A recent case study has shown that around 40% of password managers are vulnerable to breaches. This is genuinely a worryingly high number of problems with password managers that shouldn’t be taken lightly. Password managers are always on the first line of defense and should be strong enough to endure even the most challenging breach attempts.
But, with so many password managers can be tricked into giving away the user’s password, it poses the question – are password managers worth it? And, if using one is a good idea, how to find a password manager powerful enough that you can rely on it at all times. We’ll answer these and many more questions you need to understand regarding password managers on this detailed and thorough page.
What Do Password Managers Do?
To answer the question of can password managers be trusted, we first need to know what password managers even do. In simple terms, a password manager allows you to take the load off of your mind and not have to worry about all of the password and login details you would otherwise have to remember or write down. With a password manager, you can create strong passwords that adhere to the NIST password guidelines without worrying about keeping track of them.
Instead of typing in the password for every service or site you open, you type in the master password tied to your password manager. The password manager will then automatically fill in the login credentials of the service you want to access. So, in other words, the password manager takes care of all the grunt, tedious work. You can free your mind from thinking about email addresses, passwords, usernames, and other login details.
Why Use a Password Manager?
There’s a long list of reasons why you should use a password manager. The most important ones are:
- Safer and More Intuitive Logins – The first and most apparent advantage of password managers is that it provides you with safe and reliable password storage. Not only that, but it also ensures more intuitive logins, as you can administer all logins from the password manager. This comes in very handy if you’re often logging into different sites and platforms.
- Cross-platform Support – In line with the previous advantage, another significant benefit of using a password manager is the cross-platform support you get for all of your apps and devices. No matter which device you’re using, all of the login information is safely stored in the same password vault.
- Quick Password Generating – Not many online users know that certain password managers serve as password generators. With a password manager, you don’t have to wrack your head thinking up complex passwords you then have to remember. The password manager will automatically generate passwords for you, saving you a lot of time and effort.
- Multi-factor Authentication – If you have multi-factor authentication enabled in your password manager, your passwords will become practically unhackable. Even if the attackers get a hold of your master password, they couldn’t do anything as they wouldn’t be able to go around the MFA.
- Private and Secure Password Sharing – Many people share passwords and account with their friends and family members. Whether it’s a joint social media account or just a Netflix password, if you’re sharing anything with other people, you should do it very privately. This is where a password manager can help. You don’t have to paste it anywhere, as the password manager will do all of the work.
How Does a Password Manager Work?
Now that we understand what it is and what it does, we should also discuss how a password manager works. To better understand how password managers work, we must highlight that these programs aren’t uniform, as they come in several shapes and sizes. There are three main types of password managers:
- Password Management Software – Software solutions like Dashlane, 1Password, and LastPass are almost synonymous with password managers in their entirety. These locally installed applications come with monthly/annual subscriptions and operate so that the password database is stored locally and independently on the same device you’ve installed the software.
- Web-based Password Managers – These types of password managers are browser-based. It means that the password manager is a website that securely stores your login credentials.
- Hardware Tokens – The strongest type of password manager, as the credentials, are stored in a separate encrypted device. You have to buy the device once but don’t have to pay for any subscriptions after.
Are Password Managers Secure?
As with all tech gadgets and security tools, it’s normal to be wary and ask questions to ensure that a password manager is safe before you use it. The best way to do so is to know all of the password manager’s pros and cons before choosing a specific type.
Pros and Cons of Password Management Software
The most prominent benefit of password management software is that it eliminates the risk of someone breaking into your manager. Since it’s locally installed, it can work both online and offline. Another solid advantage of password management software is that it’s open-source and free. Even if you can’t spare extra cash for a monthly subscription fee, you can still use password management software.
The main disadvantage of this type of password manager is that your access to the vault is limited only to the device the software is installed on. In line with that, if you ever lose that device or someone steals it from you, you’ll also lose the password vault. This could lead to a number of security problems.
Pros and Cons of Web-based Password Managers
The main advantages of web-based password managers are convenience and portability. They allow you to sync your password vault across all devices without any effort. This offers an unmatched user experienced compared to any other type of password manager.
The most significant disadvantage is that this form isn’t as secure, as all of the data is kept on the service’s servers at an unknown location. So, if the service’s servers get breached, all of your credentials are potentially at risk. Plus, these password managers often come with a recurring subscription fee.
Pros and Cons of Hardware Tokens
As we’ve mentioned above, hardware tokens are simply the strongest type of password manager. This is because all of the data is kept secure in a separate device that doesn’t require synchronization, constant access to the Internet, or any other prerequisite other password managers demand.
The biggest disadvantage of hardware tokens is the tokens themselves. More precisely, you have to carry around a specific hardware key. If you misplace it or lose it, you lose your access.
Which Password Manager is the Best?
With all of the above in mind, it’s also important to mention that not every password manager is worth your attention and money. Some password managers are safer than others, so you should know which password manager is the best one for your needs.
To help you out, we’ve summed up several best password managers for you to choose from. Additionally, we’ve divided the categories between free and premium password managers. Let’s take a closer look.
Best Free Password Managers
Bitwarden is one of the most popular free password managers currently available. It’s an open-source password manager that allows you to store an unlimited number of passwords and sync up an unlimited number of devices.
Plus, you can also take advantage of basic 2FA options and a solid password generator. Bitwarden also comes in a premium version, which offers in-depth password health reports, additional 2FA options, and other features.
Although KeePass might have the appearance of a 20-year-old app, it’s filled to the brim with great features. Unlike Bitwarden, this software is exclusively free, and there aren’t any extra premium features you could purchase.
Like Bitwarden, KeePass is an open-source password manager, so you don’t have to worry about any company being in control and overseeing your passwords. That said, this password manager comes without direct 2FA features, has fairly limited entry support, and has no browser extensions.
Best Hardware Password Manager Overall – The Hideez Key
If you’re looking for the most robust and best all-around password manager and generator, the Hideez Key is currently the top choice you can opt for. It’s a convenient hardware password manager with autofill, 2FA, OTP, and FIDO2 support, and many other practical security features. You can even employ it to lock/unlock your Windows PC by proximity and unlock RFID door locks in your office.
The best part is that such hardware password managers can be used either individually or in the business environment. Enterprise version is available on Hideez’s site with a free pilot, so business customers can test the service before committing to a paid implementation.
Miriam hands over the topics our writers work on and assures completeness and quality of submissions from Security Forward’s operations perspective.