Despite the fact that password management apps are consistently recommended by the majority of IT security experts the vast majority of non-experts still don’t use them. A survey of both security experts and non-expert internet users conducted by Google revealed that 73% of security experts use a password manager, compared to only 24% of non-experts.
Meanwhile the idea of using a password manager was ranked as a top priority for 48% of security experts, while a worryingly low 3% of the non-experts didn’t believe this was the case. Apparently the average web user is unaware of the benefits to be gained by using a password management service, or they don’t trust them to keep their credentials secure.
Why Use a Password Manager?
It’s become a worrying trend – as you may already have seen or experienced yourself – that the hacking of online consumer businesses is starting to become part of our daily lives, it’s something we’re reading about on an almost daily basis. The problem is that when a primary email account is hacked, all linked accounts are easily cracked open, increasing the potential damage.
Strong and unique passwords can hold back such an attack but can’t protect against it completely, especially if the account is only protected by the password. “It is clear passwords are the weakest link,” said Martijn Verbree, a partner in KPMG’s cyber security practice, “and more needs to be done by businesses to enable other forms of authentication to prevent cyber breaches. This is something that we all need to realize and move towards a more sophisticated approach to authenticating people which blends the use of a two-step validation, behavioral analysis and contextual information, rather than relying on knowledge of a single increasingly user unfriendly password,” he said in his blog post, highlighting the importance of enabling two-factor authentication in tandem with password managers.
Which Password Managers Are Recommended by Security Experts?
One of the most frequent questions asked by the general public is ‘which password manager is the best?’ While we have put together a list of the top password managers, security experts tend to say that they are all as good as each other. Their argument is pretty simple: making a public statement about a problem with any one password manager is equivalent to damning them. Instead, what they can talk about is which software they like the most.
As you may know, there are many different password managers and the list continues to grow every day with new services trying their best to grab their share of this growing market. However, with the bubble of ‘equally good’ password managers growing, users are increasingly basing their decisions of which service to opt for on the information that developers and reviewers share.
This bubble burst when 1Password announced that it was moving away from its one-time license and local storage option. When AgileBits, the company behind the popular program, announced the change security experts voiced their concern over the security measures the company had taken to protect users and also highlighted what they feel is the key factor to keep in mind when choosing a password manager.
What made 1Password different was its feature of keeping all user passwords stored in a “local vault”, data that was only available physically on the device itself – whether that was computer or smartphone. That’s important because, as with Apple’s Keychain Access, the stored credentials don’t leave the device, which gives the user more control over the stored passwords and their security.
As it turns out the favorite password manager that typically comes recommended by the security experts who do voice their opinion on Twitter was 1Password. That’s the service Thomas H. Ptácek, co-founder of Matasano Security, recommended “without reservation”. This recommendation is joined by developer and security researcher Adam Caudill (co-director of the Open Crypto Audit Project), Kenneth White (director of Distributed Systems Lab at the University of Pennsylvania), Matt Blaze and many others.
This isn’t the only password manager choice, of course. For example Matthew Green, cryptographer and professor at Johns Hopkins University, used a LastPass screenshot in his blog post.
What Do Security Experts Recommend?
The outrage of security experts over AgileBits’ move to drop local vault support and use the cloud instead is a great example of how users and developers alike tend to make compromises for the sake of convenience. What we, as regular users, can learn from this is that we should select a password manager that supports a local vault since it provides us with more control over our passwords. And remember, using a password manager is just one of the security measures experts recommend taking to protect our digital lives.
Best Password Managers of 2019