Are You Using a Password Manager?
Posted by Security Team on
Table of Contents
What are Password managers?
If you're not using a password manager, you probably should be.
You have many many online accounts and many passwords for those accounts.
So how do we keep track of all of them, and most importantly, how do we make sure they are secure?
Well, thankfully, that's where password managers come in.
A password manager is a very useful tool that creates high-strength passwords and has the ability to auto-fill them into websites and apps for you.
Password managers keep all your passwords safe in one vault, so you no longer have to remember them all. This mitigates the risks that come with writing them all down or using the same weak password across several accounts.
Password managers require you to create one master password' which grants you access to all of your passwords whenever you log in.
You can also use them to create random high-strength passwords for all of your accounts in case your current passwords are not up to scratch.
The dangers of password reuse
A lot of people are guilty of this one, reusing the same password on multiple accounts because they don't want to have to remember a different password for every account they have.
Password reuse is more common than you think. Around 52% of users responding to a Google survey stated that they use the same password for almost all their platforms. Meanwhile, 35% use a different password for all accounts, and 15% use the same password for all their accounts.
This is concerning considering most breaches happen via leaked password data that is very easy to obtain. Once obtained, a malicious attacker could try to breach all your other accounts that utilise the same passwords.
You get the picture.
But not all Password managers are created equally. Keep reading.
A world of options
Variety is the spice of life, but when choosing a password manager, we may want to put privacy and security at the forefront of our selection considering they store all of our passwords, all our eggs are in one basket, so to speak.
So we want to make sure that basket is a fortress!
Industry professionals build password managers to ensure that your passwords are securely encrypted and are not visible to anyone other than you – not even those working for the company.
Various techniques are used to ensure that only the specified user has access to their passwords. This includes things like multi-factor authentication, which requires you to approve every sign-in attempt. Usually, this is done by entering a one-time code sent to your mobile device to check that it's really you signing in.
or with hardware keys
Password managers can vary from web-based applications to desktop and mobile programs.
We generally have two main options
- Local password storage
- Cloud-based storage
Local Password managers
Device-based or local password managers were the first password solutions to hit the market. They're not associated with other applications. They are standalone and store passwords locally on your phone or computer.
So it's up to you to keep them backed up and synced with other devices
In terms of security, this would be a very wise choice. Some solid examples would include.
- Keepass (Windows)
- Keepassxc (Linux, macOS, Windows )
- Keepassdx (Android)
- Keepass2android (Android)
- Strongbox (IOS)
- KeePassium (IOS)
Now, these options are primarily local, but some have options for cloud syncing. But if you want to be able to access and manage the password database on other devices, you would need to sync them to a cloud provider or use an application like Syncthing. or carry around a USB stick that contains your database.
Cloud-based managers
Ok, so what if you want the best of both worlds? A rock-solid password manager with high security and privacy with the ability to sync between all your devices with minimal setup?
We want to make sure we choose something reputable with a proven track record.
As long as you're using an established, reliable provider, there are minimal risks involved with using a cloud-based password manager.
We want to tick a few boxes for this one
- Is it Open Source?
- Is it audited by reputable third-party security firms?
- Is it reputable?
In terms of ticking boxes, one option really stands out!
Bitwarden is open-source software. All of the source code is hosted on GitHub and is free for anyone to review. Thousands of software developers follow Bitwarden's source code projects (and you should too!).
Bitwarden is audited by reputable third-party security firms as well as independent security researchers.
Bitwarden does not store your passwords. Bitwarden stores encrypted versions of your passwords that only you can unlock. Your sensitive information is encrypted locally on your personal device before ever being sent to our cloud servers.
Bitwarden has a reputation. Bitwarden is used by millions of individuals and businesses.
If they did anything questionable or risky, they would be out of business!
The great thing about BitWarden is you can easily host the entire Bitwarden stack yourself. You control your data. Learn more here (https://bitwarden.com/help/article/install-on-premise/)
Your data is fully encrypted and hashed before ever leaving your local device, so no one from the Bitwarden team can ever see, read, or reverse engineer to get to your real data. Bitwarden servers only store encrypted and hashed data.
Other mentions
Bitwarden is really the strongest contender for cloud-based password management at the moment but have a look at some of these other great projects.
Keeweb
KeeWeb is a free and open-source password manager compatible with KeePass, available as a web version and desktop app.
Keeweb also has a great plugin for Nextcloud (self-hosted cloud server)
Psono
Psono is a secure password manager that was first launched in 2017 by a developer called Sascha Pfeiffer. It is a service based in Germany - a location that is generally thought to be good for privacy.
Consumers can use Psono for free, and even small businesses are permitted to use the service free of charge with up to ten users.
Lesspass
A browser add-on to manage your passwords from inside the browser. Lesspass works on android and iOS too. LessPass (not Lastpass) is considered to be simple in its features and design, but nonetheless, it does the primary job of safely storing your passwords and synchronizing them between devices.
Conclusion
So as you can see, the choice is endless when it comes to password managers.
Hopefully, you can make an informed decision regarding which manager is right for you.
The best advice we can give is to stop using the same password for all your accounts, you're just putting yourself at risk and leaving yourself open to hacking.