Keeping your password secure and unique can be a challenging process, whether you're using variations of the same password or using the same password across multiple platforms.
A password manager is like a vault. You put your valuables into a box and secure it with a single lock. Password managers use this same logic. With passwords becoming more and more complex, requiring symbols, numbers, and being relatively long.
How do you remember a password like this?
These types of passwords are generated for you with the intention of being secure and hard to remember by introducing symbols, letters and varations of numbers and captialisations. This would be considered a strong password. Remembering a more simple password like this:
Easy right, well this password doesn't meet today's security standards. This is the most commonly used password because it's simple. No matter how complex or simple you make your password please do not use the same password across multiple services.
Lets upgrade this password to make it more secure. Add symbols, make it longer and avoid using common phrases or arrays of numbers like 123 or Password. By adding symbols and variations of captilisations this password can be upgraded to the following to make it a bit more secure:
While this may be easy to do for a couple of passwords, a password manager can automate the process for you. It can generate strong, unique passwords for each site automatically. The only thing you need to remember is the key to your vault: a single password that grants you access to all of your stored passwords.
Breaches occur regularly, and it's important to not only check for yourself but also be notified when they happen. A popular, free service you can use is HaveIBeenPwned. This website, maintained by Australian security expert Troy Hunt, allows you to enter your email address and see if it has been associated with any breaches. In the event that you find something, head over to the service and update your password.
There are a variety of password managers available, both free and paid. I will share some of my recommendations based on my own experience and research.
One of the best free password managers you can use is Bitwarden. While it does offer paid plans that increase the options and features, the free plan is sufficient for most users.
Some notable features of Bitwarden include:
- Open source
- Free to use
- Unlimited devices and works cross-platform with device syncing
It has everything you need in a standard password manager, and it works natively on all devices. It is considered to be one of the top contenders for having all the features you need.
For those who need more features, Bitwarden offers paid plans that add a few more features for both individual users and team environments. These plans include:
- Support for multiple users
- Support for Yubikey and security keys
- Vault scanning and health monitoring
For more information, visit the Bitwarden website at https://bitwarden.com It's worth noting that when it comes to security and privacy, using open-source software is a good idea because it allows you to verify the code and ensure that there are no backdoors or malicious code.
Keepass is a great self-hosted solution for password managers, as it allows you to keep all of your data in your own hands. However, it might be a bit tricky for the average user as it requires a lot of configuration and your own hardware to host.
Like Bitwarden, Keepass is also open-source. This allows for an open approach to ensuring that the application does what it's supposed to do, with the backing from developers worldwide.
Keepass is a very secure password manager, it uses AES and Twofish encryption algorithms to protect your database and it's database format is open, so you can access your password from other password manager software. It also supports password groups, which allows you to organize your passwords and search for them easily.
Keep in mind that self-hosting your password manager does come with some responsibilities, such as keeping the software updated, maintaining a backup of your data and making sure your server is secure.
For more information on Keepass, visit the website at https://keepass.info/
Browser / OS
Quick and simple solutions when it comes to browser-based solutions are password managers that run entirely in the browser environment. You'll often notice that you'll be asked to save the password into the browser so it auto-fills the next time you visit. This is a password manager. While it may not be the most secure or accessible in cross-platform environments, it works well.
When considering other password management options, it's important to keep in mind that many popular browsers, such as Chrome, offer built-in password saving features. These features, such as Keychain on Apple devices or Google account-based password saving on Chrome, can be convenient and easy to use, but they may not provide the same level of security as a dedicated password manager.
Additionally, while browser-based password managers are simple to use, they are not as portable as a standalone software, which allows you to use the same password manager on multiple devices.
If you choose to use a browser-based password manager, it's important to take extra precautions to ensure the security of your stored passwords, such as using a strong master password and enabling two-factor authentication.
For more information on browser-based password managers, you can visit the Google password manager website: https://passwords.google.com/
These are all paid services and they work well, often coming with a lot of other features that could be useful, such as VPNs or use in corporate environments.
It's important to note that when considering paid solutions, it's essential to review each plan to ensure you are getting the best value for your money. Some of the top paid solutions include:
Dashlane offers a free trial for 14 days, providing a basic level of password management. The starter plan offers some helpful features such as the ability to track for stolen content on the Dark Web. This service scans the dark web for breaches that might have exposed your credentials, giving you a report if anything matches.
Notable features of Dashlane's starter plan include:
- Dark Web Scanning
- Audit Logs
- Unlimited devices
- Password Health Monitoring
For those who need more advanced features, Dashlane offers higher-tiered plans that include additional features such as a Virtual Private Network (VPN) solution. This offers an extra layer of security for your password manager, helping to protect your online activities from hackers and prying eyes.
To learn more about Dashlane and its features, you can visit the website at https://www.dashlane.com It's worth noting that, when it comes to security and privacy, using a password manager that has dark-web scanning feature is a good idea because it allows you to monitor your credentials and be alerted if they appear on the dark-web.
NordPass offers a very limited and basic free plan that comes bundled with a 30-day free trial of the premium version. The main difference between the paid and free plans is that the free tier offers only the basics of a password manager, while the paid tiers offer additional features such as:
- Sharing items with people you trust
- Emergency vault access - the ability to assign an email or user to have access to your vault in case of being locked out
- Dark web scanning
- Password health monitoring
It's worth noting that you may not need all of these features, and the free tier may be enough to meet your needs. However, it's worth considering the features that are important to you when comparing plans. One thing to consider is that the free plan only supports 6 logged-in devices, which might be enough for some users, but exceeding this amount will log you out.
To learn more about NordPass and its features, you can visit the website at https://nordpass.com/
1Password offers a free trial for its premium plan. This solution is well-designed and works on all your devices, including desktop and mobile. 1Password offers unlimited devices and features a unique feature called "Travel Mode", which can remove sensitive data from your device when traveling, ensuring that your passwords and accounts don't get compromised while on the go. It also allows for a one-click restore solution when returning.
Some notable features of the baseline premium plan include:
- Digital Wallet, securely store credit cards
- 24/7 email support
- Unlimited devices
- Password Health (Watchtower)
1Password is well-integrated into the Apple ecosystem in terms of design and accessibility. It's a great choice with limited features compared to other solutions.
To learn more about 1Password and its features, you can visit the website at https://1password.com
Most password managers use some form of encryption, and AES-256 bit is considered the standard and most secure. This should be your baseline when choosing a password manager.
It is also important to consider how each company responds to threats and breaches. Smaller solutions may not have the same level of security as larger, well-established companies. It's worth researching and reading reviews to understand a company's track record in terms of security and how they handle potential breaches.
Another important thing to consider is how user-friendly the password manager is, this can be an important factor when choosing which password manager to use. It's also important to ensure that the password manager is compatible with your devices, as different password managers have different compatibility options.
Overall, it's essential to do your research and carefully consider all options before choosing a password manager that meets your needs and provides adequate security for your sensitive data.
The numerous breaches and questionable security practices of LastPass have led me to not recommend this software to anyone. Following any guidance from "Password Managers of 2023" articles that recommend this software shows that they have not done proper research. If you're currently using or planning to use this software, I strongly recommend switching to Bitwarden as a safer alternative.
For team environments, good choices would be Dashlane or Bitwarden.
LastPass has been around for a long time, and while I used to use this software, the recent shift in their free-to-use model, which essentially strips down device support, shows that they do not care about the average user. The software has been rapidly degrading over the years by focusing on profit over user experience and security. This is evident in their practices regarding handling user data and their attempts to combat breaches or security issues.
If you are currently using LastPass, I advise you to change all your passwords immediately.
For more information, you can read the following articles:
Software bundled with other services for free, such as password managers provided by popular software that you might already have installed on your system, can be a good choice to make the most out of paid software as it's bundled. However, it's important to note that there are better solutions that can work better with your devices in terms of security, performance, and overall design. It's worth investigating and comparing different options before making a decision.
Some anti-virus software providers, such as Norton or McAfee, might include a password manager as a feature in their software package.
Some VPN providers, such as ExpressVPN, might include a password manager as a feature in their software package.
Some internet security suites, such as Kaspersky Internet Security or Norton Internet Security, might include a password manager as a feature in their software package.
Some browser extension, such as Avast Online Security, might include a password manager as a feature.
It is worth noting that just because a password manager is included as a bundled feature, it does not mean it is not a good solution, but it is important to evaluate the feature and compare it with other options available in the market.