Do you have three or four passwords that you recycle across all of your websites? Uh oh, that’s asking for trouble. At the rate data breaches happen these days, there’s a decent chance someone already has your password.
Even if you haven’t yet been compromised, better safe than sorry. It’s time to use a password manager. Not only will this make your online accounts more secure, but it will make them easier to manage. The question is, which type should you use, and which are the most secure?
1. Offline Password Managers
A password manager app running on your PC has to save your passwords somewhere. One approach is to place that information in a single file on your computer. Since this file contains very sensitive data, any decent password manager will be sure to encrypt the file.
Encrypted data is not uncrackable, but it’s a difficult task for most people to undertake. Plus it takes a really long time. Most thieves won’t bother going through the effort. Even police departments and government agencies can find the task daunting. But with enough time and will, there’s a way.
So while your data isn’t impenetrable, it’s likely safe unless you do something to make yourself a target that’s worth the effort.
How do you get to your data? The simplest approach is a master password. Your password manager will ask you to create a password that’s needed to decrypt the file, which may be known as a vault or a database, that contains all of your other passwords.
You can make the vault harder to break into by requiring a key, which is a file that exists somewhere hidden on your computer or on a separate device such as a USB stick.
- Provide the most control and flexibility
- Only you know where you store your data
- Can require more technical knowledge
- Least suited for multiple devices
When you keep all your passwords in one place, you create what security professionals refer to as a single point of failure. If you store all of your cash in one vault, someone only needs to target one place to walk away with your entire fortune. If you store your passwords in more than one file, then that increases the amount of work it takes to access all of your data.
You can make the job even more frustrating by encrypting and storing each password in its own file. You can do so using the Pass password manager.
Offline password managers tend to be free to use. Some may have features that require an additional payment. Enpass is the only option below that does.
Download: Keypass (Free)
Download: Password Safe (Free)
Download: Enpass (Free, in-app transactions)
Download: Pass (Free)
2. Online Password Managers
Password managers have been around for a long time, but the way we get online has changed in the past decade. Many of us no longer have one primary computer that we always use for the internet. Now we have numerous devices. We’re as likely to sign into our bank account from a phone as from a laptop.
With multiple devices, a password manager can pose a challenge. If your passphrases are all stored on one computer and randomly generated, you can neither access them on another device nor remember them to type in manually. In some cases you can sync your passwords, but you may be out of luck if a compatible mobile app doesn’t exist.
Enter online password managers. These services store your credentials online, where you can access them from more than one device.
Internet-based password managers come with one big vulnerability. Your passwords to everything are now available online. If someone can get access to that data, they can impersonate you, take control of your accounts, and steal both your money and your identity. It’s about as bad as someone getting their hands on your house keys, your wallet, and your social security card.
To reduce the risk, services encrypt the passwords on your device first before uploading the data online. But the services don’t all handle protecting that data the same way. Do they have the ability to reset your master password if you forget it? How do they handle security questions?
For convenience, it’s great for the site to be able to help you regain access to your data. But if the people working at the company are able to do so, that means options are available for an intruder to do so as well. These companies also often add extra features to entice users that can ultimately put your data at greater risk, such as automatically signing into sites.
- Most simple to use
- Syncing is automatic
- Supports the widest number of devices
- Your data is stored online
- Some convenience features make you less secure
- Many features cost money
Online password managers are the most commercial. While many are free to use, they usually reserve certain features for paid subscriptions. Some services require a subscription to use at all.
Download: LastPass (Free)
Download: Bitwarden (Free)
Download: Dashlane (Free)
Download: 1Password (Free trial, subscription required)
3. Stateless Password Managers
Even with encryption, using either of the above methods means creating a record of your passwords that didn’t previously exist. This isn’t the only risk you may take with a password manager, either. Such factors can make the idea of using a password manager particularly off-putting.
But there are password managers out there that don’t keep encrypted copies of your passwords lying around. Instead, they generate passwords based on simple, easy to remember variables. One common approach is to create a password using a combination of your master password and a website’s name.
Every time you enter this information, you get the same password.
Even if a hacker knows which program you use and the underlying algorithm, they still need your master password, the website name, and the length of the password in order to replicate your security key. On the other hand, if someone cracks one account and figures out your master password, it’s possible for them to work out all of your others without needing to crack into any sort of vault.
- No password vault to protect
- No need to sync data
- No way to note websites with unusual password requirements
- No easy way to handle websites whose passwords you’ve had to change
Stateless password managers tend to be open source projects that you can download for free. No subscriptions are required.
Download: PwdHash (Free)
Download: SuperGenPass (Free)
Download: LessPass (Free)
Download: HashPass (Free)
Which Password Manager System Is Best?
A password manager that only exists on your desktop is great, but if you take shortcuts to login from your phone or at the library, you may be poking holes in your own security. An online password manager may be more convenient and intuitive, but you still have to trust your passwords in someone else’s hands. What do you do?
There’s no such thing as perfect security. If you’re working under the most secretive of conditions, maybe you should save separate password vaults, all secured by key files on different USB sticks. Sound like too much hassle? Even if your technical experience ends at knowing how to use email and social media, you can figure out LastPass or 1Password.
Any one of these options is more secure than reusing the same few passwords. Once you start using a password manager, however, you’re already fighting back against cybercriminals. Now take the next step: here’s how to protect yourself from data breaches.