For those who have never used a password manager, setting one up may seem daunting and complicated. It’s not – you can do this.
While it will take time to set up, populate and organize your new password vault, and learn how to quickly access your passwords, it will become second nature over time. The key is to just get started.
Action Plan
| Step 1: Choose a password manager | Review features and pricing and choose an option that works for you. Using your desktop or laptop computer, download software (if available) and set up an account. Refer to the Password Manager Options comparison grid below of some of the leading products. Which one you choose is less important than simply choosing one and using it. |
| Step 2: Create a master password | Your master password is a single, strong password that gives you access to your password vault. Make it long, strong and memorable.
|
| Step 3: Add browser extension | The browser extension will allow you to save all your favourite sites to your vault automatically, generate new passwords, and easily fill your login credentials. Turn off the password manager built into your browser. They lack security and flexibility. |
| Step 4: Populate your password vault | Start gradually – there is no need to add everything all at once. Many password managers allow you to import passwords from your browser, a CSV file and other password managers. To more easily manage your passwords as the number of stored accounts grows, group or categorize your sites. By simply logging into sites as you are browsing on your own, the browser extension will save them to your vault automatically - no need to add them manually. |
| Step 5: Download the mobile app | The mobile app will allow you to access your password vault from your mobile device. Turn off the built-in password manager on your mobile. This way, you can be sure you’re only storing passwords in a single location. |
| Step 6: Perform a health check | Check for duplicate, weak, default and stolen credentials, and use the password generator to reset the passwords for those accounts. You don’t need to change all your passwords immediately - start with sites that store high-risk information such as your email and banking, and ones that have been compromised. |
| Step 7: Plan for the future | Include your master password and instructions on how to access your vault with your estate documents and other important papers. |
| Step 8: Go further |
|
Password Manager Options Password Manager Options
There are various factors to consider when choosing a password manager, including cost, desired features, number of users (e.g. personal vs. family plan) and just general aesthetics/usability. The grid below compares some of the industry-leading/popular options.
A privacy impact assessment (PIA) must be completed prior to departmental/faculty use of a password manager. A PIA is not required for individual or personal use.
| Features | 1Password | Bitwarden | Dashlane | KeePass | RoboForm |
|---|---|---|---|---|---|
| Plans | Individual / Family | Single / Family | Personal Free / Personal Premium / Friends & Family | Individual | Personal Free / Personal Everywhere / Family |
| Approx. price / per year (CAD) | $45 / $72 | Free / $55 | Free / $55 / $83 | Free | Free / $25 / $50 |
| Number of devices | Unlimited | Unlimited | Free – Limited to 1 / Unlimited | Unlimited | Free – Limited to 1 / Unlimited |
| Cloud-based storage | Yes | Yes | Yes | No | Free / No / Yes |
| End-to-end encryption | Yes | Yes | Yes | Yes | Yes |
| MFA | Yes | Yes | Yes | Yes | Free / No / Yes |
| Biometric login | Yes | Yes | Yes | No | Yes |
| Password sharing | Yes | Yes | Yes | No | Yes |
| Password generators | Yes | Yes | Yes | Yes | Yes |
| Password import | Yes | Yes | Yes | Yes | Yes |
| Security breach monitoring/alerts | Yes | Yes | Yes | No | ? |
| Encrypted file storage | Yes | Yes | Yes | No | ? |
| Autofill Passwords | Yes | Yes | Yes | Yes | Yes |
| Website | 1password.com | bitwarden.com | dashlane.com | keepass.info | roboform.com |