If you aren’t using a password manager, don’t worry, you are not alone – millions of people are also still missing out. The good news is that by being here you may well be considering getting one, or are at least interested in understanding services that are covered by this term. To help you navigate through the abundance of information that is posted online about password managers, we’ve got all the details you’ll need to pick the service that is right for you.
What Is a Password Manager?
Have you counted how many accounts you have: ten, a hundred, or maybe more? With the variety of internet-based services, the first layer of protection (and most of the time the only layer) is a username and a password.
The stronger that password is, the stronger the account security. But how many passwords do you have? If you have only a handful but still have a hundred accounts, then you are obviously re-using the same password for multiple accounts, and as a result exposing yourself to hackers.
As security experts like to highlight at every opportunity, it is people that are the weakest link in IT security, especially when they reuse the same password for multiple accounts. It’s like leaving the key to your home under the doormat. This is where a password manager steps into the picture, helping to generate cryptographically secure passwords, retrieve and keep track of those credentials and the growing number of accounts. They can also store credit card numbers and their three-digit security codes, answers to security questions, encrypt documents, and more.
The real convenience of all this is the fact that a user only needs to remember one strong password that will open the so-called vault. Much easier, right? It certainly is, and those who start using a password manager don’t want to go back, that’s for sure. There are a few features, however, that you should definitely bear in mind when committing to a password management service.
Where Are Your Passwords Stored?
While the applied encryption should be at least as good as Advanced Encryption Standard (AES) 256-bit – the encryption protocol typically used to protect classified documents – it’s important to know where your password data is stored.
The reason for this is pretty simple: you’re trusting this service with all of your passwords including your online banking credentials, so you’ll want to make sure your data is protected. In this matter it’s important to know what you’re getting, so you should investigate whether the password manager stores the encrypted data locally or on a server. The safest option is to store that data ‘bucket’ locally on your computer, but not all services offer this feature because it makes cross-device/platform syncing harder.
Since the security level of your account depends on the strength of your password, it’s important for the password manager to have a password generator. While practically all of them offer this feature, those that allow you to customize the strength of the password generated through the application are better services to make use of. For this, make sure it uses either a True Random Number Generator (TRNG) or cryptographically secure pseudo-random number generator (CSPRNG).
This is a key feature that could make or break a password manager service, because you want to make sure the password it generates using an algorithm is either completely random or a cryptographically secure pseudo-random password.
One of the most frequent questions related to password managers is how to share a password with a spouse or family member. While the best security practice is to always keep the password to yourself, there are times when you need to share it, so check what sharing options the password manager has. Does its subscription plan allow you to add other users and customize the level of access? This is important to look for.
These three features are just the tip of the iceberg, so you should always check the reputation of the password manager. If you are reading too many headlines using the name of the password manager and the word ‘hacked’ it is a good sign that you should look for another service.
Obviously, there is a big difference in terms of requirements for individuals and teams/families, so make sure the password manager includes all the features you need to manage the group’s passwords.
Best Password Managers of 2018