Selecting A Password Manager
In my last article, I discussed The Advantages of Using a Password Manager to keep you secure and protect your privacy. This article will provide some tips on selecting a password manager. There are so many password managers out there, it can be difficult to figure out which one is right for you. Most password managers have a free version and a paid version. The paid version adds some additional features that you may or may not need. Password managers usually work on multiple platforms so you can use them on a PC, Mac, Android, iPhone, iPad, etc. The following are some of the most popular FREE password managers, listed in alphabetical order.
- 1Password
- Dashlane
- KeePass
- LastPass
- LogMeOnce
- mSecure
- Roboform
Although many Web browsers include built-in password management functionality, compared to the password managers, the features offered by the browsers are very limited. The developers of most reputable password managers, including the seven listed above, clearly state that they won’t be able to access your account even if they wanted to. That should alleviate any concerns that you may have about them getting into your personal information. Executives of 1Password, LastPass, mSecure and Roboform all told TechRepublic’s Michael Kassner pretty much the same thing, that they don’t have any backdoors and can’t get into your password database. For example, when asked “If the government orders you to turn over someone’s passwords, is it possible?”, LastPass Vice President of Marketing Erin Styles said “So, to answer your question, there is nothing we could do to obtain someone’s passwords. If ordered by the government, we would hand over a blob of encrypted data that they could attempt to brute force. As everyone knows, with a strong master password, brute force would be virtually impossible.”
PC Magazine has a list of The Best Free Password Managers of 2018. They evaluated eight password managers and the only two Editor’s Choice were LogMeOnce and LastPass. Of all the reviews that I have read over the years, the majority of them have rated LastPass as the best password manager. Having said that, you may find some features in other password managers that you’ll like better, or you may find the interface more appealing. That’s why it’s best to try some of these password managers and see which one you like.
Some password managers are installed locally, others store data in the cloud. Some, like LogMeOnce, don’t even require you to remember a master password. They call their password manager PasswordLess because you can use your image (selfie), rather than a password, to login. On mobile devices, the use of biometrics (facial recognition, fingerprints, etc.) is pretty common. But before you setup one of the biometric options, you may want to read my article How Secure is Biometric Authentication on Mobile Devices. You can also use the free Microsoft Authenticator app to sign into your phone without a password.
What Should You Look For in a Password Manager?
When it comes to password managers there are too many options to choose from and that’s why it is easy to get confused. A good password manager should encrypt the database and never store your master password on the servers. Only you should be able to access your data. This means that even the employees of the password manager should not be able to hack into your data. In addition, at minimum it should allow the following features:
- Multifactor authentication (MFA)
- Secure notes
- A password generator
- Emergency access
The password manager should be cloud-based, so it’s accessible from any device. It should also work across multiple platforms and support browser extensions for common Web browsers. Luckily, these features are supported by many popular password managers.
If you are not sure which one to choose and are not currently using a password manager, just randomly pick one from the list of seven password managers listed above and you will still be better off compared to whatever method you are currently using to manage your passwords. As mentioned in the previous article, you should use a strong master password and setup MFA for your account as an extra layer of security.
BEST PRACTICE: Setup your password manager for emergency access. This will allow you to give your trusted friend or family member access in case of an emergency. They can have access to your account and receive passwords and secure notes without knowing your master password. You should also setup an additional account and give it emergency access. That way if you forget your password for your primary account or you are locked out for some reason, you can use this secondary account as a backdoor to all your passwords. |
The secondary account that I mentioned above can also be used as a backdoor into your account in case it is hacked. This will allow you to quickly change all your passwords that the hacker knows. Just make sure the password for this secondary account is not documented in your primary account.
If you work for an organization, chances are your IT department will select a password manager for the organization. They will also teach you how to use the password manager and hopefully provide cybersecurity awareness training so you are better equipped to protect yourself from the cyberattacks.
Related Articles
Here are a few related articles that you may find useful.
- The Advantages of Using a Password Manager
- Microsoft Authenticator to Allow Phone Sign In Without a Password
- Biometric Options from Microsoft and Apple
- How Secure are Online Password Managers?
- How Secure is Biometric Authentication on Mobile Devices?
In my next article, I will provide instructions on how to set up LastPass for PIN authentication.
Thanks for reading my article. If you are interested in IT training & consulting services, please reach out to me. Visit ZubairAlexander.com for information on my professional background. |
Copyright © 2018 SeattlePro Enterprises, LLC. All rights reserved.