If you’re considering using a password manager to enhance your digital security, but you’ve been skeptical… you’re not alone. Putting all your passwords in one virtual place means they’re in ONE place. If they’re stored in a cloud, then theoretically people could get the passwords if they were clever enough to hack the system, right?
There are many dozens of options available for password managers, free and fee-based. If you’re considering the security of using a password manager verses not using one, then no matter which one you choose, you will absolutely be more secure.
If you’re considering which password manager to choose for the most security, the answer is unique for each person based upon their needs.
For example, a password manager that is highly secure and suited for a large enterprise or corporation is much different than one used for an individual. Or, a person wanting a password manager for their work computer may find a different solution than someone looking for a password manager to use on multiple devices. In addition, some password managers work only with Windows software. Others are made for Mac OS, Linux or all three operating systems. So the answer for the most secure online password manager can vary based on your situation.
The thing to keep in mind is that, for any password manager solution, the whole business model is built around keeping that data safe. Unlike storing your password in a notebook on paper or in a text file on your device, password managers are designed to add layers of security regardless of which one you choose.
Why use a password manager instead of using my web browser to save my login information?
You can use Internet Explorer, Chrome, Safari, Firefox or other browsers to manage your passwords and other login information. When you visit a site, they can save your data for the next time you log in to keep it convenient.
However, if someone uses your device and opens your browser, they can get into your accounts. Plus, you can’t access your account information outside of using the web browser.
Most web browsers won’t generate strong passwords for you, allowing you to use insecure passwords like “123456.” Dedicated password managers have a singular goal and have been adding helpful features for years now. Ideally, this leads to better security.
How does a password manager work?
A password manager will record the username and password you use when you first sign in to a website or service. Then the next time you visit the website from your device, it will autofill forms with your saved password login information. For those websites and services that don’t allow automatic filling, a password manager lets you copy the password to paste into the password field.
There are options for online password managers and offline password managers.
Offline Password Managers
Offline password managers store your passwords on your local device, and you can make a backup of your file to save in a third-party location (e.g. Dropbox or Google Drive or a thumb drive). The advantage is that your data is safe and offline, away from the vulnerability of a hacker in a cloud-based, online password manager solution.
However, the disadvantage is that saving passwords offline means that you can’t sync between multiple devices. So, if you use passwords at a home computer and then go to your office to another computer, your passwords won’t travel with you. Or if you use passwords on your laptop and then want to log into an account from your mobile device, you won’t be able to with an offline password manager.
One way around this availability challenge, however, is that you can store your password manager database file on a cloud service (e.g.: dropbox, drive, etc.) and access that database file from other devices. Some offline password managers let you tie the security of the database to a master password and a key file. In this way, you need both the file and the password to open the database. You could store the key file in a cloud service and the database in another cloud so that having access to one of your cloud services is not enough to start brute-forcing the database password.
Examples of popular offline password managers in 2021 are:
LogMeOnce
KeePass
Bitwarden
1Password
Roboform
Keeper
Online Password Managers
Cloud-based online password managers provide security with more versatility and convenience. If you use more than one device, you want a manager that is available across all your devices and browsers, so you can access your passwords and login information from anywhere through the manager app or its browser extension.
Some provide secure storage so you can store other items too, such as documents or an electronic copy of your passport or will. They are encrypted, so even if the vault containing your passwords is compromised in an attack, the data stored inside the vault is protected with one or more layers of encryption.
The online password managers use a master password to encrypt your data, and they never know your master password or store it on their server. So, in essence, the data being stored on their servers is useless to them. It’s only accessible by you, the individual vault account owner, who has a master password to log into your account.
Even if they do get hacked, most online password managers use a secret key which combines with the master password to make another key, which adds another layer of security.
In addition, many password managers can create secure passwords for you. This makes it convenient to ensure you don’t use duplicate passwords for your accounts, which can make your security more vulnerable.
If you’re still unsure about putting your entire username and password in a manager, then just put a part of the password in there. That way, you can have some “secret key” stored in your own memory or offline files, and it’s something that must be appended to the password that you’ve stored. So, if someone accessed your password manager, it’s useless because they’ll need that secret key to access your accounts. This could be a universal secret key or a set of secret keys depending on the way you classify your credentials.
Many online password managers also have additional advanced features. For example, one handy advanced feature is the ability to capture and fill credentials for desktop applications, not just websites. Most password managers include a built-in mechanism for securely sharing passwords with other users, but some go a step further with advanced permissions. For instance, a few password managers allow you to share a login without making the password visible to the user, retract sharing, or change to make the recipient an owner of the account.
Examples of popular online password managers in 2021 are:
LogMeOnce
Bitwarden
LastPass
Dashlane
1Password
Sticky Password
Roboform
Zoho Vault
NordPass
Avira
Keeper Security
Enpass Password Manager
Myki Password Manager & Authenticator
For flexibility, advanced features and free or premium versions, LogMeOnce may be the leading password manager that offers the most options. PC Mag selected LogMeOnce as the Best for Abundant Features: “The free, skillfully redesigned LogMeOnce Password Management Suite Premium boasts more features than any competitor, free or paid.”
Considering all options, the best password manager is the one you’ll actually use. In other words, just by committing to using one, you’re already ahead of the game.