The Internet has brought us a lot of benefits. Using it, we can talk to people all over the world who share our interests or whose culture we want to know more about. Applications for jobs, government benefits, housing, and college can be found mostly online, with few paper applications being processed anymore. Online purchases enable us to buy things not available in local stores, and online video games allow us to test our reflexes and problem-solving skills against people from anywhere. So much of our lives are online now that we even have “smart” gadgets, such as thermostats and light bulbs, that use the Internet to run and secure our homes.
So, if you’ve ever had an online account compromised, it can feel really violating. This is especially true if the account is attached to personal information, such as credit cards, smart-home devices, or your primary email address. Many of us have accounts online that contain a lot of very personal information, including our address, telephone number, social security number, credit card numbers, medical history, and even driver’s license and bank information. Malicious actors who obtain this information can steal so much about your identity that they can ruin your credit and reputation.
To make matters worse, most hackers are on the other side of the world and have never met you. To them, identity theft is nothing personal, merely business. While most people use passwords that have some personal relevance to them and can therefore be guessed if an identity thief has enough information about them, passwords are usually not hacked this way. Experienced hackers have equipment, apps, programs, and malicious software that farm the information for them or use algorithms to figure out your passwords. Even if your passwords are very secure, they can still be hacked.
Many IT professionals suggest the use of a password manager to combat hackers—especially if you have sensitive data or rely on smart home security. A password manager can be either a software program or an application that keeps a “vault” of all your accounts and creates encrypted passwords for each of them. The only password you need to know is the one to open the password manager. Password managers can be online, offline, on desktop and mobile, or token based, and many of them feature two-factor authentication, so even if someone finds or figures out your master password, you can still prevent data catastrophe.
The basic function of a password manager is to generate encrypted passwords of random characters, which are harder to guess—even with algorithm software. A further plus is that the password manager also remembers all these passwords for you so you only need to remember the master password and no longer have to worry about lost passwords. The vault they are kept in is a secure database of all your accounts that require passwords. As the name implies, you can manage all your passwords in this one central location. Many of them have other features that also enhance your security as though you are putting a shield of information between your data and potential threats.
Password managers can be put on any device—from a computer to a tablet to a smartphone. Some are software installations while others are browser extensions. There are also password managers that are token based, which means they need a physical key, such as a smart card or a biometric scanner. All of them allow users to add the accounts they want protected to the encrypted vault, where they then generate complicated password combinations for them. Users then open the password manager anytime they want to access these accounts and select the account they want to open. It’s really that simple, and all it requires is knowing the password to the password manager.
In computer terminology, “pwned” means “owned,” which further means that someone has defeated an enemy in a video game. For hackers, it means they’ve successfully bypassed security systems and harvested valuable data like credit card or Social Security numbers.
There is a website called Troy’s Hunt: Have I Been Pwned (HIBP) that collects compromised databases. It has become such an authority on this topic that the most reputable password managers use it as a library to determine if information stored has been compromised. This is an invaluable service because if your data was compromised on a website you overlooked or by a third-party source, like an old job application, your password manager can still find it.
Not all password managers are HIBP connected, and some that are not connected to Troy’s Hunt are still reputable and great in other ways, but HIBP adds another layer of protection—even to accounts you forgot about.
Choosing a password manager involves doing a bit of research and deciding what your security priorities are by asking yourself the following questions:
Does it have a mobile app?
Whether it’s for family or business, it’s up to you to decide what your needs are and pick the password manager that best meets them. Here are a few of the most common and recommended password managers:
BitWarden is a free, open-source password manager that has all the best features of its competitors. Being open source means any programmer can update it and fix bugs in the system. They do charge $10 for their family plan, but they’re a solid choice for security.
1Password is one of the strictest password managers out there, which means, if you lose your master password, you may have a problem. However, the level of security they offer is worth the $60 price tag for the family plan—especially since it offers a lot of integration with mobile devices and apps.
LastPass is one of the most popular password managers, despite suffering a data breach in 2019. That breach actually somewhat strengthened their reputation since it forced them to tighten security even further than their comprehensive features already provided. They’re popular because they’re inexpensive, at $36 a year for their premium plan, and still have one of the best reputations among password managers.
Dashlane is one of the oldest password managers—up to their sixth version. They have brought a lot of features to the industry that others don’t have, such as data-breach alerts, which tell you if your data has been compromised anywhere on the web. Their unique features justify the $120 per year for their premium plan.
The main drawback of a password manager is the master password. If the password gets lost in the case of a catastrophe, loved ones and business partners could be locked out of all accounts. If it gets compromised by hackers and other malicious actors, they have power over all your accounts. Clever hackers can employ a keylogger to get your master password, and some password managers have even been breached. Many people, particularly families and close friends, see nothing wrong with sharing passwords, which can also lead to breaches or betrayals.
Other drawbacks can also present problems. Some websites, such as banks and colleges, disable autofill, which means password managers don’t work. Other websites want a PIN, a CAPTCHA, or other proof of human activity, which password managers also complicate. A few password managers are working around such obstacles, though, so it’s always a good idea to read up on the specific features of each. All of them keep their whitepapers updated and notify users of patches and other upgrades.
Many web browsers, such as Google Chrome and Mozilla Firefox, have built-in password managers. The problem is that they lack a lot of the features that dedicated password managers have. Also, since there have been data breaches and antitrust issues with some of the companies that made these browsers, it shows they are not immune to bugs and exploits. They are usually not encrypted, which not only means your master password is vulnerable, but since most people use the same password for multiple accounts, more than one of your accounts might also be vulnerable. Browsers are adding more features to their password management services, but ultimately, a dedicated service simply has more to offer.
The only drawback of a password manager is keeping track of the master password. Otherwise, password managers provide so many benefits that there’s no reason not to use them. In fact, forgetting or losing the master password isn’t a total loss because most reputable programs have customer service safeguards that can restore your access. They keep track of passwords to accounts with sensitive data so you don’t have to, and they can do this for the whole family. No password manager is going to be flawless, and every user or group of users has its own unique needs and requirements, so choosing a password manager relies heavily on your personal preferences.