This is part two of our stronger password series. For the other parts, click the links below:
In Part 1 of our Guide to Stronger Passwords we explained Two-factor Authentication and how it can significantly increase the security of your accounts.
However, Two-factor Authentication is not offered by all service providers and it still requires you to remember multiple passwords. Diceware is useful to remember a few long passwords, but if you have lots of accounts it can be difficult to remember all your different login credentials. This is where a password manager comes in handy.
A password manager is a program or service that creates and stores long, random, and unique passwords. You do not need to remember any of these passwords, instead, you use a single master password to authenticate yourself to the password manager, which will then automatically populate the account login fields for you.
Why Strong Passwords Matter
In general, passwords should be long and random, or else they can be easily guessed. But they must also be unique, or else a single leaked password database can compromise a wide range of your accounts.
Many people use “secret systems” to generate unique passwords quickly, perhaps by combining a generic string of characters with the URL of the service they are using (EG ‘g1 m2 a3 i4 l5’ for their Gmail account). While this may help against an automated or brute force hack, it will not stop a targeted attack.
If you use this method and one of your accounts is compromised, it is very easy for an attacker to work out the system and apply it to all of your other accounts.
It is also easy to forget that passwords are visible to the administrators of websites. If you are tricked into signing up for a service run by an attacker, they are likely able to figure out your system and compromise your entire digital life.
A password manager is an easy solution to this problem, and often far superior to remembering a wide range of separate passwords.
Let’s take a look at some popular password managers, and the best places to use them.
LastPass – The Best Password Manager For Your Browser
LastPass encrypts passwords on your device and syncs them to the cloud, making them easily accessible across all of your devices.
LastPass is not open-source, but it is regularly audited. A series of small incidents have highlighted the risk associated with storing your passwords in the cloud, although the LastPass software has so far shown to be resilient against attacks and the system is extremely convenient to end users.
You can install LastPass as a browser extension for Chrome, Firefox, and Opera. There are also LastPass apps available for all major mobile operating systems, including Windows Phone and Firefox Mobile.
LastPass also has a tool which allows you offline access to your passwords. LastPass Portable lets you take your entire browser with you on a USB stick, including all of your bookmarks and extensions, and protects them with your master password. This is great if you need to access your passwords on the go, but losing your USB stick might put all your passwords at risk – if your master password can be easily guessed.
To sign up for LastPass, enter your email address and choose a master password. If you forget this master password you will lose all your other passwords, so be careful!
Download the browser extension of your choice (you can find your options and links here) and log in.
The LastPass will appear in the status bar of your browser. By clicking on the icon you can change your settings, retrieve passwords, or create secure passwords. There is also an autofill form, which is particularly convenient.
LastPass is freemium software, so if you want to use it across multiple devices, or make use of shared folders, you will have to subscribe to LastPass’ premium plan, which costs $12 USD per year.
KeePassX – The Best Protection For Your Desktop
KeePassX is an open source password manager and is the trusted tool of the Tails developers. This privacy conscious, out-of-the-box operating system is used by the likes of Edward Snowden and Laura Poitras. If you regularly use Tails, or only trust yourself, this is the the password manager for you.
KeePassX started out as the Linux version of KeePass but has since evolved into a solution for Windows and Mac users as well. KeePass is still around and has also expanded out of its original single platform market. Both variations are recommended. There are a large variety of unofficial KeePass releases, including apps for iOS and Android. A security assessment for each unofficial release is often difficult and time intensive, even for experienced users, so we recommended you stick to audited and well-tested software.
Open-source does not mean the software is totally secure, and plenty of small vulnerabilities ones have been reported with both KeePass and KeePassX. That being said, both tools are great software, especially because they function without the need to subscribe to a service.
KeePassX stores your passwords in a database, which it encrypts with your password. This database is a single file which you save on a USB stick, backup in the cloud or can send to a colleague.
Sharing KeePassX passwords selectively (rather than sharing all of them at once) is possible by making use of separate databases, but this is not the smoothest process. Once you decide which passwords you want to share, you must copy them into a separate KeePassX database and then share this database file with GitHub, Dropbox, or similar. Though each time the password database is updated on KeePassX you will have to reshare the database. Keeping the selected password files in sync and without a conflict can be difficult, and quickly becomes impractical with multiple users.
If you are sharing selected passwords with multiple users, you may wish to consider easier options. Between your own separate devices, however, it is a simple enough process with KeePassX.
1Password – Best For iOS, OSX, And Android
If you primarily live your life on mobile, 1Password is probably the number one choice. The integration with Android and especially iOS (including Apple Watch) is top notch, and you will find yourself easily logging into all your favorite apps (as long as they support 1Password) without having to remember anything.
For browsers a Chrome, Firefox, Opera, and Safari plug-in is available, which you can use across different platforms.
While 1Password has a free thirty-day trial available, you will need to purchase a license eventually. 1Password licenses cover up to six people but are a bit complicated, as there are separate licenses for Windows and Apple. A Windows or Mac license alone costs $50 USD and a combined license, for use with both operating systems, costs $70 USD.
This means if your entire family is using Apple products, you can cover your entire family for $50 USD. But if some of your family members (or you) have a Windows machine, you will need a Windows license too, meaning you’ll have to shell out on the combined license for $70 USD.
Licenses never expire, but they are only valid for the current version of the software. While in the past 1Password has allowed its users to upgrade for free, there is no guarantee they will continue to allow this in the future.
While you will not be forced to upgrade when a new version comes out, a new version of your operating system might easily render your version of 1Password unusable.
A Stong Password Makes You More Secure
Try out our top picks to find out which one is best suited for you. Then start migrating your services over as soon as possible! A good password can go a long way towards keeping your online information secure.
This might be a great opportunity to change all your current passwords as well!