Nearly every website, PC software and smartphone application these days require a password. And most of use are using either similar or same passwords for all these pages. Generally I have 3-4 passwords for “important” sites (Facebook, Google account, WordPress account) all of the other passwords are same, except for the last two numbers. But this is not that good, because when sites data get breached, our passwords become kind of public which is a problem for itself. Danger is multiplied if the compromised password has been used on other across multiple services. That for we need a good password manager!
At first glance using a password manager seems like a very stupid idea. Cause from a breach perspective, it requires a breach of only single password to have a domino effect on every other online service you use.
Actually the risk of compromise is far less than if you reuse a same password across multiple sites. In this scenario, you’re relying on dozens of websites keeping your data safe. And if only one of them suffers a breach all of your other passwords will be compromised. Most of tech gurus know how many popular websites have suffered breaches over the last couple of years, with password databases being high on the list, while the major players in password security haven’t suffered any breach – with one notable exception. But certainly there’s been no successful compromise of encrypted password hashes.
Also a huge benefit of password managers is that your password is stored in the cloud, meaning that if you switch operating systems and devices quite often, it will help you access your passwords from any device, anywhere, at any time.
Two most important features that make a strong password protection – ability to generate random complex passwords (really complex) and the ability to automatically log on users on websites or services using those passwords. Basically if you don’t have to remember the password, you can make it as complex as you want.
Only password that has to be long, strong and complex but also much known to you, is the master password; it acts as the key to all other passwords. A password manager is only as secure as the master password, so be sure to put a good one.
Having to memorize a password with at least 12 characters, containing both cases, numbers and special keyboard characters sounds really hard, but in reality isn’t that bad. The best approach to this is not go for fully random password, try to use all these things but making a password that means something – at least to you. The password has to be complex enough preventing human to make a guess and a machine to brute force it. Let’s say you like cats, you could put your password as: “1R3allyL1keWh1teCat$”. Just an example that has come to my mind while writing this.
On top of that if you still feel insecure RoboForm and LastPass premium allow two-factor authentication tokens. In a simple word, with a cheap piece of hardware (YubiKey token) that provide a time-variant secure login code when the button on the token is pressed. Adding a requirement for something you physically have considerably strengthens your security online.
There are four major passwords mangers:
LastPass is a password manager that makes web browsing easier and more secure. At least that’s what they say. Personally I use LastPass cause I came across it long ago and I’m stuck, it works just as it should do. It doesn’t adopt the local client approach, as it relies on access-anywhere, server-based storage. So you can use LastPass everywhere, as LastPass premium allows you to sync all the passwords across so many devices like Android, BlackBerry, iOS, Symbian and Windows phone for $1 per month. Also as mentioned before LastPass premium offers two-factor authentication system.
If you don’t want to pay, the free version offers basic functionality you’d expect from a password manager, including one-click login, auto form-filling, multi-browser sync, secure importing and exporting, secure password generation etc.
At first look KeePass look’s awful. Just open their website, I’d say it’s from nineties. KeePass is a free, open source, light-weight and easy-to-use password manager. As it takes open source approach, its often touted as the vault of choice for advanced users and system admins. Not only for being open source, it has huge number of advanced tweaking options. Still if you don’t mind the 10 year old user interface, it can suite you really well.
It stores password locally, but since it supports Dropbox you can go for a cloud synchronization too. Also a good thing is that it supports two-factor authentication with YubiKey like LastPass, but entirely for free. As it is open source, there are third-party plugins available to extend KeePass’s functionality.
RoboForm is probably the oldest password manager out there, protecting passwords since 1999. It’s available for free, but storing only up to ten-logins and an auto-fill function. If you want something more secure, you’ll have to pay $30 for Desktop 7 licence. RoboForm everywhere will provide you a more secure environment not just on your desktop, but also on your iOS or Android phones and tablets. It costs $20 per year, but currently discounted to $10.
Also the Desktop 7 version allows unlimited logins, multiple profiles and two-factor authentication.
One password started as a password manager for Mac, but later on expended to all platforms, including Windows, iOS and Android. It’s another cloud based password manager – offering a client installed on each device along with an encrypted password database with option to synchronize these via Dropbox. The biggest drawback of 1Password is the price, only the Android version is free. Basically if you want it on all platforms, you’ll have to play around $130 for a single user license. Cause the competitors offer same or even better features for free, I don’t see a reason to use 1Password.
1Passowrd can store not only Passowrds (logins), such as software license keys, credit cards and notes.
In the end I can truly recommend LastPass since I’m using the free version, and it’s more than enough for probably 99% of internet users.