Do I need a password manager software?

It's been awhile I am exploring my own needs and also do some researches on the internet to find out if I really need a VPN service.

During this period, I come to realize that I may need a password manager software more, than a VPN service.

This started from several months ago when I notice some of scams e-mail on my spam folder which mentioned old password I've used on some sites, several years ago, during my time on college.

You guessed it, the scam e-mail starts with kind of wordings:

 I do know, [PASSWORD REDACTED], is your password. You do not know me and you are probably thinking why you are getting this e mail, correct?

Though I do know such scam e-mail is really popular, I still wonder how those scammers got my old password.

Knowing your credentials were spilled out somewhere is annoying, isn't it?

After a bit of exploration, I remembered one of my employer suggested me to use one of his recommended password manager software.

I decide to give it a try on my MacBook.

It turns out that the password manager also offered me with a feature to scan for data breached when I inputed some of my e-mails I've used since the first day I got online.

Guess what?

It turned out there are five sites that's been hacked from 2013 till 2015 and my datas on those sites were breached.

Lucky for me, I did remember that I used that same old password mentioned on the scam e-mail I received.

Yes, that's it. Now I know how those scammers got my old password and e-mail.

The story, is most likely:

Either the hacker who cracked those five sites sent me those scam e-mail, claiming they had my password and asked me to pay them with bitcoin.

Or, the hacker who cracked those five sites leaked the information on the internet, and sell it online ( this is more likely, if they wanted the cash quickly )

And the buyers of those datas (which including my credentials), sent me those scam e-mail.

From such encounter, I do think that I need to be more careful when registering accounts.

There should be no more same password among sites I've registered.

And I achieved this with the help of my favourite password manager software.

Since I am a cautious person, I still think this more, trying to explore more, tracing more, and eventually trying to get more reasonings

What if the datas sent and received from my devices to the site's server I register, are being listened by third parties.

But hey, I always make sure all the sites I've registered until now always used https...but, is it secure enough? 

This was the point when I give a try of ProtonVPN service, two days ago.

They gave me 7 days trial of the highest plan available but I still have five days to decide whether to upgrade my subscription with them or just leave it on the free tier plan.

Now, let's go back to the story of how those five sites got hacked, and spilled out my credential.

Honestly, I don't really know the details how those five sites being hacked.

Four out of five were already using https protocol, when I checked them using my password manager software.

I am not sure  if they've had put their https up when I registered to them around 2008. or when they put on their https protocol

But if those sites with https are still vulnerable, isn't it a time for me to consider additional layer for protection by never have any same password among the sites you had registered?

I am lucky enough that the password being leaked to those scammers was the old password that I've never used anymore anywhere. 

But, this story do remind me to always do best practice: never used any same password on more than one site. 

And having to remember many different complicated passwords is just something I can't accomplish.

Isn't this is when the password manager software come in handy?

Is password manager software really safe?

Not really. I came up with my own strategy when using this password manager.

I don't completely give up all of my passwords to that software.

You should think creatively when doing such software.

Indeed, it's very cool software but there's no guarantee that their vault or server is invulnerable from being breached.

Do I need a password manager software?

Personally, due to myriad sites and apps I've registered on internet, I do need it.

I bet, in this digital age, there's a chance that you're just like me.

Again, never repeat a same password for more than one site. That's my best practice and it can be yours too. 

Why using a password manager?

I've explained it briefly on my story above, but here are the summaries:

  • It's easy to use the same password, the password that you can easily remember without writing it anywhere. But it's likely to be easy for others to guess it. This is not safe.
  • It's best to use a different, complicated, long password for each site you register but it's also the safest way to secure your credentials.
  • If you're a bit more of a care-free person, you can completely let the software to handle all of your passwords and just remember one master password for all of them.

Can it be trusted?

It depends on its developer.

As for best practice, I always tried to use "some strategies" when using it, and remain being cautious.

I never hand over all of my most important passwords to that software.

I only hand over some less important ones, and just make sure I never use any same password on more than one site anymore.

P.S I am not a security expert, and you should never treat the story above as an advice from expert. Always takes anything with some grains and salts.