E-mail account, social media profiles, online banking, random travel, gaming apps. Do you feel like you’re creating a new account every single day? Yeah, me too.
All of these new accounts come with a big problem, though. How the hell do you keep track of them?
With data breaches on the rise, using the same password everywhere is a huge risk. It’s vital to create unique, complex passwords for every service you use, but that comes with its own set of issues.
Trying to remember dozens of individual passwords and where you used them all is almost impossible. So what should you do instead? Write them down in a notebook? Keep them in a text document on your computer? Just wing it, and hope you don’t forget which password you used where?
The answer is: none of the above. They’re all terrible options that risk your account information falling into the wrong hands, or locking yourself out of important services right when you need them.
No, it’s time to start using a password manager.
What Are Password Managers?
Put simply, password managers are local and/or online services that store login details for the websites, apps, and other services you use in a secure, encrypted form.
The only password you need to remember is the one for the password manager itself. Once you’ve entered it, your password “vault” is unlocked, and you can log into any site or app, typically with a single click or tap.
All of the main ones work on Windows, macOS, Android, iOS, and most browsers. Linux is usually supported as well, but it’s worth checking the details if you’re running a less-common operating system or browser.
Setting up a password manager takes a bit of effort, but it’s nothing compared to dealing with the fallout from a data breach. If you use the same email address and password on multiple sites, a breach in one place leaves you exposed everywhere else.
Not having to remember all those passwords makes proper security much easier to achieve. Here’s what you need to know.
Benefits of Having a Password Manager
- No more lost passwords! There’s no more fumbling around for login info, locking yourself out of accounts, or dealing with text messages and e-mails to recover the details.
- The best passwords are long, complicated, and very hard to guess. As a result, they’re hard to come up with and even harder to remember. Password managers can generate and save these types of passwords automatically.
- Some password managers can keep an eye on your e-mail addresses, and notify you straight away if they appear in any data breaches.
Are There Any Risks?
Password managers, as you’d imagine, are designed to be extremely secure. Most popular versions, including LastPass, Dashlane, and 1Password below, use an approach known as “zero-knowledge.”
This type of service strongly encrypts the user’s master password using a key stored on the local device. As a result, the services themselves have “zero knowledge” of the passwords, and can’t decrypt them even if they want to.
Like any online tool, though, there’s still some inherent risk of security breaches or data loss. Given the zero-knowledge approach, master passwords shouldn’t be compromised, but other sensitive info might.
This was the case in the LastPass data breach of 2015. Master passwords and password vaults didn’t appear to be compromised, but hackers managed to get hold of users’ e-mail addresses and password reminders.
Armed with this info, hackers could devise targeted attacks on specific individuals. Overall, the security risk is still significantly lower than not using strong, unique passwords everywhere, but it’s something to bear in mind.
Another risk, this one specific to travelers, is the fact that all passwords are stored in one place. If you’re forced to give access to anybody, they’ve potentially got full access to all of your login details and the services they provide access to.
This is troublesome when crossing borders, including coming into the US, Australia, New Zealand, and other countries that are now demanding greater access to electronic devices. New Zealand even goes so far as to threaten fines and imprisonment for not unlocking your devices when asked.
In response, some password managers such as 1Password have introduced a specific travel mode. Once enabled, this mode removes any password vault not previously marked as “safe” from the app. As a result, you won’t be able to access any of those accounts even if you’re compelled to, and neither will anyone else.
For other password managers without a travel mode, considering deleting the password manager app and browser extension from your devices before crossing a border you’re worried about, at least until you’re safely in your hotel
Which Password Manager to Choose?
LastPass is a giant of the password manager space, and it’s easy to see why. Up until early 2021, no other service offered such rich features in its free version: password generation, one-to-one sharing of notes and login details, regular password quality tests, unlimited password storage, and more.
For most people, these free features were more than enough. Apparently that was a problem for the company, as a few months after it was sold to private equity firms, it announced a significant change. From early 2021, you could only use the free version on one type of device: mobile or desktop.
To use it across device types (which most people want to do) requires upgrading to the Premium version. That costs $36/year, with a small discount for the first year. As well as returning the multi-device ability, premium provides 1GB storage, credential storage for desktop apps, advanced two-factor authentication options, emergency access, and one-to-many sharing.
It’s still a strong password management app, but the move to cripple the free version made it less attractive than it once was. Needing to pay to get basic functionality puts it into more direct competition with alternatives like Dashlane, and 1Password (below), which offer more features at similar prices.
As mentioned, LastPass has had security issues in the past but handled them well, notifying users quickly with concrete advice on what to do. As far as anyone knows, password vaults themselves have never been breached.
A free, open-source password manager, Bitwarden has offered strong protection, excellent device compatibility, and a straightforward interface for several years. It’s also been publicly audited by an independent security firm, a refreshing approach that helps provide confidence in the quality of its code.
Available as an extension for almost any browser you can think of, a desktop app for Windows, macOS, and Linux, an Android or iOS app, and even a command line tool for power users, it’s one of the most flexible options on the market.
All of the usual features like cross-device compatibility, secure password generation, and storage of non-password information (like credit card numbers and secure notes) is included in the free product. Your data is secured with AES-CBC 256 encryption, and you can host your vault on your own network rather than Bitwarden’s cloud if you prefer.
For $10/year, you gain access to features like secure file transfer, two-factor authentication via Bitwarden’s own app, Yubikey, or other hardware devices, emergency access, 1GB of encrypted file storage, and more. A family plan costs $40/year, letting you share your vault with up to six people. Business plans are also available.
In short, if you’re looking for a free password manager that’s easy to use and includes all of the basic features you need, check out Bitwarden.
A fairly recent addition to the market, Dashlane has grown rapidly. The free version’s features are more limited than LastPass, but covers the basics with storage of up to 50 passwords, a secure password generator, browser extensions, and security alerts.
For $39.99, the Premium version upgrades your account in several ways. You’ll be able to sync across multiple devices, use a simple but effective VPN, store unlimited numbers of passwords, get access to the system’s “dark web” monitoring service for early notification of data breaches, and more.
Throw in a sleek and intuitive interface, and Dashlane’s premium version in particular makes for an excellent password manager.
1Password is one of the pioneers of the password management world, and we reviewed it all the way back in 2013. The service is just as useful these days, with a straightforward interface, robust support, multi-device sync, and 1GB of storage.
The service has a wide range of syncing options available. As well as 1Password’s own services, you can also sync via Dropbox, iCloud, or even your own internal network if you don’t want your password vault anywhere on the internet, even in encrypted form.
As mentioned, 1Password’s “travel mode” lets you quickly remove sensitive account details before crossing borders, or other situations where you’re at risk of having your devices searched by the authorities.
There’s no free version of the service, however. If you like the look of it, you’ll have to pony up a minimum of $2.99 per month for an individual plan, or $4.99/month for the Family plan (up to five users).
The Business plan costs $7.99/month per user, but includes 5GB storage and VIP support, so if you’re looking for a password manager for your company, 1Password is highly recommended.
My First-Hand Experience
For a long time, I was as bad as anyone else when it came to managing my accounts. Finally getting sick of being locked out, and realizing that using variations of the same three passwords everywhere wasn’t the brightest idea I’ve ever had, it was time for a better approach.
I considered all of the password managers mentioned above and realized they’d likely all meet my needs pretty well. In the end I decided to try out Dashlane, simply because I got a promo code to try its premium subscription for free.
Fast-forward three months, and I honestly have no idea how I managed beforehand. Well, I do, I guess: by not having very secure passwords. Keeping track of subscriptions, membership details (such as frequent flyer numbers, which I’ve always struggled with in the past,) and passwords is now a breeze.
I’ve already changed every single one of the passwords I regularly use to secure, unique versions that I don’t need to memorize. Every online service also gets its own complex password, as do mobile apps, since Dashlane seamlessly syncs between my iPhone and my laptop in real-time.
I’ve also checked all my email addresses for breaches, including old ones I haven’t used in years, and regularly use the VPN when connecting to public networks, both on my laptop and smartphone.
When it comes to convenience, security, and freed-up brain cells, I’m now a total convert to using a password manager. Maybe it’s time you did the same?
Images via Ervin Strauhmanis (feature photo), Christiaan Colen (coding), Book Catalog (smartphone), Dashlane (password dashboard), 1Password (laptop).
Canada Border Services seizes lawyer’s phone, laptop for not sharing passwords (https://ca.news.yahoo.com/canada-border-services-seizes-lawyers-080000577.html).
I guess we can add Canada to the list. 🙁
Have you compared using Apple keychain with password managers?
We haven’t, no. It’d be a reasonable option if you don’t share stored accounts/notes with anybody else and only use Apple devices. All of the dedicated apps above have more features and greater compatibility, though, even the free one (Bitwarden).