Aside from using a password generator to create strong passwords, it is also strongly advised that people avoid using the same password for all of their accounts, to prevent all of them from being intruded into in case one is compromised. Unfortunately, it becomes an issue of security VS usability if a person has to juggle anywhere between 5 to 20(!) different passwords for all of his accounts. Add the fact that a safe password would require him to use lengthy words that are not easy to memorize means that the chances of him forgetting several are very large.
In the past, people have tried to prevent this problem by writing down their passwords. However, this creates another level of security risk. It is a lot easier for a written password to be misplaced and to fall in the wrong hands than it is for a hacker to crack a username’s password. A hacker would need extensive technical skills to accomplish his task, while stealing a written password would only require an individual to be at the right place at the right time.
Nowadays, people avoid this problem by using password managers. In the simplest of terms, password managers act as virtual wallets for all of your accounts and usernames, which can help you organize all of your passwords. Some of them also work as automatic form fillers, which also adds the security of removing the need to type out your password every single time.
One of the touted advantages of a password manager is that it helps protect users against Phishing to a certain extent. The reason for this is that password managers use automated login scripts and will not be fooled by websites that look similar to the site that is being compromised.
Password managers that act as automated form fillers can also provide a certain measure of protection against keyloggers, since they don’t need an entry from the keyboard, there is nothing for the keylogger to intercept. Unfortunately, this will only work if the password manager was already in effect before the keylogger is used. And another issue with this is that different websites have different security measures, so it becomes a matter of whether your password manager supports a certain site’s login page. The recent popularity of “capcha code” systems greatly lessens the usefulness of many password managers.
Another issue with password managers is that having a central focal point for all of your account means that there is only one account that a malicious individual should compromise to obtain access to several. Luckily, this is also a positive aspect, since this allows a person to maintain several different accounts, each with their own set of strong passwords and usernames, while at the same time, he only needs to remember and protect one password and username – the one for the password manager. Ideally, this password manager should have a very strong password, which is usually problematic if you have to maintain several, but now that you can focus on one, the security VS usability issue wouldn’t be so burdensome