A more secure web with password managers
Odds are you have a lot of passwords. Your password for Namecheap. A password for your bank. A password for your email. And on and on and on…
According to studies, the average person has between 50-100 logins and passwords to remember. That’s a lot!
Security hygiene
Having so many logins leads to a problem: poor online security hygiene.
The safest way to store passwords is in your head. But there’s no way the typical person can remember so many passwords, so most people resort to lax security practices.
For example, you might reuse the same password at multiple sites. Once one of those sites is compromised, the hackers may try the username and password combos at other sites, so if your hobby account uses the same credentials as your important accounts, someone could break into your bank account or take over your email.
Or you might create really simple passwords, like “password”. “Password,” along with “123456,” “abc123”, and “qwerty” are some of the most used passwords. Hackers use these common passwords to try to crack into accounts.
It’s easy to understand why people take these shortcuts. But this bad security hygiene leads to intrusions, which leads to potentially catastrophic results.
A better way to manage your passwords
Password managers were created to solve these issues. A password manager stores all of your passwords for you so you just need to remember a single master password.
The password manager saves usernames and passwords for you and enters them into the login spaces on websites when you want to log in. You just need to log into the password manager with your master password first.
Sounds great, doesn’t it? But you’re probably wondering how secure password managers are.
The companies that sell password managers talk up their security. The basic premise is that, even if the password manager’s servers get hacked, your passwords are safe. That’s because they operate on a “Zero Knowledge” system. The passwords are encrypted and can’t be decoded without your master password.
Technically, a password manager might not be as safe as remembering passwords in your head. But when you consider the shortcuts people take with passwords, a password manager ends up being the safer bet.
Once you install a password manager, you can use stronger passwords that are harder to guess. You can use unique passwords for each site without worrying about forgetting them. Password managers also alert users if one of their passwords has been compromised.
Password managers also reduce the chance that you fall victim to a phishing scam. The password manager will only offer to fill in your login credentials if it recognizes the URL of the site. If it’s a phishing site, it won’t prompt you to fill in the saved password.
The end result is that most people who use password managers end up being safer than those that don’t.
Choosing a password manager
There are lots of password managers out there, and the two most popular are LastPass and 1Password.
Both of these password managers offer similar services. You create an account and then download an extension for your browser or similar software. Whenever you log into a site, the password manager asks you if you want to save the password. When you return to the site, it asks if you want to fill in the login credentials.
Both also offer apps for iOS and Android devices. With cross-device password management, you can use a password on your phone that you saved on your laptop and vice-versa.
There’s very little difference in pricing between the services. LastPass charges $36 per year, or you can opt for the family plan for $48 per year. The family plan lets up to six people use the subscription, so this is a great deal. LastPass also has a free plan, but it’s limited to one device so you lose the feature that lets you log into your phone and laptop.
1password also charges $36 per year. Its family plan is slightly more expensive at $60 and has a limit of five users.
With similar core features and pricing, how should you choose?
First, consider if you care about any of the edge-case features the services offer. I recommend doing your research, and maybe taking them for a test drive (both offer free trials) to see how you feel about the user interfaces.
I tested both and found a couple of key differences. First, 1password nags you to re-enter your master password a lot more often than LastPass. While you can adjust the master password timeout, some people might like being prompted because it increases security in case someone gets ahold of your laptop. Others will find it annoying.
The other difference I found is in how they prompt you to save passwords. With LastPass, it asks if you want to save the password after you complete the login to a site. 1password requires you to save it before you click the submit button on a site’s password form. The difference is subtle but important. In many cases, I’m guessing what my password is when I enter it. With LastPass, I know if the password worked before saving. With 1password I don’t.
And 1password has a cool travel mode that lets you remove sensitive data from your devices when you cross borders and restore it when you arrive. This might be helpful for people who travel globally.
Ultimately, I chose to go with LastPass. While it also has some usability issues, I found it worked much better for me. I also like that the family plan was slightly less expensive.
Be safe online
Staying safe online starts with you. Using weak passwords or reusing them across sites opens you up to hackers who might steal your domains or your money.
Level up your security game with stronger passwords.
Why are they better than what’s built into the web browser?
I definitely prefer Bitwarden. I migrated from 1password 4 when I discovered the open source alternative Vaultwarden (formerly bitwarden_rs). Free, simple, powerful, available on both apple and android-products, as browser extensions and desktop app. Also combined with my Yubikey for extra protection. 🙂
Little did the author here know at the time of writing this article, that LastPass would get breached in a major and scandalous way towards the end of the year. For a second time! Allowing bad guys to grab hold of and run with complete vaults with encrypted passwords inside that belong to millions of LastPass users, who trusted LastPass with keeping their secrets secret. This allowed 1Password to come on top as the clear winner and a superior choice among these two. For the same price too! The price per year for both of these services was $36 at the time, according to this article.
If only we knew better… I always find it fascinating when I look back at things in retrospect, and compare past predictions to the current realities of present time. The saying “the best way to predict the future is to invent it” echoes in my head.
Who can you trust? What is it about a company, that makes it trustworthy? Is it their track record? Is it the people that run the company? Is it their ability to advertise and manipulate our mental perception of them and their products? Why would you trust a company with the keys to your digital kingdom? Is it because you’re a paying customer? Is it because you found a recommendation for their product on a certain blog that belongs to a certain company that you already trust? My friend’s friend is my friend too? Trust is everything! It’s not something that should be taken lightly.
I think password managers are still the best way to handle the increasing number of credentials we have to keep track of. Whatever password manager you choose, make sure it’s your choice, and not someone else’s choice. Try to keep your passwords and other secrets portable, keep the number of accounts down, and use unique passwords for each service, never reuse passwords across services. Best of luck out there!