Companies and websites are being hacked all the time these days. Big news at first, but now it happens so often it's brushed off by most with an "meh, another one," without reading the story. Keeping up with these stories, specially if it's a company, service or website you use, is worth the time though as a hack doesn't necessarily mean your details were exposed.
If proper procedures are followed by those who were hacked, your account details including credit card info and password should be "hashed" and "salted" using a strong cryptographic cipher. For those of us who only know those two terms in the context of potato-y breakfast treats, here's a very simplified explanation:
- Salting involves adding random bits to your password
- Hashing involves creating a digital fingerprint that represents your password
The hashed data can be cracked by someone with enough processing power and motivation though, which is why you often see stolen data from a hack surface weeks or months later. Cracking password hashes takes time, but a large percentage of passwords can be cracked very quickly as they are commonly used all over the Internet. If your password is "Password1," it will be cracked in under a second, but if your password is "ZK}8xR%YtrvVAk4nuad#Y9g}X," it can take so much time it's not worth the effort for those attempting to crack it.
A safe assumption is that once a company has been hacked and your account details are stolen, your password will be exposed at some point. Before that happens, you want to make sure there is enough time to react and change your password. In the event of a data breach, the company must first discover the hack, investigate the it, and finally report the hack. This can be weeks or months in which you have no idea hackers are trying to crack your password!
Ideally your password is so strong that by the time you learn of a hack, the chances of it being cracked are still very slim. This brings me back to the previously mentioned, super secure password: "ZK}8xR%YtrvVAk4nuad#Y9g}X." This password will likely be among the last that are cracked, but I couldn't memorize this even if I lived 10 lifetimes. And this where a password manager comes in.
A password manager is software that allows you to create and store very complex and strong passwords, among other things, so you won't have to memorize them. All you need to do is memorize one password to get access to all the other ones. However, there are quite a few password managers in existence today, so which one is right for you?
I'll mention a few in this article, in no particular order, and hopefully help you narrow it down to a fit that's right for you. That said, this article is not a full-on comparison between password managers. It's more designed to explain what to look for in a good password manager and provide a few options.
What to Look for in a Password Manager
- Reputation - You probably don't want to use a password manager that frequently makes headlines as being hacked or having security flaws. Using the search engine of your choice do some searches using the name of the password manager + words like "hacked," "security flaw," etc. See what pops up and you'll have a pretty good idea soon of the product's reputation.
- Platform support - You'll want your passwords available to you on every device you use. Having to run to your Mac every time you need a password on your phone is far from useful.
- Syncing - If a client is available for all your devices you want your up-2-date password database there at all times of course. Syncing through iCloud, Dropbox or other services is a must to make this happen.
- Browser integration - Opening your password manager and copy/pasting your usernames and passwords to wherever you need them works but it's not ideal. You want the password manager to interface with your browser of choice so it can offer to auto-fill names, passwords and credit card details for you.
- Strong encryption - You want to be sure the password manager encrypts your password database properly using a strong cipher.
- Auto saving new and changed passwords - Whenever you change a password or create a new one on a website, your password manager will pop up and offer to update it's database. This way you don't have to open your password manager after the fact and update or create the database entry manually.
- Security Audit - Knowing which passwords are several years old, which services might be using the same password (duplicates) or which passwords are weak and need to be updated with something stronger are great features to have in a password manager.
- Backup / Restore - The ability to backup your password database and restore it if needed are very important.
- Import / Export - If you switch from one password manager to another you want to be able to take your password database with you.
- Password generator - Since the password manager will be remembering all the passwords for you anyway, you might as well make them long, complex and strong. A password generator will do this for you very quickly.
3 Password Managers That Meet All Criteria
Below are a few password managers that meet all of the above criteria.
Cost: Pricing ranges from $2.99/month to $4.99/month, or if you prefer a standalone one time purchase, the Mac version will run you $64.99. For iOS, the app is free and offers an in-app purchase option of $9.99 for Pro features.
Platforms: macOS, iOS, Windows, Android.
1Password is among the favorite password managers. It has a great reputation, offers strong encryption, syncing through iCloud or Dropbox, and if you don't want to sync through an external service it has a Wi-Fi server built in that can sync changes directly to your iOS device over your own network. Available for Mac, iOS, Windows and Android you can have your entire database on all your devices. Your passwords and password generator are quickly accessible from the menu bar or browser plug-in. More pricing details and a full list of features are available on their website.
Cost: LastPass is free, but also offers a $1/month premium that provides family sharing and priority support. For business, there are several pricing tiers ranging from $30/user/year to $48/user/year.
Platforms: macOS, iOS, Windows, Linux, Android, Windows Phone, Microsoft Surface RT.
LastPass is another popular password manager. It's available as a browser extension for all major browsers on Mac, Windows and Linux, and apps are available for iOS and Android as well. Passwords are encrypted in the browser and stored on their server. This makes them accessible anywhere as long as you have the browser extension installed. More pricing details and a full list of features are available on their website.
Cost: Free to use on the Mac or iOS, but to unlock Pro features on iOS you must pay $9.99.
Platforms: iOS, macOS, Windows, Linux, Android, Blackberry, Windows UWP.
Enpass is also a popular password manager. It stores the database locally, encrypted with 256-bit AES, and offers all the features most security-minded folks are looking for in a password manager. A full list of its security features are available on their website.
Other Password Manager Options
There are many other password managers out there, and you're welcome to have a look at all of them. An online search will give you the most up to date options, but whichever password manager you decide to go with, just make sure it works for you and meets all your needs. If you've never used a password manager before, there will be a small adjustment period. It may also take some time to consolidate all your passwords, but I promise it's worth it!
I have been using a password manager since 2008 and can't imagine my day without it. It's among the first things I install on a new or reinstalled computer, and I recommend it to people whenever the chance arises.
Have you tried some of the password managers mentioned in this article? Which password manager do you use and what features do you like most about it? Drop us a comment below and let us know your thoughts!