Password Managers – Don’t Use Bad Passwords

You have searched for “password managers” on google and you have clicked on this blog… suggesting to me that you have either been hacked or been sent a worrying message about one of your accounts? 

Am I right? 

I’m right…

I know I’m right.

Ok, maybe I’m not right. Good thing is, you are looking to secure your systems with one of the Password Managers available. 

Password Managers are the vegetables of the internet. We know they’re good for us, but most of us are happier snacking on the password equivalent of junk food. For seven years running that’s been “123456” and “password”—the two most commonly used passwords on the web. The problem is, most of us don’t know what makes a good password and aren’t able to remember hundreds of them anyway.

With more of us now working from home, outside the office intranet, the number of passwords you need may have significantly increased. If you can memorize strong passwords for every website you visit and every app you use, by all means, do it. Assuming you’re using secure passwords—which is, first and foremost, shorthand for long passwords—this is the most secure, if slightly insane, way to store passwords. It might work for Memory Grand Master Ed Cooke, but most of us are not ready for such fantastic feats. We need to offload that work to password managers, which offer secure vaults that can stand in for our faulty, overworked memories.

A password manager offers convenience and, more importantly, helps you create better passwords, which makes your online existence less vulnerable to password-based attacks. Be sure to also have a look at our guide to VPN providers for some more ideas on how you can upgrade your security and our guide to backing up your data to make sure you don’t lose anything if the unexpected happens.

What is a Password Manager?

A password manager stores your passwords in an encrypted form to protect them from prying eyes and improper access. It also displays your selection of login credentials so you don’t have to remember hundreds of passwords on your own except the master password or in some cases the PIN you use to sign into the app.

The best password managers make it simple and easy to manage all of your online passwords in a safe way. This was especially important during this pandemic; millions were being forced to work for home and online security concerns have made password managers an essential tool.

Not surprisingly, the amount of searches for password managers has quadrupled over the past 24 months around the world as users bought or were given new devices which needed to be synced and configured.

Most of us already have scores of online accounts, and it’s all too easy to fall into the habit of reusing the same password for multiple sites and services. It might be convenient, but it also leaves us in real danger as if just one of those sites is compromised, all your accounts could be at risk.

A good password manager will not only save you the effort of remembering dozens of different logins for all your online accounts, but it will also help keep them secure by generating strong passwords that are impossible to guess and storing them all safely in an encrypted vault.

Is it a good idea to use a Password Manager?

Don’t use bad passwords, use a password manager. That’s why many cybersecurity experts suggest using a password manager. It’s a software utility that securely stores passwords and automatically fills them into login pages. They help you protect every single one of your online accounts with a strong password.

What s the point of a Password Manager?

A password manager assists in generating and retrieving complex passwords, potentially storing such passwords in an encrypted database or calculating them on demand. Types of password managers include locally installed software applications. online services accessed through website portals.

Can a Password Manager be hacked?

Password Managers can and have been hacked. In February of last year, a security report by independent consulting firm ISE disclosed flaws in the security of a password manager app. Make sure that you lock the passwords behind a vault that can only be opened by a master password.

What is the Safest Password Manager?

While a lot of the password managers I tried were pretty bad, several of them stood out for both their user experience and their overall value.

Many of these top password managers have:

• Strong data encryption.
• Password auto-filling.
• Two-factor authentication (2FA)
• Multi-device sync.
• Secure password sharing.
• Password vault auditing.
• And a lot more…

So, how do you know which password manager is right for you? I compared the top password managers on the market and ranked them based on security, usability, additional features, and price to find the 5 best password managers for 2021.

How I Rated 2021’s Best Password Managers:

• Security. I looked for password managers that use 256-bit AES encryption, have zero-knowledge protocols, provide two-factor authentication (2FA) or multi-factor authentication (MFA), and come with additional safety features to offer 100% secure password management.
• Features. Password managers include tons of different features, including web form filling, secure password sharing, file storage, dark web monitoring, and sometimes even a VPN — I put all of these features to the test to figure out which ones provide real value and which ones are just flashy add-ons.
• Ease of use. I made sure that all the password managers on this list are simple to understand, access, and use, even for beginner and non-technical users.
• Customer support. I ranked each company’s support systems in terms of helpfulness, response times, types of support offered, and available languages.
• Value. All of the password managers I recommend provide secure password management at a decent price. And you can try out most of them risk-free with a free trial or money-back guarantee.

1. Dashlane — Best Overall Password Manager

Dashlane is my favourite password manager in 2021 — it’s highly secure, very easy to use, and includes a wide range of additional features.

Dashlane protects user data with 256-bit AES encryption, zero-knowledge architecture, and 2FA (including biometric logins) — these security features ensure that no one other than you can ever access your password vault or gain access to your sensitive data.

Dashlane provides intuitive password management on all devices, operating systems, and browsers. During my tests, Dashlane performed exceptionally well in all areas — it generated very strong passwords, instantly synced data across each of my devices, and accurately auto-filled even the most advanced web forms.

Dashlane also comes with:

• Automatic password changing.
• VPN (with unlimited data).
• Dark web monitoring.
• Password sharing.
• Password strength auditing.
• Emergency access.
• Secure file storage (1 GB).

All of Dashlane’s features are useful, intuitive, and work as promised. I especially like Dashlane’s automatic password changer — it audits the password vault and instantly strengthens weak passwords across 300+ popular sites.

Dashlane is the only password manager on the market that comes with a VPN — and Dashlane’s VPN is even faster than some standalone VPNs. In my testing, Dashlane’s VPN encrypted my internet connection and unblocked geo-restricted content without any significant slowdown — even when I was connected to far away servers!

Dashlane Free comes with the automatic password changer, basic 2FA, and limited password sharing (up to 5 accounts). The free plan only provides storage for 50 passwords and only covers 1 device, so it’s probably not the best choice for most people. Dashlane Premium has unlimited password storage across an unlimited number of devices, unlimited password sharing, a VPN, dark web monitoring, and a lot more. Dashlane Premium Family is the same, but it adds up to 5 licenses as well as a family management dashboard.  

Bottom Line:

Dashlane is by far the best password manager I’ve tested. It’s highly secure, easy to use, and has a ton of useful features — like an automatic password changer, dark web monitoring, 2FA, and a lot more. It’s also the only password manager with a VPN! Dashlane Free includes a free trial of the Premium plan, and all Dashlane purchases come with a risk-free 30-day money-back guarantee.

2. 1Password — Best Interface, Easy to Use + Excellent for Families

1Password is my pick for the most intuitive and easiest-to-use password manager on the market. Its interface is bright, simple, and extremely user-friendly. And 1Password includes a lot of excellent security features, like:

• Watchtower. Scans the dark web and public databases for breached logins and financial information, audits password vault for security, and generates high-strength passwords.
• Built-in authenticator. Generates one-time passwords to strengthen 2FA-compatible web logins.
• 2FA. Syncs with one-time password apps like Authy, USB keys like YubiKey and Fido, and biometric scanners (face, fingerprint, and eye) for Windows, Android, and iOS.
• Travel mode. Hides sensitive passwords from the vault so intrusive border checks can’t access private data.
• Local data storage option. Syncs computer with Android or iOS device over local wireless network using a WLAN server.

1Password also has a really good Families plan — one subscription comes with 5 members, and you can invite new members for a small fee. This is much better than the competition — brands like Dashlane and LastPass both have a limit on how many users can share one subscription. And 1Password’s intuitive vault-sharing functions make it super easy to share passwords between family members while also keeping personal accounts private (there are two vaults — a “Shared” vault and a “Private” vault).

1Password doesn’t offer a free version, but its plans for individuals, families, and businesses provide a ton of great features for less than competitors like Keeper and Dashlane. And there’s a 30-day free trial to help you decide if 1Password is right for you. 

Bottom Line:

1Password is a secure and intuitive password manager with a great, easy-to-use interface. And features like dark web scanning, biometric logins, and a built-in authenticator all help to keep passwords 100% safe. 1Password also has one of the best family plans in terms of usability and overall value — I had no problem sharing important logins with my family, while also restricting access to private accounts. And 1Password offers a 30-day free trial for all of their plans.

3. NordPass — Best User Interface (Very Easy to Use)

NordPass is a simple, streamlined, and easy-to-use password manager — it doesn’t have a lot of features, but it provides secure password protection with a very intuitive interface, making it one of the top choices for beginners and non-technical users.

NordPass uses the advanced XChaCha20 encryption method — the same algorithm that Google uses — and zero-knowledge protocols, so not even the NordPass team can access your data. And NordPass also supports multi-factor authentication, including face and touch ID on mobile devices.

Apart from the basics like auto-fill and password generation, NordPass also has extra features like:

• Password strength analysis.
• Password sharing.
• Dark web monitoring.
• Multi-device sync.

During my tests, I was impressed with how easy it was to use NordPass — I had no trouble importing my passwords, generating new ones, and saving new logins. I also found it very easy to share passwords, credit cards, and notes with other NordPass users.

NordPass has a free version, but it only covers 1 device. Upgrading to NordPass Premium gets you coverage for up to 6 devices and unlimited password sharing. NordPass Familyis the same, but it adds licenses for up to 6 users.

Bottom Line:

NordPass has a streamlined, intuitive interface, making it a good choice for users looking for a simple, easy-to-use password manager. NordPass has one of the strongest encryption methods on the market (the same as Google!), zero-knowledge protocols, and MFA. NordPass doesn’t have a lot of features, but it makes it very simple to generate and save new passwords as well as share logins with other users. You can try out NordPass with a 30-day money-back guarantee.

4. RoboForm — Best for Advanced Form-Filling Capabilities

RoboForm has the best form-filling capabilities out of all the password managers I tested — it accurately auto-fills some of the most complex web forms with just one click.

With RoboForm, you can create multiple “Identities” for web forms, with 8 different categories of information, including passport, credit card, and vehicle info. During my tests, I was able to easily fill out all types of web forms — from basic ones like social media logins to advanced ones like online accounting forms — with zero errors or missed fields!

RoboForm also comes with:

• Multiple 2FA options.
• Password security auditing.
• Secure password and note sharing.
• Secure bookmarks storage.

I like RoboForm’s 2FA options — in my tests, RoboForm integrated well with Google Authenticator, and I had no trouble using biometric logins to access my RoboForm account. However, I don’t like that RoboForm doesn’t support USB 2FA tools like YubiKey (unlike Dashlane and Keeper).

All of RoboForm’s features work well, but my favourite is the secure bookmarks storage. This standout feature allowed me to save and sync bookmarks from my desktop browser onto any device with RoboForm installed (like my mobile phone) — so I was able to instantly access all of my favourite sites no matter which device or browser I was using!

RoboForm Free has form filling, password strength auditing, and secure bookmarks storage. RoboForm Everywhere is where you get syncing across an unlimited number of devices, 2FA, and cloud backup. RoboForm Everywhere Family is the same, but it adds licenses for up to 5 users. 

Bottom Line:

RoboForm is a good password manager with the best form filler on the market. RoboForm also has additional features like 2FA, password strength auditing, secure bookmarks storage, secure cloud storage, and more. RoboForm’s free plan comes with a 30-day free trial of RoboForm’s premium Everywhere plan. All RoboForm purchases have a 30-day money-back guarantee.

5. LastPass — Best Free Plan

LastPass is secure, feature-rich, user friendly, and has a really good free plan — LastPass Free is one of the rare free password managers that lets individual users store unlimited passwords (on unlimited devices) and share unlimited passwords (with only 1 user).

LastPass Free also has:

• Automatic password changing.
• Basic MFA options.
• Password strength auditing.
• Secure notes storage.

I really like that LastPass has an automatic password changer in its free plan — this feature allowed me to change passwords across 70+ sites with a single click. While Dashlane’s automatic password changer covers more sites and is more intuitive, LastPass’s auto-changer is also pretty good.

I also like LastPass’s MFA options — they sync up with the built-in LastPass Authenticator and third-party apps like Google Authenticator and Microsoft Authenticator. LastPass’s paid plans also include advanced MFA options, including YubiKey, Sesame, and fingerprint authentication.

Apart from advanced MFA, upgrading to LastPass Premium also brings you password sharing with multiple users, dark web monitoring, emergency access, and 1 GB cloud storage. And LastPass Families adds licenses for up to 6 users. 

Bottom Line:

LastPass has the best free password manager plan — it stores unlimited passwords across unlimited devices and provides unlimited password sharing with 1 user. LastPass Free also has an automatic password changer, basic MFA, and password strength auditing. Upgrading to LastPass Premium gets you unlimited password sharing with multiple users, dark web monitoring, advanced MFA, and lots more. LastPass Free comes with a 30-day free trial of LastPass Premium.

What is a Password Policy?

A password policy is a set of rules which were created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly.

What are examples of Password Policies?

Here are some of the password policies and best practices that every system administrator should implement:

1. Enforce Password History policy
2. Minimum Password Age policy
3. Maximum Password Age policy
4. Minimum Password Length policy
5. Passwords Must Meet Complexity Requirements policy
6. Reset Password
7. Use Strong Passphrases.

How do I create a Password Policy?

1. Enforce Password History. Password history sets how frequently old passwords can be used again
2. Set a Maximum and Minimum Password Age
3. Impose a Minimum Password Length
4. Include an Account Lockout Policy.

Why is a Password Policy important?

Password policies are necessary to protect the confidentiality of information and the integrity of systems by keeping unauthorized users out of computer systems. The fundamental protection of computers and networks (the password) is still in use.

Password Manager Basics

A good password manager stores, generates, and updates passwords for you with the press of a button. If you’re willing to spend a few dollars a month, a password manager can sync your passwords across all your devices. Here’s how they work.

Only one password to remember: To access all your passwords, you only have to remember one password. When you type that into the password manager, it unlocks the vault containing all of your actual passwords. Only needing to remember one password is great, but it means there’s a lot riding on that one password. Make sure it’s a good one.

If you’re having trouble coming up with that one password to rule them all, check out our guide to better password security. You might also consider using the Diceware method for generating a strong master password.

Apps and extensions: Most password managers are full systems rather than a single piece of software. They consist of apps or browser extensions for each of your devices (Windows, Mac, Android phones, iPhone, and tablets), which have tools to help you create secure passwords, safely store them, and evaluate the security of your existing passwords. All that information is then sent to a central server where your passwords are encrypted, stored, and shared between devices.

Fixing compromised passwords: While password managers can help you create more secure passwords and keep them safe from prying eyes, they can’t protect your password if the website itself is breached. That doesn’t mean they don’t help in this scenario though. All the cloud-based password managers we discuss offer tools to alert you to potentially compromised passwords. Password managers also make it easier to quickly change a compromised password and search through your passwords to ensure you didn’t reuse any compromised codes.

You should disable auto form-filling: Some password managers will automatically fill in and even submit web forms for you. This is super convenient, but for additional security, we suggest you disable this feature. Automatically filling forms in the browser has made password managers vulnerable to attacks in the past. For this reason, our favourite password manager, 1Password, requires you to opt into this feature. We suggest you do not.

Don’t panic about hacks: Software has bugs, even your password manager. The question is not what do you do if it becomes known that your password manager has a flaw, but what do you do when it becomes known that your password manager has a flaw. The answer is, first, don’t panic. Normally bugs are found, reported, and fixed before they’re exploited in the wild. Even if someone does manage to gain access to your password manager’s servers, you should still be fine. All of the services we list store only encrypted data and none of them store your encryption key, meaning all an attacker gets from compromising their servers is encrypted data.

Conclusion

This should be enough basic level information on Password Managers and Password Policies to get your small business through without too much trouble. If you are after some further assistance on securing your business systems, please give us a call today.