Password managers are an integral piece of personal data security. They generate and store random passwords for every website you have an account with, that way you’re never reusing passwords that might be leaked in a data breach, and you never have weak passwords which can be cracked by hackers.
Using strong, unique passwords for every website is critical. When a data breach occurs, cyber-criminals start trying those leaked credentials on every website they can think of. You might not think your leaked credentials from a tiny blog you has 10 years ago is a big deal, but if that email and password is the same as the email and password for your Facebook, email, or bank account, you’re in trouble!
This isn’t true in all aspects of life, but when it comes to password security, length is everything. Your passwords should be a minimum of 16 characters, and should never be re-used.
If you need to memorize your password, consider using a pass phrase, or a sentence of regular but random words.
Lots of people might initially think a password like Tr0ub4dor&3 is much stronger than a passphrase like correct horse battery staple, but they’d be wrong.
Worried about having to remember a ton of random words though? Luckily for you, I’ll let you in on a little secret… Most passwords don’t need to be memorized. This is where a password manager comes in, and when used correctly there will only be a single password—the master password to unlock the password manager—you need to remember, while keeping all your accounts perfectly safe.
Bitwarden is my top recommendation for password managers. It’s open-source, free, and it can securely sync your passwords between all the devices you use.
Bitwarden also features Bitwarden Send, which allows you to share text and files securely with end-to-end encryption. A password can be required along with the send link. Bitwarden Send also features automatic deletion. You need the Premium Plan to be able to share files. The free plan only allows text sharing.
Bitwarden’s server-side code is open-source, so if you don’t want to trust the Bitwarden cloud, you can easily host your own Bitwarden sync server.
For technically minded folks, the best way to self-host Bitwarden is with a community server implementation called Vaultwarden. It’s much lighter weight and easier to install than the official server implementation, and comes with more features for free.
Hosting a Bitwarden server is not required though, so don’t worry if that flew right over your head! You can use Bitwarden’s server with a free account, and you don’t have to worry about trusting them with their passwords. Bitwarden encrypts all of your passwords before they’re ever sent off your device, keeping them safe and secure.
This one is a bit more advanced, but if you need the maximum security possible, consider KeePass. KeePass isn’t just a password manager, it’s a file format shared by many different password manager clients. To use KeePass, you can use any of these apps:
- KeePassXC, my favorite KeePass client for Windows and Linux.
- KeePassDX, a great option for using KeePass on Android.
- Strongbox, the best KeePass client for iOS and macOS.
The beauty of KeePass is its flexibility and interoperability. If you have an Android phone and a Windows computer, you can use both KeePassDX and KeePassXC with the same password database.
KeePass also stores all of your passwords in a single encrypted file, and leaves it up to you to sync that file across devices. Don’t want to trust a cloud service? You can completely control where your passwords are stored.
1Password is my final recommendation, especially for people looking for the easiest, cohesive, all-in-one solution. It boasts many features geared towards families and less technical people, as well as advanced functionality.
1Password allows you to store passwords, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password’s servers for a monthly fee. 1Password is audited on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their security white paper.
Your 1Password vault is secured with both your master password and a randomized 34-character security key to encrypt your data on their servers. This security key adds a layer of protection to your data because your data is secured with high entropy regardless of your master password. This gives 1Password a bit of a security edge over many alternatives. Many other password manager solutions are entirely reliant on the strength of your master password to secure your data.
What Password Manager Will You Use?
Bitwarden, KeePass, and 1Password are all excellent password managers, you can’t really go wrong with any of them!
If you don’t use a password manager already, stop what you’re doing immediately, choose a password manager here, and adopt secure passwords for your most critical accounts. Bank, email, and other accounts you can’t afford to live without. Do it right now before you do anything else. Adopting best password practices is probably the single most useful thing most people can do to improve their cybersecurity posture.
For the rest of your accounts, I recommend updating your passwords to something secure “as you go” after switching to a new password manager. This means you change passwords as you use them: For example, next time you log into eBay, change your password. Then, next time you order pizza, change that password. In time every account will have a unique, strong password.
Password managers typically include a note-taking section. This is a great spot to take notes like MFA backup codes, answers to security questions, or other account-specific details you want to remember. However, beware that this creates a single point of failure, so ensure that you’re applying maximum protection to your password manager in this case.
A common strategy for added account security is to give false answers to security questions. For example, a common security question is “what is your father’s middle name?” This kind of information is easy to find online for most people these days due to the increasingly digital nature of public records. A criminal could call the bank posing as you, answer the question, and transfer all your funds out of your account. Instead of the true answer, answer with a randomly generated word and record it in the notes section.
Thanks to Privacy Guides and The New Oil for completing some research for this post.
Leave a Reply