Basic #2: Password Manager
In our previous article, we taught you how to create a strong password and also mentioned the passwords management systems. A promise is a promise: we said we would write an article about it, and here it is!
✋ Disclaimer: this article is NOT sponsored. Don’t take this article for granted. Look for what you feel best for you. 😉
What is a password manager?
First, remember this: NEVER use the same password on every account. Recycling passwords is a major vulnerability. The reason is very simple: imagine that a site on where you have entered your password is hacked, the criminal will have access to all your accounts if you use the same password all the time.
You can imagine saying: “OK, but I can’t remember a thousand passwords 🤔”. Well, so do we!
That’s exactly what password management systems are made for! The basic concept is very simple: remember only one password (a strong one!), and generate lots of strong passwords without having to memorize them. Kind of cool, isn’t it?
Generally, password managers consist of two parts:
- a software application designed to store and manage credentials online.
- a strong password generator.
These passwords are usually stored in an encrypted database and locked behind a master password.
Why using a password manager?
Because it’s super easy to use. You only have to remember one master password. No need for an incredible memory. The problem we all have is not our ability to create hard passwords but it’s our ability to remember them!
Because you won’t waste time generating new passwords. It can automatically generate highly secure passwords for you. Password managers will usually ask you if you want to use an automatically generated password. These random passwords are long, alphanumeric and virtually impossible to guess.
Because you don’t have to fill in the password fields anymore. The password manager will do it for you. In addition, some can store and automatically fill in name, address, email address, phone number and credit card information. This can save a lot of time when shopping online, for example.
Gone are the days of using “I forgot my password”. 😅
Some managers may alert you to compromised sites. This is very useful because you don’t have to keep an eye out to find out if a particular site has been leaked. The password manager invites you to generate a new password (sometimes it even does it by itself!) Very convenient!
Because it allows you to fight phishing attempts. Indeed, if you use a browser-based password manager (we will come back to this notion later), it will not automatically fill in the username and password fields because it does not recognize the website as the one linked to the password. This helps avoid a silly mistake!
Passwords are stolen all the time. Sites and services are as vulnerable to violations as you are to phishing attacks that try to trick you into giving them your password. Normally, the companies you entrust your passwords to are supposed to secure your password (by encrypting it, known as “hashing”). Unfortunately, not all of them use powerful or modern algorithms to prevent them from being corrupted, and your password is often stored in plain text. So, fatally, this exposes your accounts to fraud or your data to the risk of being used against you for identity theft.
How to choose a good Password Manager
That’s a quite hard question. There are so many criteria! It could be quite hard to choose. So, here is our advice:
The primary purpose of a password manager is to keep your passwords safe and secure. It is a password vault. So the first thing you need to check is, of course, its security.
When it comes to online security, it’s (mostly) all about encryption. Aren’t you an expert in encryption? Don’t worry about it. The Internet is full of people trying to find vulnerabilities in password managers and enjoying publishing their findings. So if you’re not sure about a password manager security, just type [password manager name] + hacked / cracked on the web.
Look for any documents that are expertly written, such as whitepapers or reviews. Check out this example: https://1password.com/files/1Password-White-Paper.pdf
A little tip: avoid the brand new password manager. Wait until their robustness has been tested and publicly demonstrated.
📖 Open Source
As we were talking about security & encryption, we thought it would be nice to detail a bit more the notion of open-source. Contrary to what we may instinctively think, opening your code publicly allows everyone to verify that there is no vulnerability. That’s a guarantee that what you’re using is really secure.
Well, and we must admit it is a subject that is close to our hearts. Our code is totally available to the community, which allows us to continually evaluate our work. Read the article on the opening of Berty’s code.
We therefore strongly suggest that you use a password manager which code is open-source.
🔎 Features Included
We recommend you to have a look at the list of features offered by the software. Don’t take the one that offers the most, opt for the one that has the functions you need. It’s better to have a well-executed features rather than an impressive list of features that you won’t use.
Remember that changing your password manager is a time-consuming process, so take the time to choose wisely. Here are some important features to check out:
It’s a detail that may be important. Imagine working all week with an Android phone for work and using an iPhone on the weekend for personal use. So your password manager needs to be able to synchronize between different operating systems (OS). The same is true between Windows and Mac - and the different Web browsers you use or will use.
Cloud-based & Offline
Generally, software managers fall into one of two categories: Cloud and Offline. The difference is related to the storage of information: either in the cloud or on your device. In terms of pros and cons: Cloud solutions usually charge a monthly fee because they store your passwords remotely in the cloud. Conversely, offline solutions are usually free and store your encrypted passwords on your computer. Generally speaking, offline solutions are safer because they are less subject to attacks. Indeed, it is more interesting for a hacker to attack a cloud solution where he will have access to many passwords from several people (vs only one). Moreover, if you use a cloud solution, you will have to trust third parties. On the other hand, you will have access to your passwords everywhere (as long as you have internet) and you will have an automatic backup.
It’s a choice between convenience and security. It really depends on your needs!
Password Manager and Two-Factor Authentification (2FA)
Speaking of security, a very safe way to secure access to your vault is to use a second identification method (SMS, Email, TOTP, Yubikey). Whatever the method, this feature is a must-have!
🆕 Check for regular updates
A good password manager must be recent or, more precisely, it must have an active development. Indeed, it is likely that new flaws will be found either in the concept of the software or in the components used by this software. The development team must be reactive in order to not compromise the security of the managed passwords.
Our advice: Check if the password manager regularly publishes updates and patches (not just new features ;)) - and take a look at their blog. If it’s regularly updated, it means the team is active and honourable when they openly publish having fixed vulnerabilities.
That’s an important factor. The price of some password managers can be elevated. However, it has to be balanced with the available features.
Be careful, more expensive does not mean better. Some software are free and much more powerful than the paid ones. Just saying!
Best Password Manager in 2020
We can’t give our preference or advice like: you have to use this password manager. Why can’t we? Because it depends on your needs, your usage. But we can name a few!
Bitwarden is an easy-to-use password manager, free, open source and multi-platform: Windows, MacOS, Linux, Android, iOS. It is also available with a simple browser extension: Chrome, Firefox, Opera, Microsoft Edge, Safari, Vivaldi, Brave, Tor Browser.
It’s a very nice project with a very interesting freemium version: a lot of features available in the free model and the paid version is only a few dollars. The Bitwarden code is open source, so it can be continuously reviewed AND on top of that they have done a third-party audit.
In short, we really like this project.
1Password is an “old” password manager, created in 2006. It’s a huge advantage: it is easy to use. The software is cross-platform and synchronizes your data on Mac, iOS, Windows, Android, Linux and Chrome OS.
Its model is premium with a subscription at about 36$ per year.
Our favorite feature: the “Travel mode” to temporarily erase data from your devices when you travel.
Dashlane is a password manager created in France (French can code!) in 2012.
The solution is, above all, a premium service (60$ per year), even if a basic free version exists with a maximum of 50 passwords registered for 1 device.
Dashlane offers complex passwords, a digital wallet, as well as automatic filling of your login and password in your browser. The premium offer provides synchronization on all devices as well as a free VPN.
The advantages: it is very secure, VPN included, multi-platform, digital wallet, darkweb monitoring
Password Manager VS iCloud keychain?
OS and macOS have a feature called iCloud Keychain, which is responsible for storing all passwords and credit cards of the user. However, when compared to competing apps like 1Password and Dashlane, it lacks some important features.
But that could change soon with iOS 14. According to 9to5Mac, which says the new features are part of an early build of the upcoming OS release, Apple will be adding both password changing recommendations and 2FA support.
Security vs Password Managers
Password managers can also put passwords at risk. You probably know the old adage about keeping all your eggs in one basket. This is also true for your password manager. An attack against your password manager can reveal all your passwords. That’s why our recommendation, if you are careful, is to use multiple password management systems. For example, use one for your non-business life, one for work, and one that holds some important strong password reminder.
Final thought about Password Managers
- Learn how to create a strong master password.
- What solution will you use to send a password to someone? If you’re looking for a secure messenger you can trust, take a look at our solution: Berty.
- Tell us below if you liked this article, or which password manager you recommend and why. We’ll be happy to hear your feedback!