How to choose a password manager

Published on April 4, 2019

iStock-964579430Data breaches are becoming more prevalent with each passing year. The largest breach by volume, exposing 773 million emails and 21 million passwords, occurred at the beginning of this year and is an excellent illustration of just how fragile your online security can be. But if you’re feeling the temptation to throw up your hands and accept that occasional breaches are inevitable... don’t. There are a couple of things you can do to effectively protect your data. The first is to always use a strong, unique password or passphrase with every one of your accounts, from your banking login to the login for your favorite news site. The second thing you can do is to keep track of these unique passwords in a secure and reliable way. That’s where a good password manager comes in.

In today’s post, we’re going to explain how the two types of password managers work, give you the pros and cons of both, and make a few suggestions that will help you ensure your passwords, and your personal information, are protected.

Password management built into your browser

Most web browsers, such as Chrome, Firefox, and Safari, provide a password manager that asks you if you want to save a password when you fill it in on a website, stores it, and then automatically fills it in when you return to the site later. Some of these managers allow you a limited ability to customize, such as turning off the autofill feature or adding a master password if you want extra security. Others flag weak or duplicated passwords and suggest stronger options. The browser password manager is popular with many users because it’s built in and most are already set up by default.

Pros

  • Convenient
  • Easy to use
  • Basic encryption is included
  • Free

Cons

  • Only works across multiple devices as long as the same browser is in use
  • Limited ability to customize
  • Limited special features

Third-party password manager app

Your other option is a third-party password manager app that gives you more control of options like autofill and extra convenience in features such as group password sharing, which is handy for sharing login information in a family or workplace, and personalized security alerts that let you know if your credentials have been stolen.

Most third-party password managers operate the same way browser managers do by asking if you want to remember your password and then filling it in for you later. Your passwords are stored on a cloud or in a file on your computer (depending on what the app allows and how you configure your settings), accessible with a master password or passphrase. The most secure password managers don’t give you the option to recover your master password, so make sure you remember it!

Because third-party password managers are focused on storing and protecting your passwords, they tend to offer more robust encryption than browser managers.

Pros

  • Security-focused
  • Robust encryption
  • Special features such a group password sharing
  • Easier to customize than browser managers
  • Easy to use across multiple devices

Cons

  • Most offer a free version but charge a monthly or annual fee for the special features

What password manager will keep my passwords safe?

There is no guarantee that any password manager will keep your passwords absolutely safe. However, it’s important to realistically consider your options. The most secure method of storing your passwords is in an encrypted file hidden on your computer, but this just isn’t a realistic option for most of us.

The best way to keep your passwords safe is to choose either a browser password manager or a password manager app that provides the features you want. This recent article from PCMag, The Best Password Managers of 2019, will help you get an idea of the most popular apps and their features. Here, at the Hushmail office, many of us use 1Password and are quite satisfied with the results.

Once you’ve chosen a password manager, follow the tips below to ensure your passwords are as secure as possible.

  • Use a strong, unique password or passphrase for every website. No exceptions. If you’re using a password manager, it will no longer be difficult for you to keep up with all of the passwords, and many of them will generate good ones for you.
  • Make sure your password manager doesn’t have master password recovery. This means you’ll  be responsible for remembering your master password.
  • Use two-factor authentication. This requires you to prove who you are in two different ways, most likely through your master passphrase and a pin received on your phone.
  • Update the software regularly. This ensures that any patches for vulnerabilities are implemented as soon as they come out.

The worst thing you can do is to do nothing

If you’re still unsure how you should manage your passwords, just remember, doing nothing is the worst decision. As long as you choose some type of password management system, you’re better off than using the same password across multiple sites and hoping it isn’t stolen. Inevitably, your password will be stolen, and if it’s in use on websites with valuable personal information, you could be in trouble.

Our best advice is to choose a password manager that balances convenience and security at a level you’re comfortable with and try it out for a while. Most of the third-party apps offer a trial or a free version so you can get a feel for the one that suits you best. Then, follow the tips we mentioned above, and you’ll be in good shape for conducting your business and personal life securely online.

Browser password managers and third-party apps are both excellent ways to store all of the passwords you need to come up with to access your favorite websites. The best manager for you depends on several factors, including the special features you want and how much convenience and security you require. Any password manager is better than relying on your memory and using the same few passwords across multiple websites.