When you use a commercial, vault-based password manager to secure passwords for online accounts, the vault itself has to be secured to prevent unauthorized access to your saved passwords. In order to secure the vault, you need to create the perfect master password and keep it separate from the password manager.
Most people are familiar with browser password managers that offer to save your login credentials when you visit an online bank, online shop, or any other website requiring a login (i.e., Facebook, DraftKings, Netflix, etc.). Some people choose to use these password managers as a convenient alternative to having to remember multiple complex passwords for different online accounts.
However, browser password managers are accessible to anybody with access to the workstation or mobile device from which you use the Internet. So, if you leave your workstation unattended or lose your phone – and you haven´t logged out of your browser account (which most people don´t) – anybody could get access to your passwords and any other information saved on the device.
How Commercial Vault-Based Password Managers Overcome this Problem
Commercial vault-based password managers overcome this problem by requiring you to login at the start of each session and automatically disconnecting you from the password vault after a period of inactivity. This means that nobody can access your passwords on an unattended or lost device without your master password (the one you use to log in at the start of each session).
Consequently, your master password needs to be particularly difficult for anybody to guess or hack using password cracking software. You can check the strength of an existing master password by using a password strength testing tool; and, if you feel you need a stronger password to protect your vault, follow our tips for how to create the perfect master password.
What Should the Perfect Master Password Include?
The standard answer to this question is: uppercase and lowercase letters, numbers, symbols, a minimum of eight characters, only non-dictionary words, no personal information, and never to reuse a password that has been used on another account or recycle old passwords.
However, it is possible to follow these guidelines and still create a weak and easily guessed password. For instance, “123Passw0rd123#”, or “DavePassword123!” These passwords meet the above criteria, yet they are very susceptible to brute force attacks.
When creating the perfect master password, the most important criteria are:
- The password is 100% unique
- The password is only used for your password vault
- The password contains many characters – Creating a passphrase is best as it will be easier to remember
Creating Memorable and Effective Passphrases
A passphrase should consist of random words and characters, that are connected to form a password. The passphrase should be 20 to 30 characters long, which is much longer than a regular password. The idea is the passphrase will only make sense to you.
Some examples of passphrases are listed below for guidance. Naturally do not use these exact passphrases – create your own!!!
As you can see, these are all easy to remember passphrases that are relatively easy to come up with. It is important to include a range of symbols, numbers, or uppercase letters somewhere in any passphrase in order to make it even more secure.