Passwords are a very important part of modern security, even as more authentication systems move away from them. With schemes like 2FA (two-factor authentication) becoming more common, we’re likely to see fewer passwords going forward, and instead, we’ll use more varied tokens like device-based keys and push notifications. For the passwords that we have today, though, a password manager is a must-have to stay secure. Today, we’ll take a look at three popular and affordable apps/services that can help you keep all of your passwords safe.
Changing Attitudes around Passwords
Username and password systems are so widely used that it’s hard to imagine any other form of online authentication. Cybersecurity has changed its attitude toward passwords in recent years, though. Passwords have a certain amount of insecurity no matter how well crafted they are. Since they have to be stored or remembered, and transmitted to use them, there’s always a chance that they can be intercepted or found (especially when developers don’t “salt” the password hashes). More cryptographically secure methods and stronger identification are available, like public/private key pairs and push notifications, respectively.
Password managers help you do the best you can to use passwords securely by 1) creating long, high-entropy passwords that aren’t easily guessed by machines, and 2) securely store your passwords and other sensitive or identifying information. Each of the apps we’ll look at here have this core functionality, but vary in a few other features and their price points. They all work by locking your information in a vault, for which you can set up strong, two-factor authentication to access any passwords or credit card information that you store in it. The services run as apps on your phone and browser plugins on your workstation.
1password is a service that helps you store and access your passwords on the cloud. Its usual subscription price is comparable to LastPass, but right now it’s on sale for 50% off your first year ($18/one year, $30 for the family plan). That price is great, but It may lack a few features that the other apps have. The family plan allows you to add additional users at the cost of $1 a month, so if you have more than six people to manage the passwords of, it may be a great choice.
1password has good cross-platform support, so you can use it on any of your mobile devices and on your workstations. You’ll find a lot of the standard features here: secure sharing on the family plan, unlimited devices, and two-factor authentication compatibility. Unlike other password managers, though, there isn’t a free version of the service, so you’ll have to do a 14-day trial to see if it’s right for you.
LastPass is one of the most polished password managers out there, and has a couple of features that really go above and beyond to keep you secure. There is a free version of the LastPass service, but it’s quite limited, since it only lets you sync either your mobile device or your computer, but not both. You’ll probably just want to jump right into the Premium account if you’re persuaded by the features—$36/year for a single user, $48/year for Family, which includes six users.
My favorite feature here is the dark web monitoring, which means that LastPass does research on what bad actors have access to, like stolen or leaked login credentials. If one of your accounts shows up in the wild, then you’ll be alerted and can quickly and easily generate a new password with the app or a browser extension.
BitWarden is definitely the cheapest solution of these three: $10/year for a single user, $40/year for a family of six. You can even add additional storage for $4/year for each gigabyte you need—this storage can be used sharing encrypted notes and files with your other users.
It has comparable features to the other two managers here (minus LastPass’ dark web monitoring), but uses open-source software to deliver some of them. Because of this, if you want to host your own instance of BitWarden, then you can; this might be a good solution for someone who is hands-on and already hosting a number of services on their own, but it also changes the risks of using the platform to store your passwords—that is to say, if you want to self-host your vault, you need to keep the network it’s on secure.
BitWarden has a lot of great features, like password sharing and Secure Notes. On the other hand, it can be a little difficult to point each entry in your vault to all of the necessary URIs, especially on Android. In other words, it can be a little rough to use the autofill capabilities on a mobile device, and saving new information about a login for an app or webpage can be a little tiresome.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team