Passwords are the muscled bouncers at the doorway to your online accounts. But how strong are yours, and are any working multiple shifts across more than one account? Weak passwords and password reset emails are the bane of our times, but help is at hand: You can banish both with a dedicated tool like Avira Password Manager, available for multiple devices and operating systems.. All you’ll need to remember is one master password to rule them all. If it’s finally time to feel like a password king (or queen) in full control of their digital realm, find out how password managers work and why they can add much-needed security and convenience to our busy lives online.
Why do we love to hate passwords?
We all know the scenario: You’re faced with yet another website demanding that you choose a password—and not just any password. Nowadays it needs to be sprinkled with numbers, letters, symbols, and upper- and lower-case letters. Your pet’s name simply will not do unless it’s unlucky enough to be called fL&UFFy2021*). And if (when) you forget it, you’ll have to send yourself a tedious password reset email to start the entire process again. Yes, passwords are cumbersome and annoying. Yet they’re vital too as they serve as a first line of defense in keeping cybercriminals from logging in to our laptops and online accounts, accessing our bank accounts and credit card portals, and even going online shopping in our name.
Strong passwords may be the lesser of two evils but they’re difficult to manage and impossible to remember. Plus, we all have too many. Your street or favorite sports team followed by your date of birth? Forget it. Recognizable words and anything predictable or associated with you are too easy to crack. Most of us know this, in theory, but an alarming number of us still ignore password best practice and cybercriminals are rejoicing. The World Economic Forum’s Partnership Against Cybercrime lists the following top 10 most common online passwords. Don’t make this list!
123456
admin
12345678
123456789
1234
12345
password
123
Aa123456
1234567890
And consider this: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234—are weak enough to be cracked using standard methods. It seems we’re all guilty of crimes against passwords, even if we’re federal employees who receive regular cybersecurity training.
You’re not alone in forgetting passwords either. According to research by Statista in 2022, 15% of us reset a password multiple times a week and over one third forget a password once a month. Passwords are a global headache and forgetting them a plague. If you’re wondering which passwords we tend to forget most frequently, it’s social media followed by email accounts.
Advantage hackers: They’re great at cracking passwords, so we need to get better at creating them!
Hackers are relentless and endlessly creative in trying to lay their hands on our passwords and other personal details. When they gain unauthorized access and control of an online account, it’s called account hijacking, and they can use it to impersonate you online. Imagine what they could do armed with your credentials? Go online shopping? Apply for a credit card? Make changes to your social media profiles? Yes, it’s all of the above.
Cybercriminals deploy a range of tools and techniques, including phishing attempts and spyware like keyloggers. Plus, today’s computers are powerful enough to churn out millions of possible letter/number combinations in minutes in an attempt to guess a password. These password crackers can decipher complete words more quickly than random combinations, so remember that if you’re still tempted to go with anything in the dictionary.
Then there are the security breaches that are out of our hands: Even the largest companies can fall prey to hacking, whereby vast databases of information are dropped into cybercriminals’ laps. Cast your mind back to 2019 and a reported mega-dump of hacked personal details called Collection #1. It included the decrypted and cataloged information of 773 million unique usernames and passwords. Additional chunks of data—Collections #2-5—were also found up for grabs on the internet. All in all, the leak was estimated to contain around 2.2 billion compromised records.
Armed with the username and password for the accounts of a single service provider, they can then use these same login details to try and gain access to the victim’s other online accounts. This is known as credential stuffing and is precisely why reusing passwords is such a terrible idea.
Cybercriminals deploy technology, so it makes sense to meet them head on with some technological muscle of your own: A password manager is essential in today’s fight to keep an ever-increasing number of passwords secure (as well as strong and unique, of course). Avira Password Manager serves as a password vault, generator, and manager, so it automatically helps create highly secure passwords for you, stores them in your own online “vault” protected with bank-grade AES 256-bit encryption, and can also be set to log you into your online accounts.
Imagine never creating nor needing to remember lists of passwords…and you can wave goodbye to manually typing in your login credentials too. It also syncs across your devices, so it leaps seamlessly between desktops, laptops, and mobile phones—keeping your passwords at your (but only your) fingertips where and whenever you need them. Speaking of fingerprints, this password manager also uses touch and face ID, so you can access the passwords on your phone with merely the touch of a thumb or a coy glance at your phone’s face recognition software.
Create strong passwords—or one awesomely strong Master Password
While creating strong, long passwords that won’t be instantly forgotten is serious business, security experts recommend getting creative and even silly. The Bruce Schneier method suggests taking a phrase from a song or rhyme, or just making up your own sentence, and turning it into a password with at least nine letters, numbers, and special characters. For example, “This little piggy went to market” becomes “tlpWENT2m”. You’ll still have to remember exactly what you did though.
If you use a password manager, you’ll forego the hassle of creating your own complex passwords…nearly, because you’ll still have to come up with and remember one password (and it’s possibly your most important ever): your Master Password. You’ll need this to access all the others, so create something that’s long and complex, but also memorable (try using the tips above!).
If you’re using the Avira Password Manager, you can rest assured that your Master Password is NOT stored by Avira, so it’s known only to you. Don’t forget it because Avira can’t help you recover it. For added security, you’ll be asked to change your password roughly once a year. All your other passwords are stored in an encrypted form on the Avira servers and can only be decrypted (and encrypted) with your master password. In other words: Unless you’ve inadvertently shared your master password with someone, only you will have the key to decrypt and therefore access your passwords. We did promise you’d feel like the king (or queen) of your digital realm…
You can also store notes and other personal details in your Avira Password Manager, so if you want to attribute more information, hints, or reminders to a particular website/password, that’s easily and securely done. E.g.: Buy children’s stationery here! Cat food subscription active.
Are password managers safe?
How safe is safe? No solution is 100% secure but cybersecurity specialists widely regard reputable password managers as safe and tend to agree that there are more risks in not having one! What could be less secure than passwords stored in our fallible memories, easily accessible word documents or (dare we say it) scribbled on bits of paper?
You can think of a good password manager as your own personal, armoured password safe. That’s because it deploys a range of security methods:
- Advanced encryption helps make your passwords inaccessible to hackers, so they can’t read or use them even if they do get hold of them. Avira uses 256-bit AES encryption. This Advanced Encryption Standard (AES) is a symmetric block cipher that the U.S. government selects to protect classified data.
- High levels of password complexity: The password generator in Avira Password Manager lets you use a slider to set the length of your password and choose whether you’d like to include numbers and special characters. It then spits out utterly unintelligible gobbledygook that won’t be guessed by a passing cybercriminal.
- Password strength detection tools: Always check the strength of your password before you put it to work. Don’t let hackers test it for you by draining your bank account, for example! Avira Password Manager provides an estimate of approximately how long it would take to guess your password. Be ambitious in your timescales! Why go for anything less than thousands, or even millions of years…
…Or as Buzz Lightyear would say: “To infinity and beyond!”.
- Zero-knowledge architecture: Password managers are typically built on a zero-knowledge architecture, which means that your password manager provider can’t see the information stored in your password vault. When you enter information into your vault, it’s encrypted on your device before being sent to the password manager server. If hackers do manage to break into that server, they won’t be able to decipher the data anyway.
How safe are browser-based password managers and other password solutions?
Far from being a one-size fits all solution, there are various types of password managers available. We’ve rounded them up here, including any advantages and disadvantages, so you can make an informed decision.
Browser-based password managers: They’re built directly into the browser so they’re free and convenient and offer to auto-fill fields like a password or payment information for you. They can’t be synced across different browsers though, so if you suddenly use a different one, you’ll be left without your passwords and other login details.
- Pros: Low-cost, easy to use
- Cons: They’re unsafe on shared devices where multiple users can access browsers, and if your device is stolen and hacked, the thief will have access to your logins. Also, these password managers don’t use a zero-knowledge architecture, so a provider like Google can see everything you save—and they don’t guarantee end-to-end encryption either. Don’t be tempted to use them!
Cloud password managers: These are probably the most popular choice for both individuals and businesses as they marry convenience and security. Data is encrypted and centrally hosted on the provider’s server and can be accessed from anywhere on any (or most) devices. Avira Password Manager stores your data in the highly protected Avira cloud, where it’s backed up to prevent loss. This type pf password manager can be stored on all your devices, including PCs, phones, and tablets.
- Pros: Easily synced across devices and operating systems, secure, encrypted.
- Cons: Subscription models incur costs but offer additional features. Your data security is dependent on your choice of provider, so choose carefully. Poor providers may offer inadequate security measures. Always check the privacy policy to ensure that they’re not sharing your data!
Local (on-premise) password managers: These are ideal for larger companies looking to host their passwords in their own closed environment, but some individuals opt for them too.
- Pros: Privately hosted and maintained to help avoid external threats. Teams can collaborate more easily.
- Cons: Higher upfront and deployment/maintenance costs.
Mobile password managers: There are many cloud password manager apps available for mobile devices, and Android and iOS also offer native password managers like Apple Keychain and Google Password Manager, making it easy to save passwords to your device. They can also help autofill your details across websites and mobile apps.
- Pros: Free and offer instant access. Avira Password Managers for Android and iOS let you attach files like images and pdfs, and store notes and payment details. They also include a mobile authenticator so it can securely generate codes to help protect your online accounts from unauthorized access, even if your password has been breached.
- Cons: Some may lack extensive features and can’t be synced across devices on different platforms. Some are vulnerable to “autospill” so they could leak credentials.
Setting up your Avira Password Manager
So, you’ve taken the plunge and opted for a password manager? Hackers will be very disappointed. Watch this video to set up your Avira Password Manager in 3 easy steps or follow the quick instructions below:
- Visit https://passwords.avira.com to view your web dashboard.
- Already have an Avira account? Enter your Avira credentials and click log In. If you don’t have an Avira account, click the Register tab on the top right. Enter the required data and click Register. Then log in to your email account and click on the verification link that you received in your Avira email to complete the registration.
- You’ll now need to create your Master Password. Craft something unique and complex and don’t reuse it for other accounts! Enter your Master Password in the required field and click Create.
- Confirm the password in the following window and click Done.
Remember! To help ensure a high level of security, your Master Password is not stored by Avira. If you forget your password, Avira can’t recover it!
You’re now ready to add your first password:
- Click the plus symbol in the lower right corner.
- Enter all required data. You can choose to add your own (such as an existing) password or let the password generator do this for you.
- Click Save in the upper right corner.
Use your password manager to regularly check your security status
Your Avira Password Manager monitors the web for data breaches and analyzes your online accounts for vulnerabilities like weak passwords. On the left of your web dashboard, click on Security Status to view a list of accounts that need action as well as an overall analysis of your security status (as a percentage).
Avira Password Manager is free. You’ll need to upgrade to Avira Password Manager Pro, which is available with a cost-effective monthly or annual subscription, for a more detailed analysis of security vulnerabilities and the recommended courses of action. It also offers a website check and lets you know if any websites you’re registered on are known as unsafe.
A final reminder: The do’s and don’ts of unique password creation
A weak password is the equivalent of leaving a key in a locked door. It won’t take much effort for someone to get in. Creating a complex password is the best way to keep hackers away from your personal data online. Here are a few dos and don’ts for creating unique passwords.
- Do focus on using a variety of characters, including uppercase letters, lowercase letters, numbers, and symbols. The longer your password, the harder it is to crack. It’s estimated that a nine-character password can be cracked in just five days, while a password with 12 characters should help protect your account for 200 years!
- Do get creative with your password. So, for a word with an “o” in it, use a “0” instead.
- Don’t use data in your password that’s easy for hackers to find, like your birth date or the names of your children and pets.
- Don’t use the same password for all your accounts and do change these at least once or twice a year, especially for the accounts that don’t use multi-factor authentication.
How to choose a password manager
Before you choose to use a password manager, make sure it’s from a trusted expert in online security and that it works on all your devices. So, it should include mobile options and easily sync between your computers and phones. Avira Password Manager is available for a range of operating systems and as a handy browser extension—so you can also download it for free on Google Play, the AppStore, and as an extension for Chrome, Firefox, Edge, and Opera. It also helps securely store more than your passwords—add notes and your credit cards too—and everything is securely backed up to help prevent data loss.