Password Managers
Having a good password manager will make your life a lot easier and more secure. Instead of having to remember dozens of passwords, you’ll need to have just one unique, long, complex password that will unlock the access to every one of your online accounts.
One of the main problems of trying to remember many unique and complex passwords is… well, it’s impossible. In order to make it possible, people usually compromise by either:
- Saving their passwords on their computer, usually in an unencrypted text file for easy and quick access (exposure: hackers, password stealing viruses, etc)
- Using the same password for all of their accounts, with possible slight variations, but usually none (exposure: if one of your accounts gets compromised, all of them are compromised. Usually exposed in data leaks, logged by keyloggers, cracked by brute force, etc.)
- Using unique but short and not complex passwords which they can easily remember and associate with different accounts (exposure: easily hackable by brute-force, depending on complexity and length — can be within seconds/minutes)
None of the above solutions are secure. As a matter of fact, they’re as unsecure as possible and should be avoided by all means!
Instead, the password managers can remember your complex and unique passwords for you and can quickly generate new, strong and complex passwords so you’ll never have to think of them or reuse any. The only password you’ll ever need to remember is the “master” password to the password manager itself. However, having all your eggs in a single basket is hardly a definition of security, and if you find the thought of a single master password securing all your passwords scary, as you should, there are ways to add an additional layer of security to your password manager (on top of 2FA). To find out how to further protect your most important passwords within the password manager, please read about peppering your passwords.
The best password managers secure your data, both on your machine and in the cloud, with the toughest form of encryption, and offer further protection in the form of two-factor-authentication (2FA) for your master password, such as Yubikey, which you should use.
They usually support Windows, macOS, Android and iOS, and sometimes Linux as well.
They can usually be installed on an unlimited number of devices for a single (generally paid) account and are usually able to store an unlimited amount of passwords. Some of them are entirely free to use, though they come with less options and usually lack security features such as 2FA, which we believe is very important.
While most web browsers have been able to remember passwords for you for quite some time now, we wouldn’t recommend using one to store your important and sensitive passwords. A lot of malware is designed to steal passwords from browsers, and their security is not up to par.
Furthermore, unlike browser based password managers, a stand-alone password manager works on all your browsers and all your devices.
Do keep in mind though that password managers can’t recover your master password for you if you forget it, so just like your crypto seed phrase, you need to keep it written down somewhere safe. No, not on your computer or any digital device that can potentially be accessed by a third party (or a virus), as that would defeat the purpose of a complex master password entirely.
Which password manager should I get?
There are many things to base your decision on when deciding on a password manager to use. Main things to consider would be user experience, platform support, security and overall performance.
If ease of use, convenience and security are what you are going for, then you can’t go wrong with the LastPass password manager, assuming you opt for the paid version, as the free version leaves much to be desired for.
Until recently, LastPass had the best free tier of any password manager, with unlimited syncing across all devices, auto-filling and basic two-factor authentication (2FA). But in March 2021, LastPass decided to cut back on the LastPass Free features, and now it will no longer sync data over all of the user’s devices, but either computers or mobile devices only.
LastPass‘s paid tier adds unlimited syncing, encrypted online storage, advanced 2FA, dark-web monitoring of your accounts and emergency access for your friends and loved ones. At $36 per year, it’s not that expensive, while the really affordable option is the family plan, which covers up to six people for only $48 per year ($8 per person). Additional $12 for your whole family seems like a no-brainer here.
Keeper is another candidate for the best password manager. Its free tier won’t let you sync your devices, but its inexpensive premium tier ($35/year) is a close match for LastPass. Keeper’s main quality and focus is on user privacy and security.
Dashlane also makes for a quality option, it comes with a great desktop application and can change hundreds of your passwords at once. Unfortunately, Dashlane’s free tier is very limited, as is its new $36 plan, while its unlimited premium plan is rather pricey at $60/year, especially when you consider that for $12 less you can get a LastPass 6 person family plan ($48 per year)!
1Password ($36/year), a longtime favorite of Mac users, offers no free tier, but its a strong contender, especially if you’re an Apple user. 1Password offers a unique Travel Mode to its Windows and Android users, which can temporarily delete stored passwords and other valuable pieces of information to protect them from the prying eyes of border guards and officials. Something those who travel a lot in countries with limited privacy rights might want to consider.
The best free option currently is Bitwarden, which lets you sync all your passwords across all your devices free of charge. Upgrading to the $10/year paid plan gets you secure cloud storage as well as more 2FA and sharing options, such as Yubikey, which we wholeheartedly advocate using to protect your important accounts.