To those of us who live online, and understand the risks that poses to us all, it’s hard to fathom why, but there are far too many users these days who don’t use password managers, use insecure passwords or worse still – use the same insecure passwords on multiple online sites. It’s not just risky, but this opens you, and at times others, up to significant risk.
Back in 2016 Duncan wrote an excellent piece on Passwords, Online security and you which is as relevant today as it was then – perhaps more due to the alarming regularity with which data breaches are reported is increasing steadily.
We hear about these regularly these days, so much so that many users have become desensitised to it but guess what… These breaches do make their way out to the dark web and as The Register reports, over 620 Million compromised accounts have appeared for sale recently and that would be hugely useful information to those who frequent the shady areas of the internet. (maybe link as reference to collection 1,2 and 3)
If nothing else, this serves as a stark reminder to keep your passwords strong, long and unique for every site, no exceptions. As a further layer of protection wherever it’s available, use 2 factor authentication to protect yourself as best you can when navigating the minefield that is online life.
What options are there for password management?
After increasing their price significantly with no extra features added, some users are considering Lastpass to be on the nose at the moment but thanks to our readers sharing their experiences we’ve got some other options to look at – here’s a quick rundown.
Free for personal use, $1.20/month for standard, $4.80/month per user for professional (minimum user numbers involved) and $8/month per user for enterprise there are a lot of useful options. and and offering full cross platform functionality, there’s a lot of crossover features from the other options and each level up in cost you get further features enabled.
For me the big highlights are the unlimited passwords and notes in the free option, 2 Factor Auth and Offline access. There’s a lot here to like that makes Zoho Vault an attractive option.
The downside I’ve seen is that the mobile app is heavily lacking compare to multiple other options, it made a complete mess of my Google logins and form completion is non-existent.
The first open source offering which gives some reasonably solid options. The cross platform functionality is reasonable with Windows, Mac, Linux, iOS, Android and an excellent range of browser plugins. One thing I particularly like with Open Source software is that it’s public code making it easy to review, bugs are found far more readily and if there’s anything resembling a “back door” for others to access your data it will get found quickly.
Though some issues were identified with Bitwarden in late 2018, the response from the company was quite swift and effective and there have been no issues since.
A quick look showed me that Bitwarden has all of the expected access options (mobile platforms as well as PC based) and is completely encrypted vs some other options that encrypt usernames (usually) and passwords, but not URLs – in simple terms, this means if a brute force attack does occur on your database, they know where you have accounts.
The biggest issues I can see with Bitwarden is their data sovereignty. The data is (from what I can find at least) MS Azure servers which are US based. So it’s possible that your db could be handed over to authorities at anytime without your knowledge. The fact that its stored on a server like this means it’s potentially vulnerable to attack much like Lastpass have suffered in the past.
Keeper Security is available for individuals at $2.50 per month or $3.33 for the bundle including Keeper Chat there’s some good and bad points for Keeper. If you’re keen to get your family on-board, it will set you back $8 per month for the bundle or $5 per month for the password manager alone.
Keeper I found very simple to setup and use, the auto fill I found extremely reliable for not only filling in passwords but generating and storing them. I also am very impressed with the 2 factor setup allowing such a wide range of options.
The form filling is horrible, I can’t put it any other way. Compared to a couple of the other options I tried out, it would be easier to simply fill the form in manually.
Another cascading price scale is an immediate attraction for users with simple needs on Enpass. $0 for the basic and $11.99 for the premium options.
There’s a number of features that are really useful but I found the auto fill particularly useful on the Android App for Enpass. It was as close to seamless as I could possibly ask and the cross platform capabilities and syncing were excellent. The ability to add multiple data vaults was also quite refreshing to keep separate areas of my digital life,
1password cops a big of a flogging in some circles for a variety of reasons, but honestly having tried it out for the most part I believe they’re unfair and generally unfounded. They were perhaps ahead of the curve in the early stages but in the current climate of password management their prices are very reasonably priced ($2.99 per month for individuals for $4.99 for families) and their function set is excellent.
They have apps for all platforms, huge storage capabilities and secure document storage as well. Travel mode, 2 factor authentication and a digital wallet to store much of your data. All common functions these day. My honest impression of 1password in using it for a short period is that it’s simple to use, integrates well with a normal workflow and is a fair price. There’s nothing that really makes it stand out among the crowd, but it holds its own when it comes to bang for buck.
Keepass is a free to use option that has some excellent functionality. It was a regular use item at a previous workplace of mine where the master key was shared with individuals is extremely powerful and great customisation options to meet your needs.
My highlights are the portability of it, I’ve previously run this on a USB drive, through Dropbox and at one point emailed a password database through to someone. The second (particularly for anyone who is looking to abandon another option) is the capability to import your databases from a reasonably high number of other password managers.
The unfortunate downside of this is that the interface is pretty daunting if you’re not familiar with it, installation assistance/documentation is difficult to come by and unlike other options – you need to enter credentials manually as there’s no auto capture of unrecognised credentials.
So why do you need to use a password manager?
Does anyone expect Bunnings to supply free door locks to keep your front door safe? No they don’t. So maybe, just maybe, paying for some measure of online security actually represents value for money. For so many of us the gateway to our entire life is online, banking, mortgages, car payments, mobile subscriptions…
Just like your front door these valuable assets need to be secured. If your not using long, string and unique passwords it’s time to start, and if you are it’s time to get your friends and family on board. There are pros and cons to most of the password management options, so please take the time to do some investigation for yourself before investing the time and effort in setting one up.