Who is this for?

This article is for solopreneurs and small business owners with 10 (or fewer) employees or contractors who primarily sell digital products online. Many of the business owners we work with have customers, employees, and vendors who are located in different worldwide locations.

What is a Password Manager?

Password managers are centralized online repositories run by third-party companies where you can store all of your login information including usernames and passwords. You can even store credit card and passport numbers, if you want.

Why a Password Manager?

The chances are that you have many different software and applications that you or your employees use in the daily operation of you business. Each of these likely has a login that requires a username and password.

If you’re like most business owners, you are probably doing one of two things: 

#1 - Using the same password across multiple accounts with minor changes (“Password1!”, anyone?). This makes it trivially easy for cyber criminals to break in using a technique called credential stuffing. Which, with AI automation, has never been easier.  

#2 - Using multiple passwords that are either too weak or too hard to remember. Because a password is only worthwhile if you can remember it, most people will default to a weak but memorable passwords. These passwords can be cracked easily through a technique called a brute force attack.

Both of these options leave your business incredibly vulnerable to cyber criminals.

A password manager fixes both these problems.

A password manager is, by far, the easiest and safest way to maintain many strong passwords across dozens of sites and apps at the same time. It takes all the guesswork out of making strong passwords and remembering them later.

Once you set up an account with a password manager, you should only need to remember one strong master from now on. Using that master password to login into your manager, you will be able to create and access the rest of the passwords for any service or software you choose to store there (we recommend all of them). It will also both automatically create strong passwords and fill them in on websites for you. Just set up the password manager, install the phone app and browser extension, and the technology does the rest.

We do also recommend memorizing the password for the email that you use for login recovery. If there is ever a time you can't access your password manager, you will still be able to reset your other accounts and regain access without much disruption. This is an unlikely event, but just one additional "just in case" layer of protection.  

Is a Password Manager Secure?

All security is a trade-off, but this one is pretty clear. With so many websites and so many passwords it's impossible for most people to create and remember long and complex passwords for all sites. How many sites do you use in a month? 10? 20? Possibly many more! But it does mean you need to use a password manager that takes your security seriously. A good password manager has long patterns of trust, good communication, security audits, and transparency in how it operates. While you may be putting a lot of your trust into one place, it's much better than letting someone's AI script get into 4 or 5 of your accounts because the passwords are weak. It's a trade off, but the evidence is pretty clear on this one.

Which Password Manager Should I Use?

As of this writing, these are the reputable password managers that we trust the most. This isn't a specific endorsement of their services, and we don't get paid if you use them, but we use 1Password in our both professional and personal lives. However, any of these three are an excellent, secure choice. All three have earned trusted, communicated openly, and been audited by experts to verify their own security.

• BitWarden

• Dashlane

• 1Password

What Next?

When you have your password manager set up, we recommend writing down your master password, your recovery email password, and other business info you would need in the event of a cyber attack. You can use this free Recovery Cheat Sheet worksheet to store your passwords and recovery information (download for free here). When written down, we recommend storing your passwords in multiple safe locations. This includes a password protected cloud (such as Google Drive) as well as printing and putting in a lockbox. We keep ours in a firesafe right along with our social security cards and birth certificates.