Privacy Tip of the Week: Use a Password Manager

Passwords are the gatekeepers of our lives. They protect our devices, social media, and other personal information from prying eyes. However, with so many different accounts requiring passwords, it can be a hassle to remember them all (if not an impossibility). Because of that, many people choose to use the same password for everything, which greatly reduces their safety online. So what’s a person to do? Suffer the annoyance of remembering a dozen or more complicated passwords? Or do you sacrifice your online safety by using only one or two easy to remember ones? Thankfully, there’s a third option and that’s to use a password manager. Password managers store and encrypt your information so your brain doesn’t have to. There are dozens of different ones on the market, and we’ve taken a look at a few of them:

• What to know about password managers
• Most popular managers on the market
• Other ways to stay safe online

What to Know About Password Managers

What is a Password Manager?

In essence, a password manager is a digital program built to store information, specifically your usernames and passwords. They do the hard work of remembering your many passwords so that you can focus your attention on making stronger, more secure (yet less memorable) ones. Instead of having to remember dozens of passwords, you only have to remember one; the one to access your password manager.

The most basic password managers only offer database features. However, as they become more and more commonly used, they’re being packed with more features. Now, many password managers are also password generators. They can recognize when you create a new web account and are able to generate a secure and random password for that account, which they’ll then remember. In addition, they can autofill your passwords so you don’t have to sign in to the manager every time. These features are most commonly available through browser extensions.

Many password managers have also embraced two-factor authentication. When you sign in to an account, it will send your phone or email a one-time code to ensure that you are, indeed, the person logging in.

Are They Actually Secure?

Many experts have debated the question of whether or not password managers are actually good for account security. On one hand, they encourage people to use stronger passwords because they don’t have to remember them all. But on the other, if your password manager is hacked, the hackers now have all of your passwords. But how likely is that to happen?

Of course, that answer is never as simple as we’d want it to be. It depends on a variety of factors, including the password manager you choose (some are safer than others), the password you use to secure it (if you use a weak password, it’s more likely to be hacked), and the networks you use to access it (your home internet network is probably safer than the cafe down the street).

Most Popular Managers on the Market

If you’re going to use a password manager, you want to pick one that is safe, secure, and suitable for your needs. Dozens exist on the market, but some are more popular than others, typically because they have good track records for protection. We rounded up a brief list of some of the most popular password managers out there, but strongly recommend that you do your own research.

• KeePass
• LastPass
• BitWarden
• Dashlane
• Google Smart Lock

KeePass

KeePass has been around since 2004 and has been offering password privacy for just as long. The software is available for use on Windows, iOS, and Linux. KeePass is an offline password manager which means it stores passwords on user devices in an encrypted file. This solution offers form autofill, two-factor authentication, and a password generator. KeePass is also free to use.

• Pros: KeePass is one of the safest and most trusted managers available. Its code has been formally audited by the EU Free and Open Source Software Auditing project and other reputable groups, and has been vouched for by top security experts.
• Neutrals: Because KeePass operates entirely offline, there is no cloud connectivity. While this increases its security which is definitely a pro for some users, it also means you can’t switch between devices with ease. Every device needs to have its own KeePass file for password access, which some users may see as a con.
• Cons: KeePass has a very bare-bones design that focuses more on function than looks. It may turn some users off, if they’re looking for an attractive management experience.

LastPass

LastPass is one of the most popular names in password managers. Its services are offered online, in the form of a browser extension, and it can be used with platforms such as Google Chrome, Mozilla Firefox, Microsoft Edge, Apple Safari, and Opera. It enables users to store their passwords as they create them and can also import data from other browsers on your devices, which makes switching between browsers or password managers easy.

• Pros: LastPass offers a free version of their service, and the paid version starts at only $3 a month. It also offers two-factor authentication which makes it more secure than many competitors’ platforms.
• Cons: In 2015, LastPass experienced a data breach. It has since been resolved and has not occurred again, but some concerned users may choose to use a password manager that doesn’t have any breaches in their history.

BitWarden

BitWarden is a free and open source password manager that many users are beginning to adopt. The app is available on multiple devices, features two-factor authentication, allows you to import data from other password managers and more. It also offers cloud-syncing between platforms.

• Pros: Because BitWarden is open source, its protection and data storage methods are highly transparent. The platform uses end-to-end encryption. The user interface is also clean and professional looking.
• Cons: BitWarden doesn’t offer a truly “offline” version of their app, which some people who use a password manager may be upset by. It opens the app up to potential breaches.

Dashlane

Dashlane is a well designed password manager with strong encryption. In addition to offering a full suite of password-related tools to users, such as filling forms and offering automatic logins, the app also functions as a digital wallet to store credit and debit card information. Their password vault stores unlimited passwords, however the free version of the app only allows you to use it on a single device.

• Pros: Dashlane allows users to enjoy speed and convenience while also knowing their passwords are kept safe with the app.
• Cons: Many of the best features are only accessible with a premium subscription to the app, which start at just over $4 a month.

Google Smart Lock

Chrome users are familiar with Google Smart Lock. Every time you sign in to a new site, Google asks if you’d like it to remember your username and password. However, it’s widely known that Google collects user data so is using the browser to store your information safe? The answer is both yes and no. While Google prides itself on keeping user information safe from data breaches, any person who shares your device passwords can see your password for everything else by going in to Settings > Manage Passwords.

• Pros: Chrome is the most used web browser in the world. Its password manager is the most convenient and they do strive to keep information encrypted.
• Cons: While strangers might not have access to your passwords, friends and family you share devices (or device information) with, could theoretically view all of your passwords.

Pen and Paper

You may have been told never to write your passwords down. However, if you don’t trust digital password managers, good old pen and paper is your next best option because it absolutely, positively cannot be hacked. Just be sure to put the paper in a safe or similarly protected object so not just anyone can pick it up to read.

Other Ways to Stay Safe Online

Password managers are a great first step to protecting yourself online. They can be made even more effective by pairing them with other internet safety best practices. They include:

• Using a VPN. A virtual private network encrypts all your internet activity. This is especially important when you’re browsing on an unsecured internet network, like one over public wi-fi. On an unsafe network, others using it can see your activity if you aren’t protected with a fast VPN. If you sign in to your password manager without one, all of your passwords could end up exposed.
• Creating strong passwords. Your password manager is only as strong as the password you use to protect it. In order to make sure it’s secure, use a long password with a mix of letters, numbers, symbols, and capitalizations, and try to avoid dictionary words and personal information (like your birthday).

Keep your passwords safe with a password manager and keep your browsing safe with a virtual private network service like HotBot VPN.