With the ever-growing threat of credential stuffing, more and more people are waking up to the danger of using the same password for everything they do online. Remembering dozens of passwords might be annoying, but is it worse than losing your credit card details?
Just ask Nintendo or these companies that thought they were fine…
Why Do I Need a Password Manager?
Password managers aren’t new — if you’re old enough to remember GNOME Keyring (launched in 2003), you know that keyrings and secure management software have been around since the turn of the millennium.
But more people are waking up to their uses every day. For remote workers and freelancers, password managers are extremely useful tools as they protect the user when they have to use a wide variety of passwords to access what they need.
Because remote workers and freelancers often need to log into different portals to access their work, they often have to remember many secure and complex passwords. They could use one, but if that password leaks a lot of people are in for a bad time. Dark web adversaries often search for leaked credentials (i.e. email address/username-password combinations) and test them out on a variety of websites.
If you have log-ins for a variety of back-end technology, you might have just given away the keys to the kingdom.
Using a Master Password
If an adversary gains access to your credentials and you use one password for everything, someone out there now has access to everything you interact with on a daily basis. That could mean websites with your credit cards details, the sensitive backends of major companies, and any other sensitive online accounts that you have access to.
Benefits of Master Password
In addition to closing the attack surface by only needing to type one password (avoiding the problem of keyloggers as much as possible), it’s more difficult for an adversary to gain access to your details.
One-Click Password Generation
Thinking up numerous strong passwords (especially when the debate about what a strong password is can be a little confusing) brings difficulties. Using a password generator allows a user to create and store passwords that are difficult to break through with brute-forcing tools.
A good password manager will have a built-in way to generate passwords, making secure password management easier.
Why Not Just Use a Browser to Save Passwords?
Because browser password managers are generally afterthoughts in the grand scheme of things, they are generally less secure (sometimes even unencrypted!) and lack some of the more advanced features that we’ve come to expect from dedicated password managers.
Although in-browser alternatives are convenient, a secure password manager is preferable. Secure password sharing, two-factor authentication, and advanced security such as dark web monitoring are not included with browser vaults, so find a dedicated password manager — many of them support browser extensions for Chrome, Firefox, Safari, and other popular browsers.
The Best Password Managers for 2022
Throwing your lot in with an unreliable password manager can be disastrous. Storing all your passwords in an unsecured location makes it a prime hunting ground for threat actors, especially in a world where some password managers have been hacked in recent years and where some manager-adjacent companies have a history of covering up data breaches.
I investigated some market leaders in the password manager space to find out which ones are worth using. Some of the criteria I used:
- Is it open-source?
- What does it cost?
- How is it secured?
- How much storage do you receive?
- Does it allow password sharing?
- What advanced features does it offer?
Short on Time? Here’s a Quick Rundown on Our Top 5
- Bitwarden — Open-source, free, and with plenty of features to help you create, secure, and manage your passwords, cards, identities, and notes.
- 1Password — A premium option, but filled with advanced tools to protect you and your passwords.
- Dashlane — A simple password manager that is perfect for someone new to the game. Not sophisticated, but less ugly than open-source options.
- KeePass — Perfect for developers and other tech-heads, this password manager is customizable, open-source, and easily runs across many platforms.
- Keeper — The most expensive option which has cutting-edge security tools to protect your data. Sadly, the free account is barely worth using.
A Cost Comparison of the Top Password Managers
Bitwarden
Best for people who want something easy, secure, and cheap.
Cost: a free plan, with a premium option for $10/annum.
Bitwarden isn’t flashy and doesn’t come with all of the cutting-edge features that you get with some password managers, but it is free (unless you want to support the developers or use it at an enterprise level), open-source, and easy to use.
Available across all major platforms (and a few niche browsers such as Tor and Vivaldi), Bitwarden’s simple interface gives the user auto-fill options, access to their password vault, secure sending options, and password generation tool.
Other password managers may deliver flashier features, but Bitwarden gives you everything you need for free forever. The free plan also includes a free data breach report, helping you know what you need to change. And if you sign up for the premium option, you also receive:
- An exposed passwords report
- Reused password reports
- Unsecured website reports
- Improved two-factor authentication
Bitwarden isn’t attractive, but it’s effective. For someone that wants a no-nonsense password manager without breaking the bank, it’s the number one choice.
1Password
Best for people who don’t mind spending more to get extra features.
Cost: $35.88 for an individual plan or $59.98 for the family plan
Recommended by HaveIBeenPwned.com, 1Password is the premium option for managing passwords. But because this password manager comes with an attached cost without offering much more than Bitwarden does, it finds itself at number two.
With support for Windows, macOS, Linux, Android, and iOS, 1Password has a host of features that helps you store as many passwords as you need and then make sure they stay secure. With the personal plan, you get:
- Emergency recovery kit
- Logins, secure notes, cards, and identities storage
- Threat intelligence tools such as compromised website alerts and warnings for reused or weak passwords
The only situation where 1Password beats out Bitwarden is for security professionals working with large organizations. Using 1Password’s Secrets Automation, all endpoints users will be automatically managed through 1Password’s automated and orchestrated password manager. When you need to instantaneously change and secure passwords on multiple devices, 1Password is the best password manager that I tested.
Dashlane
Best for people who need something attractive without breaking the bank.
Cost: available for $39.96 or $59.98 for families
Dashlane’s not open-source, but there is an easy-to-install free plan (although the features are limited…). It finds its niche in people wanting a more attractive UI than Bitwarden’s but without having to pay out like with 1Password.
Dashlane offers features such as the password health assessor to keep your passwords safe, but the top-of-the-range features such as dark web monitoring are locked into its premium plans.
Because Dashlane is a relatively affordable password manager, it is a fine substitute for someone who doesn’t need the impressive security features you find with 1Password. The interface is easy to navigate and the cost is low, so this is a good alternative for people who are put off by Bitwarden’s simplicity.
KeePass
Best for: developers and techy types who don’t mind playing with customizable software.
Cost: free, completely free — you’ll never pay a penny
Here’s another open-source password manager, but this one is really for the person who wants something functional over an attractive desktop app. Whereas most password managers lock some features into premium plans, you get everything for free with KeePass.
Originally designed for Windows, there are now 34 contributed/unofficial versions of the free password manager. You can find versions available for everything from macOS to Sailfish, everyone is able to use KeePass.
Available as standard, you receive:
- Multiple user keys
- No installation when using KeePass at a different system
- A wide range of export file types
- Plug-in options that allow you to customize the password manager
- Security-enhanced password edit controls for secure storage when you need to change
KeePass is full of features that match and even surpass many password managers, but it is more difficult to use. If you only want to securely store passwords but you’re not very tech-minded, KeePass might be overkill. If you’re a developer who wants to dig into the details, it might top the list of the top password managers for you.
Keeper
Best for: people who need 24/7 support in using their password manager.
Cost: $50.64 for the premium individual plan and $95.76 for protection for the whole family
Keeper comes in a number 5 on this list because, despite being one of the best for password security, it has a very limited free version and lacks some of the better features that free password managers offer.
With extensive multi-factor authentication options and password security tools such as BreachWatch (an automated data leak detection system), Keeper’s feature suite certainly rivals some of the other names on this list. Sadly, the free version is so thin that it effectively only comes with a secure password generator and unlimited password storage for people who don’t want to pay; not ideal in comparison with Bitwarden or KeePass.
But that’s not to say that Keeper isn’t worth using — if you’re willing to pay, some of the best features include:
- BreachWatch
- Secure Record Sharing facilities
- Emergency access to passwords
- 24/7 support — quite unique in the world of password managers!
Why Don’t You Suggest Some of the Big Names in the Password Manager World?
Just like antiviruses and VPNs, there are password managers out there that you shouldn’t trust. Sometimes, they sell your data. Sometimes, they have suspect operating practices that lead to them covering up data breaches — Nord (a company famous for its VPN that entered the password manager market in 2019) is particularly notorious for hiding the details of a serious data breach in late 2018, so are ready to trust them with the keys to your online banking? I wouldn’t be so sure.
For a password manager, trust is everything. It doesn’t matter how well you secure your sensitive data if your password manager software leaks like a sieve. Find a reputable password manager with secure file storage, password generator, and any other features you need to keep your passwords safe and stop the adversary from gaining your details.
Do I Really Need a Password Manager?
Before you wonder whether you should just get one hardened password and use it for everything, remember that compromised passwords and credential stuffing are ever-growing problems for businesses. If your password leaks from a popular site, it’s entirely possible threat actors will instantly attempt to use your log-in for everything.
With that in mind, trying to manage passwords separately can be a challenge. That’s why investing in a password manager (either paid or free) is perfect for developers working with many different companies — you can make secure passwords for every site and be secure in the knowledge that you won’t accidentally leak credentials if one of your clients is compromised.
Upstack gives you the ability to search the perfect software dev for your project by skill, location, experience level and more. Contact us!
Originally published at Upstack.co on Mar 27, 2022, by Austin Miller.
