This is Part 2 of our stronger password series. For the other parts, click below:
In Part 1 of our Guide to Stronger Passwords, we explained Two-factor Authentication and how it can significantly increase the security of your accounts.
However, Two-factor Authentication is not offered by all service providers, and it still requires you to remember multiple passwords. Diceware is useful to remember a few long passwords, but if you have lots of accounts, it can be difficult to remember all your different login credentials. This is where a password manager comes in handy.
A password manager is a program or service that creates and stores long, random, and unique passwords. You do not need to remember any of these passwords. Instead, you use a single master password to authenticate yourself to the password manager, which will then automatically populate the account login fields for you.
Why strong passwords matter
In general, passwords should be long and random, or else they can be easily guessed. But they must also be unique, or else a single leaked password database can compromise a wide range of your accounts. (To create a truly secure password, consider using ExpressVPN’s Random Password Generator.)
Many people use “secret systems” to generate unique passwords quickly, perhaps by combining a generic string of characters with the name or URL of the service they are using (such as “g1 m2 a3 i4 l5” for their Gmail account). While this may help against an automated or brute force hack, it will not stop a targeted attack.
If you use this method and one of your accounts is compromised, it is very easy for an attacker to work out the system and apply it to all of your other accounts.
It is also easy to forget that passwords are visible to the administrators of websites. If you are tricked into signing up for a service run by an attacker, they are likely to be able to figure out your system and compromise your entire digital life.
A password manager is an easy solution to this problem, and often far superior to remembering a wide range of separate passwords.
Let’s take a look at some popular password managers, and the best places to use them.
LastPass: Best password manager for your browser
LastPass encrypts passwords on your device and syncs them to the cloud, making them easily accessible across all of your devices.
LastPass is not open-source, but it is regularly audited. A series of small incidents have highlighted the risk associated with storing your passwords in the cloud, although the LastPass software has so far shown itself to be resilient against attacks, and the system is extremely convenient to end users.
You can install LastPass as a browser extension for Chrome, Firefox, and Opera. LastPass apps are also available for all major mobile operating systems, including Windows Phone and Firefox Mobile.
LastPass also has a tool that allows you offline access to your passwords. The tool, LastPass Portable, lets you take your entire browser with you on a USB stick, including all of your bookmarks and extensions, and protects them with your master password. This is great if you need to access your passwords on the go, but losing your USB stick might put all your passwords at risk—if your master password can be easily guessed.
To sign up for LastPass, enter your email address and choose a master password. If you forget this master password you will lose all your other passwords, so be careful!
Download the browser extension of your choice (you can find your options and links here) and log in.
LastPass will appear in the status bar of your browser. By clicking on the icon you can change your settings, retrieve passwords, or create secure passwords. There is also an autofill form, which is particularly convenient.
LastPass is freemium software, so if you want to use it across multiple devices, or make use of shared folders, you will have to subscribe to LastPass’s premium plan, which costs 24 USD per year.
KeePassX: Best password manager for most desktops
KeePassX is an open-source password manager and is the trusted tool of the Tails developers. This privacy-conscious, out-of-the-box operating system is used by the likes of Edward Snowden and Laura Poitras. If you regularly use Tails, or only trust yourself, this is the password manager for you.
KeePassX started out as the Linux version of KeePass but has since evolved into a solution for Windows and Mac users as well. KeePass is still around and has also expanded out of its original single platform market. Both variations are recommended. There are many unofficial KeePass releases, including apps for iOS and Android. Assessing the security of each unofficial release is often difficult and time-intensive, even for experienced users, so we recommended you stick to audited and well-tested software.
Open-source does not mean the software is totally secure, and plenty of small vulnerabilities have been reported with both KeePass and KeePassX. That being said, both tools are great software, especially because they function without the need to subscribe to a service.
KeePassX stores your passwords in a database, which it encrypts with your password. This database is a single file that you can save on a USB stick, back up in the cloud, or send to a trusted colleague.
Sharing KeePassX passwords selectively (rather than sharing all of them at once) is possible by making use of separate databases, but this is not the smoothest process. Once you decide which passwords you want to share, you must copy them into a separate KeePassX database and then share this database file with GitHub, Dropbox, or a similar service. Though each time the password database is updated on KeePassX, you will have to reshare the database. Keeping the selected password files in sync and without a conflict can be difficult, and it quickly becomes impractical with multiple users.
If you are sharing selected passwords with multiple users, you may wish to consider easier options. Between your own separate devices, however, it is a simple enough process with KeePassX.
1Password: Best manager for iOS, OS X, and Android
If you primarily live your life on mobile, 1Password is probably the No. 1 choice. The integration with Android and especially iOS (including Apple Watch) is top-notch, and you will find yourself easily logging in to all your favorite apps (as long as they support 1Password) without having to remember anything.
Plug-ins are available for the Chrome, Firefox, Opera, and Safari browsers, which you can use across different platforms.
A free 30-day trial is available, but you will eventually need to purchase an annual subscription or a per-platform license. Yearly subscriptions, which allow access to 1Password on all supported devices, start at 36 USD for an individual, or 60 USD for a “family” of up to five users. Team and business packages are also available.
Unfortunately, 1Password no longer offers clear guidance on license fees on its website. At last report, a license for either Windows or Mac was priced at 50 USD, and a combined license, for use with both operating systems, cost 70 USD.
This meant that if your entire family was using Apple products, you could cover them all for 50 USD. But if one family member had a Windows machine, you would need a Windows license, too, meaning you’d have to shell out for the combined license.
Licenses never expire, but they are only valid for the current version of the software. While in the past 1Password has allowed its users to upgrade for free, there is no guarantee they will continue to allow this in the future.
While you will not be forced to upgrade when a new version comes out, a new version of your operating system might easily render your version of 1Password unusable.
A strong password makes you more secure
Try out our top picks to find out which one is best suited for you. Then start migrating your services over as soon as possible! A good password can go a long way toward keeping your online information secure.
This might be a great opportunity to change all your current passwords as well!