passwords
- store passwords and other logins securely in one place from any device
- save time and effort by auto-filling your login details
- store your bank cards, PINs, and identity details
- reduce the risk of someone intercepting your passwords.
Password managers are useful tools but are also attractive targets to cybercriminals. Only use a reputable password manager and practice good security by following our advice.
Case Study
The risk of storing sensitive information in unsecured apps
A woman in Western Australia lost her phone, which was unlocked. She kept all her passwords in the notes app on her phone, giving criminals easy access to her accounts. She also kept photos of her driver licence.
The woman’s phone was returned a few hours later. But, it wasn’t till the next day that she realised criminals had transferred all her money to a cryptocurrency website. She lost almost $4000. Had she used a password manager, it would have kept her account and driver licence details secure.
Choose a reputable password manager
There are many different types of password managers available, including free ones. Consider what features you need and compare password managers online.
Check if the company and product have a good reputation. Make sure the product has strong security and privacy features, and gets regular updates. Also, check if it supports:
- encryption (prevents anyone from accessing your stored information without your master password)
- multi-factor authentication
- different devices and syncing between devices
- breached password alerts
- browser extensions for password autofill.
If you are unsure, ask an IT professional or a trusted advisor for help.
Secure your password manager
Protect your accounts by making your password manager secure. The best way to do this is to use multi-factor authentication and make your master password as strong as you can.
You should use multi-factor authentication (MFA) on your password manager if available. MFA adds an extra layer of security. It means you need 2 or more steps to verify your identity to access your passwords. For example, using your master password as well as an authentication code.
Learn more about MFA.
It is crucial to use a strong and unique master password to protect your password manager. Using a weak password is like putting your valuables in a safe and leaving the unlock code beside the door. If someone guesses your master password they may gain access to all your accounts.
Your master password should be the strongest one you can remember. We recommend using a passphrase, which is a more secure version of a password. A passphrase is a string of random words like ‘crystal onion clay pretzel’. It is easy to remember but hard for someone to guess.
Don’t share your passphrase with anyone or include personal details, such as your street or pet name. If someone can guess your passphrase based on what they know or find out about you, your accounts could be at risk.
Learn more on how to set secure passphrases.
Leaving your password manager and device unlocked can give anyone access to your accounts.
Make sure your password manager always asks for your master password or biometrics when using it. Set your device to automatically lock after a short period of inactivity, such as 5 minutes. The shorter the better.
Some password managers have a ‘remember me’ feature. If you use this feature, it will trust the device you are using and ask for your master password less often. Don’t use the ‘remember me’ feature for your password manager if you are on a public or shared device. If you do, other people that use the device could access your accounts.
Remember your master password
Forgetting your master password is like losing the key to your safe. It may be impossible to recover, which means you lose access to all your stored passwords.
Never save your master password to your browser if prompted.
Add and update your account passwords
Use your password manager to create and store passwords for all your accounts, starting with your most important ones.
Follow these steps for each of your accounts. If you already have a strong and unique password for an account, you can skip steps 3 and 4.
- Log into your chosen password manager.
- Add details of the account such as the name, current login details and web address.
- Use the built-in feature of your password manager to create a strong and unique password or passphrase.
- Log into the account with your existing password and update the password to the new one you created.
- Check if you can also turn on MFA for the account for extra security.
- Allow login details to autofill for trusted devices and websites if your password manager supports this option.
Change your important passwords often, especially if there is a data breach. Updating your master password on a regular basis will also help to improve security.
Consider what accounts you are putting into your password manager. Some service providers, like banks, may not cover losses if you store your password in a password manager.
For accounts you don’t want to store in your password manager, protect them with MFA. Use a strong and unique passphrase if MFA is not available.