A master password is a password that is used to lock the password manager. This is the only one that the Internet user must memorize at all costs.
What is a master password?
Do you doubtless know the formidable inscription which appears on the One Ring, in The Lord of the Rings : “ One Ring to rule them all. A Ring to find them. One Ring to bring them all. And in the darkness, bind them. » A master password somewhat shares this description of the One Ring.
However, no darkness here, but a manager whose mission is to securely store all the access codes that you want to entrust to him, so that you no longer have to remember them yourself. In this context, the role of the master password is to govern the other passwords, (re)find them, bring them to the Internet user and link them to the application.
To be clearer, the master password is the password used to open the manager to read its contents. It therefore has an eminently strategic role, since it is through it that you will access all your other passwords. When you unlock your vault, it can fill out the fields required to log in for you.
The advantage of the master password, and through it a manager, is that it saves you the task of memorizing all your combinations. You only have to remember the main code, the rest is up to your tool. You can therefore choose very long and complex passwords, without having to bother remembering them. The only one that matters is the central sesame.
How to choose your master password?
The rule that should guide your choice is this: it should be easy to remember, but difficult to guess. You definitely don’t want a master password that will give you a hard time. You also don’t want anyone to be able to find it with social engineering, because you combined “your child’s name + year of birth”.
For the rest, the current instructions regarding digital hygiene apply to the master password: it must contain sufficiently varied characters (letters, numbers, symbols), and in a large enough number, so that it cannot be broken too easily, nor guessed. It’s also best to refrain from including things that relate to you, like a date.
Above all, it is recommended to make the master password a 100% unique password. Don’t choose one that you already use somewhere on the net. It should only exist in your head and through the handler, when you activate it. A good manager is a manager who won’t hold it back, by the way. This will be your only task to complete.
For example, you should opt for a master password having at least fifteen characters, mixing all the symbols mentioned above, including lowercase and uppercase letters. We avoid sequences (“123”), repetitions (“111”), personal data or information that can be linked to you.
Why is it important?
The master password is like the key to the safe. If someone gets hold of it, its contents are exposed. In the case of the manager, the security of it and, through it, of all the accounts you have registered in it, depends on the strength of the master password. This sesame therefore occupies a very sensitive place. The greatest attention is required.
You must keep it secure, out of sight of anyone, since the manager’s job is to centralize everything. It goes without saying that it’s best not to write it down on a loose sheet of paper, on a post-it note, or anywhere else — including a note-taking app. Unless, possibly, you deposit said memo at the bank, in a safe. Why not.
Can we change the master password?
Managers generally offer the ability to change your master password — which is convenient in the event that the previous one is compromised. That said, you must be careful to memorize the new password carefully. The manager won’t do it for you. It must also meet current cyber hygiene requirements.
Another point to remember: changing the master password can result in a general de-authentication of all your devices that were previously linked to your manager. This could include your PC, your tablet, your phone, at home or in the office, for example. It will therefore be necessary, for each of them, to reconnect and validate the device with a specific code.
What to do if you forget your master password?
This scenario better not happen. If it ever occurs, it is in your best interest to have previously configured a recovery method. The process may vary from one manager to another. This could be a recovery key or a biometric identification, via the smartphone (if it has been connected to your manager before).
Password managers are not supposed to retain the master password. Therefore, they will not be able to help you find it. If an account reset option exists, you should be careful about what this may imply. Resetting may lead to deletion of all data saved in the manager.
The specifics may vary from one solution to another and you should carefully read the instructions and documentation for the service on which you are using the master password. The inability to reset the master password also explains why you should not choose yours lightly. We said it. It should be difficult to find, but above all easy to memorize.
If you liked this article, you will like the following: don’t miss them by subscribing to Numerama on Google News.