Managing passwords

This short guide is a reference tool to help refresh your knowledge or practise what you have learned in the Managing passwords online course, including:

  • the importance of strong passwords
  • using computer-generated passwords
  • what a password manager is and how it helps you stay safe online
  • free vs paid password managers
  • how to set up and use a password manager.

The importance of strong, secure passwords

You create passwords to secure your various online accounts. These need to be strong and secure, so others cannot access your information.

A weak password is easy to guess. It might use numbers in order (12345), and common words such as mypassword, cheetah, librarian, and similar.

An illustration of a padlock and key

A strong password is hard to guess. It has random uppercase and lowercase letters, numbers, and symbols such as !@#$%^&*.

A computer-generated password, usually made by your web browser, has a random string of numbers, letters, and symbols.

Using computer-generated passwords

A computer-generated password is the safest kind of password, because it is so random. It is virtually impossible for a human to guess, and very difficult for a computer to hack.

When you go to a website, your browser will provide the password for you, so you don’t have to remember it. Your browser passwords only work with the browser you saved them in. You can use this browser on multiple devices, though.

You can view and change passwords using your web browser’s password feature:

Chrome

  • Click the three vertical dots on the right
  • Look under Settings, Auto Fill, and Passwords.

Edge

  • Click the three horizontal dots on the right
  • Look under Settings, Profile, and Passwords.

Safari

  • Click on Spotlight Search
  • Type in Keychain, then select Keychain Access.

Remembering lots of passwords is difficult, and you might want to use them on different browsers and computers. That’s where a password manager can help.

What is a password manager?

There are two main kinds of password manager.

  1. A function built-in to your web browser, which is free, but only works with that particular web browser.
  2. A separate app installed on your computer or device. It doesn’t need a particular browser to work.

A password manager is like a traditional keychain, with each key unlocking a different app or website.

Your passwords are protected by a master password which you use to sign in to your password manager. The password is not computer generated – you create it.

Each time a website asks for a password, you sign in with your master password and the password manager then enters the password in to the website for you.

Your master password protects all of your other passwords! It’s important that your master password be unique, strong, and for you to protect it and never share it.

Your password manager can also:

  • Create new, secure computer-generated passwords for you
  • Use two-factor or multifactor authentication to provide extra security
  • Allow you to view your saved passwords using the password manager’s dashboard or settings screen.

Your passwords are saved in the cloud, to keep them safe. The master password is not saved in the cloud – you need to remember it.

Free password managers vs paid password managers

Modern web browsers such as Chrome, Edge, and Safari include a free password manager. This is more limited than a separate password manager app, because it remembers passwords only for that browser. An app can manage passwords on all your devices, whatever browser you use.

Some password manager apps ask for a small monthly subscription fee, to give you extra features and support. A paid password manager costs $6-12 a month, and you install it on all your devices from each device’s app store.

If you stop paying for your password manager, you will lose access to extra features, but not your passwords.

A free password manager should:

  • Save your passwords to an encrypted cloud service
  • Computer-generate safe and secure passwords
  • Save your information to use for filling in forms online (such as your address)
  • Offer extra ways to authenticate your master password, such as by sending a code to your mobile phone
  • Let you see your saved passwords in the app dashboard, once you are signed in with your master password
  • Let you transfer your save passwords from your browser
  • Offer to fill in online forms securely, such as your address.

A paid password manager should:

  • Do everything a free password manager does
  • Offer extra security options, such as a USB device with a button you press to sign in
  • Monitor all your passwords to see if they might have been involved in a hack or data breach
  • Send you text messages or emails if your passwords need to be changed or reviewed.
Only download apps from the official app stores, or directly from the password manager’s official website: the App Store for Apple devices, Google Play for Android devices and the Microsoft Store for Windows devices.

Setting up a password manager

Once you have downloaded your chosen password manager app from the official app store for your device:

  • Open the app and follow the instructions to set up your account
  • Choose a strong master password. It should be hard to guess and use a mix of uppercase and lowercase letters, numbers and symbols.

Using a password manager

Once you have activated your password manager, it will:

  • Offer to remember passwords, such as for Google, Facebook, PayPal, and Amazon
  • Let you to import passwords from Chrome and other browsers
  • Let you to set up multifactor authentication (MFA) so it can send a text message to your mobile phone each time you enter your master password and thus provide you with additional protection.

Other things a password manager can do

A paid password manager may also provide some or all of the following features:

  • Secure Notes for saving important information
  • Password sharing with authorised people, such as close family or a friend
  • Auto-fill for forms online, such as your name and address
  • Secure credit card number storage
  • Digital legacy features.

If you decide to share some or all of your passwords with another person, they will only be able to use passwords that don’t have extra security in the form of multifactor authentication. So, they won’t be able to access such sites as my.gov.au, unless you can show them the code MyGov sends to your mobile phone.

How to view and change your passwords in a password manager

By default, the dashboard in your password manager keeps passwords secret and only shows black dots for each one. You can, however, view or change your saved passwords from the dashboard.

Click on the eye symbol next to a password to turn it from dots into the password itself. The password will hide itself again automatically when you close the dashboard.

You can enable the password manager’s alert feature to get notifications about compromised passwords sent to your email address or mobile number.

If one or more of your passwords is exposed online somehow, your password manager will send you an email or text message about this.