Using password managers

I don’t know about you, but I have dozens of usernames and passwords that I use fairly regularly. There’s just no way I can remember them all. And my monitor isn’t big enough to handle all the yellow sticky notes they’d demand.

That’s where a password manager comes in. A password manager keeps track of all your online passwords. It can generate truly random passwords with the click of a button. Most of all, it remembers the username and password necessary to log in to a specific website.

Every time I go to www.ebay.com, for example, my password manager fills in my username and password. Amazon, too. Facebook. Twitter. My bank. Stock brokerage house. I have to remember the one password for the password manager, but after that, everything else gets filled in automatically. It’s a huge timesaver.

A password manager won’t log into Windows for you, and it won’t remember the passwords on documents or spreadsheets. But it does keep track of every online password and autocompletes the passwords you need with no hassle.

My recommendations

Many password management services are available, including ones built into web browsers such as Chrome, Edge, Opera, and Firefox. However, I like and trust two more than others.

The big difference between them? One was originally designed to run on a USB drive; the other has always been in the cloud, which is to say, on the internet:

• RoboForm initially could store passwords on your hard drive or on a USB drive. However, this capability has been retired from recent versions and now this service is based in the cloud, works with all major web browsers, and has simple tools for synchronizing passwords.
• Bitwarden, which stores passwords on its website, uses an encryption technique (AES-256) that guarantees your passwords won’t get stolen or cracked. One cool aspect is that it’s an open-source platform and its source code, features, and infrastructure security are vetted and improved by a global community.

Which one is better? It depends on how you use your computer.

If you always use the same computer, you may want the free plan offered by RoboForm. However, if you use many devices and you want password management on all, a solution like Bitwarden is better. Opinions run all over the place, but I prefer the interface of Bitwarden to that of RoboForm Everywhere. You should feel comfortable using either one.

Rockin’ RoboForm

The RoboForm app (www.roboform.com/) has all the features you need in a password manager. It manages your passwords with excellent recognition of websites, automatically filling in your login details. But it will also generate random passwords for you, if you like, and fill in forms on the web.

RoboForm stores all its data in AES-256 encrypted format too. If somebody steals your RoboForm database, you needn’t worry. Without the master key — which only you have — the entire database is gibberish.

RoboForm has versions for Windows, Mac, Linux, iPhone, iPad, and Android smartphones and tablets. There’s a free plan for one computer or device, and paid plans that cover all your devices. There’s even a family plan that helps save some money. You can also enjoy a 30-day trial version of RoboForm Everywhere, so that you can make an informed decision before buying. A yearly plan costs $23.88.

RoboForm can read the passwords from any web browser and migrate them over to your RoboForm account, as shown in Figure 4-3.

Liking Bitwarden

Bitwarden (https://bitwarden.com/) stores everything in the cloud on its company servers. Like RoboForm, Bitwarden keeps track of your user IDs, passwords, automatic form-filling information (think name, address, phone, credit card number), and other settings, and offers them to you with a click.

Using Bitwarden can’t be simpler. Download and install it, and it’ll appear with a blue and white icon in the upper-right corner of your browser (see Figure 4-4).

You don’t really need to do anything. Bitwarden will prompt you for the master password when you start using your browser. If Bitwarden is turned off, its icon displays a red dot. Click or tap it, provide the master password, and the Bitwarden icon removes the red dot, a sign that it’s ready to roll.

When you go to a site that requires a username and password, if Bitwarden recognizes the site, it fills them both in for you. If it doesn’t recognize the site, you fill in the blanks and click, and Bitwarden remembers the credentials for the next time you surf this way.

Form filling works similarly.

You can maintain two (or more) separate usernames and passwords for any specific site — for example, if you log in to a banking site with two different accounts. If Bitwarden has more than one set of credentials stored for a specific site, it takes its best guess as to which one you want but then gives you the option of using one of the others. In Figure 4-4, I have three separate credentials for the site — that’s why the Bitwarden icon has a 3.

Any time you want to look at the usernames and passwords that Bitwarden has squirreled away, click or tap the Bitwarden icon. You have a chance to look at your Vault — which is your password database — or look up recently used passwords and much more. You can even keep encrypted notes to yourself.

The way Bitwarden handles your data is clever: All your passwords are encrypted using AES-256. They’re encrypted and decrypted on your PC. Only you have the master password. So if the data is pilfered off the Bitwarden servers or somebody is sniffing your online communication, all the interlopers get is a bunch of useless bits.

You can also store secure notes, form-filling information such as your credit card information and address, and other data in Bitwarden.

One last cool bit is that, unlike RoboForm, Bitwarden hasn’t phased out its portable USB app. On its download page, you can still find a Portable App for Flash Drives that you can use.

Bitwarden is free for individual use, and it works on all major PC and mobile platforms. If you want some advanced features, such as sharing passwords with others, two-step authentication, or priority support, you need the Premium edition, which costs $10 a year.

What’s a VPN?

You may have heard of VPN but figured it was just too difficult for regular Windows users to hook together. Big companies have VPN, but they also have experts to keep them running. Ends up that we little guys have good choices now, too.

VPN started as a way for big companies to securely connect PCs over the regular phone network. It used to take lots of specialty hardware, but if you worked for a bank and had to get into the bank’s main computers from a laptop in another country, VPN was the only choice. Times have changed. Now you can get free or low-cost VPN connections that don’t require any special hardware on your end, and they work surprisingly well.

When you set up a VPN connection with a server, you create a secure tunnel between your PC and the server. The tunnel encrypts all the data flowing between your PC and the server, provides integrity checks so no data gets scrambled, and continuously looks to make sure no other computer has taken over the connection.

VPNs prevent sidejacking because the connection between your PC and the wireless access point runs inside the tunnel: Firesheep or any other sniffer can see the data going by, but can’t decipher what it means. VPNs do much more than simply foil Firesheep attacks: They provide complete end-to-end security, so nobody — not even your internet service provider — can snoop on your communication, or look to see if you’re using a service such as BitTorrent. If you’re traveling in a country subject to governmental eavesdropping, VPN is necessary. However, keep in mind that some countries, such as Russia, China, and Turkey, have banned people from using state-unapproved VPN services.

With a VPN, data goes into the tunnel from your PC, out of the tunnel at the VPN server, then to whatever location you’re accessing, back into the VPN server, and out at your PC. A remarkably effective cloaking device hides your data everywhere in between. The people running the VPN server can match you up with your data stream, but nobody else can.

Setting up a VPN in Windows 11

You can set up your wireless router to work as a VPN server and connect to it from anywhere on the internet so that you remain protected. Or maybe your workplace has set up a VPN server for you to connect to directly from Windows, so it’s easier to access the company’s apps and internal websites. No matter the situation you’re in, all you need is the domain name or the IP address of the VPN server, a username, and a password, and you can connect to that VPN server directly from Windows.

Here’s how to add a VPN to Windows 11 and how to connect to it:

1. Click or tap the Start icon and then the Settings icon (or press Windows+I).

2. In the Settings app, choose Network & Internet on the left, and then click or tap VPN on the right.

   The VPN settings appear, as shown in Figure 4-5.

   

3. Click or tap the Add VPN button.

   The Add a VPN Connection dialog opens, as shown in Figure 4-6.

4. Under VPN Provider, choose Windows (Built-In).
5. Enter a descriptive name for your VPN connection.
6. Type the IP address or the name of the VPN server (something like vpnserver.dummies.com).
7. Choose the VPN type and then type the user name and password.

8. Don’t forget to check the box for “Remember My Sign-In Info” and click or tap Save.

   The VPN connection is added below the Add VPN button.

9. Click or tap the Connect button next to the VPN connection.

   If your internet connection and the VPN server are working, you should be connected in a matter of seconds.

Which paid VPN services should you consider?

If you want a VPN that offers useful features such as no logs of your activities, super-strong encryption, and the option to unlock services you don’t normally have access to (like watching Netflix and its entire USA portfolio, using your computer from UK, Italy, or some other country), consider the following paid services:

• NordVPN (https://nordvpn.com/): This is one of the fastest and best-rated VPN services on the internet. It offers a strict no-logs policy, and easy-to-use VPN apps for all platforms, including Windows.
• CyberGhost (www.cyberghostvpn.com): Another fast service, CyberGhost also blocks ads while you browse the web. One aspect that makes it stand out from other VPN services is that it has the largest server network. See Figure 4-7.
• Surfshark (https://surfshark.com/): Alongside its no-logs policy and easy-to-use apps, it also includes an antivirus engine that protects you while connected to its VPN servers.

All these services have free trials, so you can try them out before subscribing. Also, if you don’t like the current price, subscribe to their e-mail newsletter. In a few weeks, you’re sure to receive an email with a discount offer. The competition is tough between VPN services, so discounts occur frequently.