For years I’ve been campaigning in my family for everyone to use a password manager — and to stop using the same MickeyMouse123 everywhere (and honestly, that’s already a comparatively strong password by family standards). “We can’t remember complicated passwords,” they keep telling me. So I say: think of a long sentence with numbers and punctuation, then take the first letter of each word. There’s your secure password.
What I hear back: “But I can’t remember all those sentences. Can I just use the same password everywhere?” At that point I usually despair and circle back to the password manager we really, really need to install.
Simple in Theory — Maddening in Practice
I won’t even go into the virtues of password managers here. Just this much: they only work if the vault is stored somewhere safe and you actually remember the master password. So where should the vault live? I decided to keep ours in a private cloud on my own server. Everyone in the family has access.
Because we run different operating systems — PC, Mac, iOS, Linux, because of course we do — the choice fell on KeePass. Seemed straightforward. It wasn’t. And neither were 1Password or Bitwarden. Too many steps, too many concepts. My family quietly ignores every password manager I’ve set up. Why wouldn’t they? Nothing bad has happened. Yet.
Who Gets Your Passwords When You’re Gone?
Here’s the dark thought that nags at me with every password manager: what if I can’t open the vault anymore? Or worse — what if I’m killed in a car accident? How would my wife access any of my accounts? Maybe you should print a paper list and stick it in a bank safe deposit box. Maybe alongside a backup of all your data and photos. Fun dinner conversation, that one.
When I see the passwords schools hand out to students, I shudder. I think governments should provide secure cloud vaults for citizens and teach password hygiene in primary school — from Year One. Theory and practice. And password managers need to get dramatically simpler. Who’s going to build a better solution?
The Punchline
Yesterday my daughter couldn’t log into her school account. Wrong password, even though she was sure she had it right. Brief panic. We reset the password and chose a proper secure one using her password manager. I’m curious how long it’ll take before she comes to me asking for the master password to her password manager. Luckily, I’ve got it saved in mine.
First published in German at reinergaertner.de, where I’ve been at it since 1997. AI did the heavy lifting on the translation. I did the heavy squinting at the result.