Carnegie Mellon University
Computing Services  ›  Information Security Office  ›  News  ›  2019  ›  Using a Password Manager to Easily Secure Your Accounts

Using a Password Manager

November 22, 2019

Using a Password Manager to Easily Secure Your Accounts

The Password Problem

In 2019 almost everything a person does online requires an account. Whether it’s for shopping, socializing, playing games, or even listening to music; there is an account and password that needs to be created in order to utilize the service. Since the average user has dozens, if not hundreds of accounts, it can be overwhelming to create and remember strong, unique passwords for each one. This can lead to weak passwords that can be cracked in a matter of seconds, or password reuse. Password reuse is a serious problem because of the many data breaches that occur each year. When your account is breached, malicious individuals have an email address, username, and password combination they can try on other websites. If you use the same login information everywhere, a compromise at one website could give people access to all your accounts. 

The Password Solution

Password managers are able to quickly generate and store strong, unique passwords for each of your accounts. Password managers also have the ability to alert you to a weak or compromised password and even offer to automatically change it for you.

When you use a password manager and need to log into a website, you will first visit that website normally. Instead of typing your password into the website, you type your master password into the password manager, which automatically fills the appropriate login information into the website. You don’t have to think about what email address, username, and password you used for the website – your password manager does the dirty work for you.

If you’re creating a new account, your password manager will offer to generate a secure random password for you. The password manager will then offer to store that password in your encrypted vault. You can launch specific websites from your vault to go to account login page and automatically log in to the account.

LastPass generates random passwords

Getting Started with a Password Manager

The first decision you will need to make with a password manager is choosing your master password. The master password is what encrypts the entire password database. It’s the only password you will need to remember, so be sure it is strong.

The Information Security Office recommends three different password manager options, each with their pros and cons. To read more information on each of these password managers, head over to the Password Management Guidance webpage on the ISO site.

LastPass will add your strong passwords and store them in your encrypted vault for easy access

Password Manager Training

The Information Security Office offers password manager training for the free version of LastPass.

If you would like password manager training for you or your staff, please contact iso@andrew.cmu.edu to schedule a date and time.