I’ve talked about the 2 password manager idea before in my post about what if your password manager gets hacked.
But I feel I need to give this idea its own post because of how seriously important it is.
What Is The 2 Password Manager Method?
It’s as the name describes, you use 2 password managers — one password manager for the important stuff and the other for the not so important stuff.
An important password is like your banking, email, retirement accounts, or any account that if stolen would feel like the world is ending.
A non-important password is everything else.
The reason why email gets grouped in the important category is that its the hub for resetting all passwords.
Someone who makes a living off YouTube might consider it an important password while someone who doesn’t might find it not important. At the end of the day, what each person considers important will vary.
Why 2 Password Managers?
Why 2 password managers? It’s the same reason you would not carry your birth certificate, passport, physical social security card or any important thing around with you everywhere you go.
Some things are more important than others and we take steps to protect them.
Password Managers Are Only Secure When Locked
Another thing to keep in mind is that your password manager is only secure when it’s encrypted – and it’s only encrypted when you’ve locked it or closed the app.
Many password managers decrypt the entire vault so that you can log into websites and use the app. With this in mind do you really need all your passwords exposed in one location? Is it necessary for your banking password to be sitting next to your Twitter password?
So long as you use a computer you trust there is nothing to worry about. But it does ring the “what if” bells that make you think. While most people should not worry… you still feel like you need to do something.
This is not meant to scare you but to make you more aware of how password managers work. Only use a computer you own and never unlock your vault on a computer you don’t trust. Also, keep a good antivirus and your computer updated.
How Often Are You Using Your Important Passwords?
What helped convince me of the 2 password manager method is how often I’m using these important accounts.
We’re living in a time where it’s easier to use the banking app on your phone then it is to go to their website or even deal with a real person. With fingerprint readers and FaceID, it makes logging into your bank app almost too easy.
Combine that with using email apps and you don’t need the passwords to these important accounts that often.
Other things like retirement accounts are services you might check monthly if not yearly. Do you need the password to such an important account always on the ready?
What Two Password Managers Should You Use?
I say for your non-important passwords go with a cloud-based password manager like 1Password, Bitwarden, LastPass, Dashlane, or whatever you like.
For the important passwords use a local password manager like KeePassXC. Then store it on Dropbox or any private file sharing service you want. This way you can use it on your mobile device and do not have to ever open it on your desktop computer unless you really need to.
Make sure to back up the local password manager to a flash drive for the off chance of a ransomware attack or any other unforeseen issues in the future. Once a year backups should be fine, if every account has a unique password there is no need to change it unless you think it’s compromised.
2 Password Managers Is Too Complicated
If you feel using 2 password managers is too much then consider using one password manager for the everyday stuff and for the important stuff write them down and keep them in a safe.
It’s the same idea and pretty much “hack-proof.” The only thing that you should do is make sure every password is unique.
I usually don’t like recommending writing down passwords because people are more likely to reuse passwords but if you give every account a unique password I see no issue. Well, there is the fire or other natural disasters that could happen, but we’re starting to split hairs now.
There is also the option of peppering your important passwords as described here.
In the end, there is no wrong way to go about this. The simple fact that you’re even using a password manager puts you miles ahead of most people. And the fact you’ve found this article means you are taking your security to the extreme and will find something that suits your needs. Congrats on being awesome!
Other Options
There are many ways to go about this…
- Use two online password managers, one for the important accounts and the other for non-important accounts. With Bitwarden and LastPass offering free accounts this might be worth it to some. Just switch between the accounts you need.
- Use one password manager for all passwords and then let the web browser store the non-important passwords for you. Probably the simplest method for most people.
I am an expert in cybersecurity and password management, with a deep understanding of the intricacies involved in securing digital accounts. Over the years, I have actively engaged in research, implementation, and education within the realm of online security. My expertise is built on a foundation of staying abreast of the latest developments in the field, including emerging threats and best practices for safeguarding sensitive information.
Now, let's delve into the concepts discussed in the provided article on the "2 Password Manager Method":
1. The Two Password Manager Strategy: The article advocates for using two password managers - one for important accounts (e.g., banking, email) and another for less critical accounts. This separation is analogous to not carrying all essential documents with you at all times, emphasizing the importance of tiered security.
2. Importance of Email Accounts: The article categorizes email as an important password due to its role as a hub for resetting other passwords. This highlights the interconnected nature of online accounts and the need to secure pivotal access points.
3. Password Manager Security: The security of a password manager is emphasized when it is locked or closed. The article warns against exposing all passwords in one location, pointing out that some managers decrypt the entire vault for convenience. Trusting the device used for unlocking is paramount, and regular updates and antivirus protection are recommended.
4. Frequency of Using Important Passwords: The article highlights the diminishing frequency of using important passwords, especially with the ease of mobile apps and biometric authentication. This observation contributes to the argument for segregating passwords based on importance.
5. Recommended Password Managers: For non-important passwords, the article suggests using cloud-based password managers like 1Password, Bitwarden, LastPass, Dashlane, or others. For important passwords, a local password manager like KeePassXC is recommended, with the added suggestion to store it on secure file-sharing services.
6. Backing Up Important Passwords: To mitigate risks such as ransomware attacks, the article advises backing up the local password manager to a flash drive. It suggests annual backups if every account has a unique password.
7. Simplifying with One Password Manager: Acknowledging the perceived complexity of using two password managers, the article offers alternatives. One option is to use a single password manager for everyday accounts and physically write down and secure important passwords.
8. Other Options: The article explores additional strategies, such as using two online password managers, both with free accounts, or relying on a single password manager for all passwords and letting the web browser handle non-important ones.
In conclusion, the article provides a nuanced approach to password management, recognizing the diversity of user preferences and needs in securing their digital identities. The overarching message is to be proactive in security measures, tailoring approaches to individual preferences while emphasizing the importance of unique and secure passwords.
