How To + Software & Apps

Companies and websites are hacked all the time, and data they hold about users can be leaked. These leaks often contain user names and passwords, and can include other data, such as credit card numbers or personal information. You don’t hear about these hacks often, except when it’s a big company or a popular website. Wikipedia has a list of data breaches, listing the largest hacks. Just in the past year, companies and services such as Twitter, IKEA, T-Mobile, and Twitch were hacked. Was your data stored on their servers?

If proper procedures are followed, your account details including credit card info and password should be “hashed” and “salted” using a strong cryptographic cipher. Here’s what those terms mean:

• Salting adds random bits to your password
• Hashing creates a digital fingerprint that represents your password

Hashed data can be cracked by someone with enough processing power and motivation, though, which is why you often see stolen data from a hack surface weeks or months later. Cracking password hashes takes time, but a large percentage of passwords can be cracked very quickly as they are commonly used. If your password is “Password1,” it will be cracked in under a second, but if your password is “ZK}8xR%YtrvVAk4nuad#Y9g}X,” it can take so much time it’s not worth the effort for those attempting to crack it.

It’s safe to assume that once a company has been hacked and your account details are stolen, your password will be exposed at some point. Before that happens, you want to make sure there is enough time to react and change your password. In the event of a data breach, the company must first discover the hack, investigate it, and report it. This can take weeks or months, during which you have no idea that hackers are trying to crack your password!

Ideally your password is strong enough so, by the time you learn of a hack, the chances of it being cracked are slim. This brings me back to the previously mentioned, super secure password: “ZK}8xR%YtrvVAk4nuad#Y9g}X.” This password will likely be among the last that is cracked, but it would be very difficult to remember it. And if you use strong passwords on dozens of websites, there’s no way you can remember them all: this where a password manager comes in.

A password manager is software that allows you to create and store strong and very complex passwords so you won’t have to memorize them. All you need to do is memorize one password to get access to all the others. There are quite a few password managers on the market today, so which one is right for you?

We discuss several password managers in this article, which are popular among Apple users. This article is not a full-on comparison between password managers, but is designed to explain what to look for in a good password manager and to provide a few options.

What to Look for in a Password Manager

• Reputation: You probably shouldn’t use a password manager that isn’t well known; remember that you’re trusting the app to handle very sensitive information. Also, you can try doing some searches using the name of the password manager and words like “hacked,” “security flaw,” “vulnerability,” etc. See what pops up and you’ll have a pretty good idea of the product’s track record.
• Platform support: You want your passwords to be available to you on every device you use. Having to run to your Mac every time you need a password on your Android phone isn’t useful. You may also want a password manager that supports your smart watch; this is a great way of having important passwords with you at all time.
• Syncing: If software is available for all your devices, you want your up-to-date password database available on all of them, at all times. Syncing through iCloud, Dropbox, or other services is essential to make this happen. Many password managers use their own servers for this.
• Browser integration: Opening your password manager then copying and pasting your usernames and passwords when you need them works, but it’s not ideal. You want the password manager to interface with your browser of choice so it can auto-fill names, passwords, and credit card details for you.
• Strong encryption: You want to be sure the password manager encrypts your password database properly using a strong cipher.
• Auto saving new and changed passwords: Whenever you change a password or create a new one on a website, your password manager should offer to update its database. This way, you don’t have to open your password manager after the fact and update or create the database entry manually.
• Security Audit: Knowing which passwords are several years old, which services might be using the same password (duplicates), or which passwords are weak and need to be updated with something stronger are great features to have in a password manager. It’s also useful to know which user names or emails have been found in data breaches, so you can change those passwords.
• Backup / Restore: The ability to back up your password database and restore it if needed is very important.
• Import / Export: If you switch from one password manager to another you want to be able to take your password database with you.
• Password generator: Since the password manager will remember all your passwords, you might as well make them long, complex, and strong. A password generator will do this for you very quickly.

3 Password Managers That Meet the Above Criteria

Below are three password managers that meet all of the above criteria.

1Password

Cost: Pricing starts at $2.99/month for an individual, and $4.99/month for a family of 5 users. This includes access to 1Password for all available platforms, on as many devices as you use.

Platforms: Mac, Windows, Linux, iOS, iPadOS, watchOS, Android, and browser plugins for Chrome, Safari, Firefox, and Brave. You can also access your 1Password database through a web browser.

1Password is is one of the most popular password managers. It has a great reputation, offers strong encryption, and syncs through 1Password’s servers. Your passwords and password generator are quickly accessible from your Mac’s menu bar or browser plug-in. and 1Password’s Watchtower feature warns you if your credentials have shown up in data breaches. More pricing details and a full list of features are available on their website.

Dashlane

Cost: Dashlane has a free plan, which provides basic password manager features for a single device, and plans at $2.75, $3.33, and $4.99 per month (billed annually). The Premium plan ($3.33/month) includes access to a VPN, and the $4.99 plan is a “friends and family” plan that covers up to 10 users. There is also a range of business plans.

Platforms: There is no Dashlane desktop app; it works with a web app, a Safari extension, and iOS and Android apps.

Dashlane is another popular password manager. It’s available as a web app or browser extension for all major browsers on Mac, Windows, and Linux, and apps are available for iOS and Android; the iOS app also includes an app for the Apple Watch. The company got rid of its desktop app early in 2022, and now focuses almost entirely on its web app, which is an approach that other password managers don’t use. It can be more practical to have a web app, because it allows you to access your passwords on any device.

Passwords are encrypted and stored on the Dashlane server, and you can protect access with two-factor authentication. This is important with Dashlane because of the web access; other password managers with desktop apps store their passwords locally, so someone would need access both to your device and to your master password to access your passwords. Dashlane emergency access allows you to nominate someone who can unlock your account if you have lost or forgotten your master password. Dashlane’s Dark Web monitoring (available with the premium plan) checks to see if your personal information has been compromised. More pricing details and a full list of features are available on their website.

BitWarden

Cost: Free for personal use, a $10/year premium plan offers advanced features.

Platforms: macOS, Windows, Linux, iOS, Android, and browser plug-ins for Chrome, Firefox, Edge, Safari, Opera, Vivaldi, Brave, and Tor Browser. Bitwarden also offers a command-line interface for a variety of platforms, and you can access your Bitwarden database from the company’s website.

Bitwarden is an open source password manager that has a plan for individuals that claims to be “free forever.” Like other password managers, it handles passwords and other types of data, along with two-factor authentication codes, and offers a “username data breach report,” as part of its free plan. The $10/year plan offers a full range of features, and family and enterprise plans are also available. A full list of its security features are available on their website.

iCloud Keychain

Another option that might work for you, if you mainly use Apple products, is Apple’s iCloud Keychain. With syncing across all your Apple devices, the latest version of iCloud Keychain includes support for credit cards and two-factor authentication codes, bringing its feature set to par with many other password managers. You can use it natively on macOS, iOS, and iPadOS. You can even get iCloud Passwords on Windows PCs using iCloud for Windows. However, there is no web access, so you won’t be able to directly access your passwords on other devices such as Chromebooks or Android phones or tablets.

Check our our comprehensive review of how iCloud Keychain works for macOS and iOS here:

Mac and iOS Keychain Tutorial: How Apple’s iCloud Keychain Works

Other Password Manager Options

There are many other password managers out there, but whichever option you choose, make sure it works for you and meets all your needs. If you’ve never used a password manager before, there will be a small adjustment period. It may also take some time to consolidate all your passwords, but it’s worth it!

*Note: a previous version of this article recommended LastPass, but the company suffered a serious breach in the summer of 2022 putting users’ vaults at risk. We can no longer recommend LastPass.

Have you tried some of the password managers mentioned in this article? Which password manager do you use and what features do you like most about it? Drop us a comment below and let us know your thoughts!

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Facebook, Instagram, Twitter, and YouTube.

About Jay Vrijenhoek