It’s no secret that passwords are the weak link in any security system. As more and more companies store all their users’ data online, the need for robust and secure passwords increases exponentially. If you’re tired of trying to remember all your passwords, there’s a new solution on the horizon: Password managers! This article discusses how password managers can help keep your information safe, where to find them online, and a few tips for using them safely.
Experts have long predicted the end of the classic world of passwords, but the truth is that passwords are still multiplying like rabbits. It seems a good idea to leave some to a password manager.
According to a recent study, the majority of passwords, 75%, are now made up of a combination of letters, numbers, and special characters – not only because of user awareness but also because service providers require it. The trend is welcome, but it also raises how it is possible to remember increasingly complex lines of code. The same study also found that just under a fifth (18%) of users use a password manager alone. The majority are reluctant to use these programs because of security concerns. Some data leaks have affected password managers, but fortunately, they are not that common.
But what is a password manager – also known as a password safe? An application that can store login credentials securely on its own. Sure, it’s password-protected, but it’s still easier to remember one tricky code string than 40-50 passwords. This article will look at how password managers work and the pros and cons of both paid and free solutions.
Zero-knowledge approach
Let’s be perfectly honest: the reservations about password managers are not completely unfounded. As always in IT, mistakes can happen, but you should know that the security criteria for password managers are very high, so neither program errors nor data leaks are prevalent. In our test, we examined applications that work on Windows and macOS. The apps can be integrated into Chrome and Firefox browsers, and there are also mobile versions for Android and iOS. This cross-platform functionality ensures that users can access stored passwords on any device. To make sure that everyone can use the password managers, the developers have designed the programs so that anyone can use them without any prior knowledge.
To ensure security, passwords are always encrypted by the device itself, and only this encrypted data travels between devices – any application never sends the master key. Therefore, developers cannot know the master key or the stored passwords. This is the so-called “zero-knowledge” policy.
The paid applications in the test vary in price between €9 and €40 (USD 9-43) and are subscription-based, i.e., the fee is paid periodically (annually) during the usage period. The exceptions are Enpass and Sticky Passwords, which can be purchased on a subscription basis for a one-off, but higher, fees of €71 and €100 (USD 76-107), respectively.
It’s worth noting that browsers and Android and iOS systems typically have a built-in password manager, but the knowledge of this password vault is minimal. If one does not want to pay for such a service, we can recommend KeePassXC.
For convenience, password managers use a central server to synchronize settings and data: you have to enter the password on one device to use it anywhere else. Understandably, some people are uncomfortable with this solution and concerned about security. Enpass and Steganos password managers can provide a satisfactory solution because they only store the database locally, with manual synchronization between devices – via wifi or Google Drive.
Different security levels
The most important criterion for us when testing the password manager was security. The first and most important line of defense is the password manager’s master key. If we want to keep the other passwords safe, this must be a truly secure – hard to guess – set of codes. LastPass, Avira, and FSecure perform well in this respect because they set high requirements when setting the master key. There should not be any password manager that accepts “abcl23″ or .password” as a master key! The perfect solution is two-step authentication, i.e., if the password safe can only be opened with a second identifier (e.g., phone, fingerprint, etc.). This type of solution is supported by test winner 1Password; best buy Bitwarden, Dashlane, and NordPass.
Previously leaked passwords are not good passwords, so password safes (except Sticky Passwords and Steganos) also warn you if you use a code sequence that has been previously involved in a data leakage scandal.
Overcomplicated operation
A password manager is only helpful if it is not only powerful but also easy to use. After all, who would want to use a program that requires you to flip through several pages of manuals before each use. That said, not all platforms work the way we think they should. For example, opening the password safe with Windows Hello or using the facial recognition function/fingerprint reader is part of fast and convenient use. This option is usually a given, and the automatic recognition, storage, and insertion of passwords on subsequent visits is a standard feature.
But that’s the end of the line – unfortunately, in many cases, even the simplest operations cannot be carried out quickly and smoothly for all software. LastPass and Sticky Passwords, for example, have a password generator function, but this is not available when you want to type in a password; you have to navigate to the program’s settings and find this function within the settings is at least a bit inconvenient. Another common problem is that errors occur when recognizing and importing passwords. For example, when recognizing passwords, the application will place the password in the wrong field – in some cases as plain text, so that anyone can read it.
The right choice of features is important
The features offered by password safes played an essential role in the evaluation. One of the most important aspects was how to synchronize data between devices. Both the private cloud and the manual mode have advantages and disadvantages, but only Enpass allows users to choose the one they want to use.
F-Secure is not perfect either: for example, it cannot make large password lists more transparent by using folders or tags: often, it is just a matter of searching. Another valuable feature for organizing is the Favourites function, available in all software except Dashlane, NordPass, and Steganos. We also found it important to see how well the built-in password manager works: optimally, you can define the length and structure of your password individually. An interesting limitation is that the maximum length of passwords in F-Secure’s application is 32 characters.
Universal services and local solutions
There are quite a few good password safes on the market, and of course, you have to pay for the best quality. The test winner, 1Password, stands out from the field mainly because of its security features and ease of use, but in return, version 8 has dropped some previously included features in the program.
For those who prefer to rely on local password storage, we recommend Enpass. It also performs well from a security point of view, and the features are good – but the usability is not as convenient as other competitors. Bitwar-den’s password manager is recommended primarily for those who want a solution that works well without paying too much. Given its knowledge, this app also has a free version, which should be enough for most users; given its knowledge – the paid version offers more, mainly with two-step authentication and data leakage control. And for those looking for a password manager that is fully integrated into the browser, try Dashlane. If you only use your phone, 1Password or Enpass are the best.
Don’t delay in setting up Password Manager!
If you are not using any password manager yet, don’t delay! It’s worth taking an afternoon to install the software of your choice and teach it the passwords you already have. This is most conveniently done on a computer. If you already have passwords stored in the browser’s password manager, export them to a CSV file; this file can be imported by most password managers, which will speed up the work.
Once you’re on the case, it’s also worth taking care to invent new passwords instead of those used in several places. If you can’t do it by heart, use the password manager! In addition to duplicate passwords, change those that are weak! Today, a secure password is at least 12 characters long and contains lower case letters and at least two capital letters, two numbers, and two special characters!
It is essential to delete the CSV file – securely – after importing the passwords. Once the passwords have been entered, synchronization can take place. This is not a particularly problematic operation for the applications in the test: the passwords entered on the PC are transferred to the mobile application as soon as you have installed it and logged in with your username and master key. We also activate the auto-fill feature if we want the app to fill in the login details for its managed services automatically! If you want to use the password manager in the browser, you will also need to install the appropriate extension.
Finally, it’s also worth making sure that you create a password with the password manager each time you register a new account; since we no longer have to remember the password, it’s not worth saving on length or complexity.
Conclusion
A password manager is a great way to keep all your passwords safe and secure. With so many different options available, there’s sure to be one that meets your needs. We suggest taking the time to research the different features each password manager offers to find the perfect one for you. With a little effort, you can have peace of mind knowing that your passwords are well-protected.