As a developer, most of our work consists of reading and writing a bunch of text files that are then combined to build software. We generally keep these files in our GitHub/GitLab account, deploy the software on Amazon AWS, keep our plans on Trello, talk with other fellow devs on Discord, and share and gain knowledge in HashNode. It is very important to keep these accounts secure and use a Password Manager.
But why?
The number of accounts you have online generally increases every year, and alongside increases your password count. An effective password should be
Unique as in only used for a particular website or service.
Strong as in random and lengthy enough that it is infeasible to attempt to crack.
We, humans, can't remember so many strong passwords so we generally opt for one of these two options
Use a unique but simple password for each account we have. (ex. NeverGonnaGiveYouUp345)
Use the same or similar complicated password for all of our accounts.
Both of these approaches are infeasible. A simple password is easy to crack. On the other hand, it takes only one website with bad security practices such as storing raw passwords on their servers or using an insecure hashing algorithm like md5 to suffer a data breach and compromise your user data including the complex password that you use everywhere.
But if you use a password manager, it can generate unique and strong passwords for every account you have. These passwords will likely be even stronger than your current strong password.
Salting your important passwords
I hear you say. If your password manager gets hacked then you lose all your accounts. However, there's a way around that. The problem can be solved by adding some random stuff at the end of your passwords. For example, the password manager stores that the password for your Google account is "UYc9LD" but what you actually use to sign in is "UYc9LDig57" where "ig57" is your easy-to-remember salt. This way even in the event someone gains access to your password manager, they won't be able to log into your accounts as only you would have the salt.
Typosquatting protection
It is much easier to protect just your password manager and let it protect all of your other accounts and you from typosquatting as your password manager will only fill in your password when the URL of the website matches exactly the one that you used to sign up. Can you tell the difference between these?
The second link is the legitimate github.com whereas the first one is not. It is altered to have a character that looks like "i" but is not actually "i" and that takes you to a different site than GitHub (There is nothing on that link as of writing but someone could put a malicious GitHub clone on that site). Your eyes can be fooled but your password manager can't be, and would not autofill your GitHub credentials while on the wrong URL.
Write down your master password
It might seem counter-intuitive but it is a good idea to write down your email address, master password and 2FA backup codes for your password manager on a piece of paper and store it in a safe place in your home. Life is not a movie where some bad guys will break into your house to steal that paper. Even if someone does, they will most likely take your valuables like your TV and laptop rather than a piece of paper. It is better to keep a backup of this master password than to lose it and be locked out of your own accounts.
Conclusion
In this article, we talked about some of the many benefits you get from using a password manager. There are a lot of other use cases for a password manager. You could use your password manager as a secure vault to store your API Keys, you could also use it to manage the passwords for the elder people in your home as they are more likely to forget their passwords.