If you’re on the internet, your digital fingerprint is only as strong as your password. But there are a lot of cowboys who prioritize convenience over safety. The downside here is that for every gunslinger shooting from the hip with “password” or “ABCDE” as their password, there’s a cybersecurity outlaw who can exploit your love of quick and easy over slightly inconvenient but secure just as quick as you can say, “Reach for the sky!”
Websites will tell you how to make your password secure: 6-12 characters. A combination of lowercase and uppercase letters, including numbers and symbols. But then some websites have different rules. Minimum 8 characters. No special symbols. Letters and numbers only. You end up creating custom passwords on the fly. Then when you go back to the website you can’t remember it and have to reset your password. So you choose a simple password you won’t forget like, “1234,” and you’re back to square one.
Managing passwords as a human can become time-consuming and inconvenient. It all adds up to the point where you have too many passwords with different lengths and requirements to remember. But security as a practice is about adding a layer of inconvenience on top of an entry point, for protection.
Your options are either: use a bespoke highly secure password for every single online service, which makes it a superhuman feat to memorize. Or reuse a singular password - which isn’t very secure. Even if that password itself is highly secure, say like &n129N/Hsg3v8. If that one password is cracked, say via malware, your entire online presence is hackable.
The good news is you don’t need to be superhuman. A password manager can do all the unique password generation and memory storage for you.
What is a password manager?
A password manager is a secure encrypted digital repository of all your passwords. It can either be accessed via a web browser or a mobile or desktop application.
Password manager services remember your passwords so you don’t have to. The only password you do need to know is the master password to your vault aka your password manager.
Not only do password managers store your passwords, they help you create better, more secure passwords. Some password managers have extra features like dark web monitoring and alerts for when websites or services have been compromised and you need to change your password.
Don’t web browsers automatically manage passwords?
Many web browsers have inbuilt password management functionality. When using Google Chrome or your smartphone OS, the browser or system will often ask you to remember your password aka store it, and autofill the identification requirements next time you visit a website or application. This is stronger than using a singular password for all services, but do remember that these built-in password managers aren’t specialized, so they only offer basic features.
Dedicated password managers are developed solely to protect your passwords. Web browser development has a lot of features and functions to oversee. So their password management functionality doesn’t get the love and attention to detail that a dedicated password manager provider does. Password managers will remember passwords, but not prompt you to strengthen them. So if every password you use can be easily hacked via social engineering, you’re still vulnerable.
Why do you need a password manager?
If you’re on the internet, any service you interact with requires registration and verification with a username and password. The internet is a daily part of modern life. The amount of online services you use is almost impossible to count off the top of your head. Same with remembering the passwords for all those websites. Password managers create strong passwords and remember them for you, simple as that.
How does a password manager work?
Password managers prompt you to create secure and unique passwords any time you first visit a website or online service where you need to create a username and password.
Password managers then store username and password information in their secure online vault. When you revisit the website, the password manager will prompt you to use the stored login information, without revealing the password - just in case there’s anybody looking over your shoulder.
All your information is encrypted. The vendor of your password manager service can’t see your passwords. Individual users alone have the ability to decrypt their stored passwords using their master password or authentication method like biometrics or 2FA/MFA. To keep access to your account secure, if you must remember only one password, remember your master password.
Can’t password managers be hacked too?
Anything can be hacked. So choose a password manager with a proven security posture track record. That is, choose a password manager that has a clear action plan for when it gets compromised. You read that correctly: when.
Security is a moving target, and it’s best practice to have a security incident response strategy before a hack, not after. You want to select a password manager who reports and patches any bugs before they are exploited in the wild. The good news is all the password managers mentioned in this article don’t store encryption keys. So if any of their servers storing your data were compromised, all an attacker has is encrypted data without the key to decrypt it.
4 best password managers in 2023
Check out our list for 2024 here.
1Password
1Password is currently the best of the best. It’s secure and works on almost every OS you throw at it. One of the most helpful features is an alert system if your password is weak or compromised. 1Password also comes with a bunch of extras like Travel mode which lets you wipe and restore data before and after travel. You can also use it as an authentication app, and it’s integrated with lots of mobile apps for convenience. Something to consider is that there is no free option available. It’s also perhaps, too secure. If you lose your master password, not even 1Password can help you recover it.
BitWarden
BitWarden is the open-source free alternative for those who want to pinch some pennies, or maybe you’re not a fan of the 1Password UI. If you’re not looking for extra features, and just want the best foundational password manager on a budget to sync across multiple devices, BitWarden’s the one. The open-source element is extra handy, making it freely available to anyone who wants to dive into the code and look for any bugs or flaws, for extra peace of mind. You can upgrade to a premium version for more storage, at the very affordable rate of $10 (USD) per year.
Dashlane
You can store unlimited passwords with Dashlane and it’s protected with MFA. One of the coolest premium features it offers is it actively monitors the dark web and notifies you of any data breaches that may affect your account. The premium account also comes with a VPN.
Dashlane is similar to 1Password and BitWarden, the main difference being that it’s primarily available via web browser, including iOS and Android apps, but there is no desktop app. The premium plan is also pretty pricey.
NordPass
You may already know NordVPN, from Nord Security, the reputable VPN provider, well they have a password manager too, called NordPass. It’s supported with apps for all the major platforms and includes 2FA as well as a built-in password generator. There’s a free option, but it’s limited to one device with no syncing, so for syncing across multiple devices you’ll need to upgrade to the paid version, but you can trial it free seven days beforehand. If you’re already a Nord Security user, you’ll be familiar with how they roll, so this should be the pick for you.
What about LastPass?
LastPass was a popular password manager. I say was because it recorded a breach in December 2022. Customer password vaults were stolen in a hack. The digital vaults that is, which remain encrypted, not the master passwords.
LastPass confirmed that malicious actors used cloud storage keys stolen from a LastPass employee to access customer vault data. They ensure the master passwords remained secure, and the contents of each customer vault were close to impossible to read. But customer details - names, payment information, IP addresses, and physical location - were not encrypted.
What about Apple iCloud Keychain?
The good news for Apple users using MacOS password manager synced to iCloud, is that Apple’s password management does a solid job of securing and syncing passwords between Apple devices. There’s not all of the functionality that comes with dedicated password management software, but it’s still a reputable built-in password management system. Just be mindful that if you have a mix of Apple and other operating systems, the passwords won’t sync with your non-Apple devices.
3 things to know about password managers
If in doubt, don’t forget your master password: What if I told you, to keep 100+ passwords secure, you just had to memorize one secure password? Well, I’m telling you that. If you forget everything else in this article, remember this: don’t forget your master password for your password manager. Make it as secure as you can, with special characters and the perfect chaotic mix of uppercase and lowercase. Just remember it.
Think of your master password as the one key to rule them all that opens the vault where all your other keys are stored. So you want to keep that master password safe. Want a secure but easy way to generate passwords? Come up with four random words. Memorize them to a tune - just, in your head, not aloud. Even that is a secure master password that is hard to compromise. And it keeps your other passwords secure. Just be mindful that if your password for your laptop is “1234” and you’ve asked your browser to auto-fill your password manager account, it was all for nothing.
They manage passwords, they don’t stop breaches: Password managers can alert you to a breach of security, but they can’t protect you from a website hack. That means, if one of your passwords to one website is compromised, you still need to contact that provider to sort out any beach, change your password, determine how much of your data may have been compromised, then secure any data that touched that website like personal information or credit card numbers. Password managers can help you easily change your password for a compromised website, but it’s not a magical tool meaning you’re not vulnerable to individual breaches and hacks.
Turn off auto-fill: Password managers and web browsers offer super convenient auto-fill functionality to remember passwords and web form information. It’s an awesome time saver. But if you want to be secure, turn it off. Auto-filling has left some password manager providers vulnerable to attacks. The good news is some providers don’t have this set as a default option. For those that do, the securest option is to switch it off.