> For the complete documentation index, see [llms.txt](https://aarnet.gitbook.io/digital-skills-gitbook-1/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://aarnet.gitbook.io/digital-skills-gitbook-1/digital-identity-wellbeing/password-managers.md).

# Using password managers

## Overview

To effectively work, study and live in a digitally-connected world we regularly need to use platforms and software that require password-protected logins. The proliferation of these logins raises two important issues for passwords:

* The reuse of passwords across logins for different platforms
* The use of insufficiently complex passwords that are therefore vulnerable to unauthorised access

Password management software aims to overcome both of these problems by **creating complex passwords** and **storing login details**. This means you no longer need to think of (and remember) multiple passwords, you just need to remember the main password for your password manager and then use it when you come to login to a particular platform.

In short, the benefits of using password managers include:

* No longer having to remember which password goes with which login
* Greater security through the use of complex passwords which are hard to guess and resistant to ‘brute force’ hacking attempts
* Time savings through the use of password manager’s automatic or copy and paste password filling capabilities
* Being able to access all your passwords via one strong main password that you decide for yourself

Sounds simple, right? Well, with a *little* bit of work, you can have a password manager set up and running across **multiple devices**, keeping your passwords for your personal and professional life at hand as you need them.

This short, entertaining video from ABC TV’s The Checkout in 2017 explains more about why password managers are such a **great idea**.

[![The Checkout: Passwords](https://i.ytimg.com/vi/IgCHcuCw_RQ/hqdefault.jpg?sqp=-oaymwEbCKgBEF5IVfKriqkDDggBFQAAiEIYAXABwAEG%5Cu0026rs=AOn4CLB70ZKxrPni5HWcXwi7N_MLTSpEkQ)](https://www.youtube.com/embed/IgCHcuCw_RQ)

Note, however, that the four-random-word passphrase approach to the main password used to unlock the password manager is [outdated](https://www.unix-ninja.com/p/your_xkcd_passwords_are_pwned).

## Getting started

There are many different password management software options available, including:

* [LastPass](https://www.lastpass.com/)
* [1Password](https://1password.com/)
* [BitWarden](https://bitwarden.com/)
* [KeePassXC](https://keepassxc.org/)

Publications such as [WIRED](https://www.wired.com/), [PC Mag](https://www.pcmag.com/) and [CHOICE](https://www.choice.com.au/) review password managers in depth – however, make sure the reviews are recent.

Devices from Apple (via [iCloud Keychain](https://support.apple.com/en-au/HT204085)) and Google (via [Password Manager](https://passwords.google.com/)) come with password management options as well.

Click on the links above to explore more about the options available. Alternatively, [this video from Deakin University Library provides an explanation and demonstration of LastPass](https://video.deakin.edu.au/media/t/0_7p844h8y/), although we are not necessarily recommending LastPass over any of the other options.

The main thing to remember is that using a password manager will keep your important personal login details **more secure** while **making your life easier**. While there is a time investment in transitioning to a password manager, it is **well worth the cost** for the peace of mind and convenience.

While there are online password generators, these are not recommended as [the source code for online password generators can make it faster for hackers to brute force your password](https://www.unix-ninja.com/p/your_xkcd_passwords_are_pwned).

## Making a password

**Using a password manager:** Set your password manager to produce passwords of at least 14 characters per the [ACSC Information Security Manual](https://www.cyber.gov.au/acsc/view-all-content/ism), item ISM-0421. It is best if the random passwords include A-Z a-z 0-9 and punctuation, but the allowable punctuation tends to vary by website. Many password generators will give an indication of the 'strength' of the password, obviously make the length long enough so that is 'strong' or more.

**Key points:**

> Using a password manager means you can make very long and complex passwords and not worry about forgetting them. Long and complex passwords are more secure. It is therefore a good idea to update any existing short or simple passwords that you bring into the password manager. Your password manager software will likely indicate how weak or strong a password is; take its advice and update your password as required.

**In your internet browser:** [Firefox](https://support.mozilla.org/en-US/kb/how-generate-secure-password-firefox), [Chrome](https://support.google.com/chrome/answer/7570435) and [Edge](https://support.microsoft.com/en-us/topic/use-password-generator-to-create-more-secure-passwords-in-microsoft-edge-e9247e35-684b-4114-bb5e-fdea3e4ae3ff) all have password generators which will all generate and store good passwords. Browser password managers are usually more basic than dedicated password managers, as [dedicated password managers have more of a focus on security](https://www.wired.com/2016/08/browser-password-manager-probably-isnt-enough/), but are still better than re-using the same password.

## Using multifactor authentication with a password manager

[Multifactor authentication](https://www.cyber.gov.au/mfa) is a feature available in many password managers which adds an extra layer of security to your passwords. By requiring identification not only via the main password but by using an additional factor it becomes even harder for someone to gain access.

> *Activating multifactor authentication is a highly recommended step to make your passwords more secure*

The most common multifactor authentication method is SMS, but this can commonly be hacked. Authenticator apps such as Google Authenticator can also generate passwords that will only work for a short period of time, but these can also be hacked. Mobile apps that send a verification prompt can also be used, but require a working phone with Internet access. The most secure method is a physical security key, although they have not been widely adopted. (Nanda et al., 2022)

The following password managers all have options for additional authentication beyond just the main password: There are many different password management software options available, including:

* [LastPass](https://www.lastpass.com/products/multifactor-authentication)
* [1Password](https://support.1password.com/two-factor-authentication/)
* [BitWarden](https://bitwarden.com/help/setup-two-step-login/)
* [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-howto)

**References**

* Nanda, A., Jeong, J. J., & Shah, S. W. A. (2022, October 5). *What is multi-factor authentication, and how should I be using it?* The Conversation. <https://theconversation.com/what-is-multi-factor-authentication-and-how-should-i-be-using-it-191591>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://aarnet.gitbook.io/digital-skills-gitbook-1/digital-identity-wellbeing/password-managers.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
