5 Best Password Managers (2022): Features, Pricing, and Tips

Password managers are the vegetables of the internet. We know they’re good for us, but most of us are happier snacking on the password equivalent of junk food. For seven consecutive years, it has been “123456” and “password,” the two most used passwords on the web. The problem is that most of us don’t know what a good password is and can’t remember hundreds of them anyway.

Now that so many people are working from home, outside of the office intranet, the number of passwords you need may have increased significantly. The safest (if craziest) way to store them is to memorize them all. (Make sure they’re long, strong, and secure!) Just kidding. This might work for Memory Grandmaster Ed Cooke, but most of us are not capable of such fantastic feats. We have to offload this work to password managers, which provide secure vaults that can replace our memory.

A password manager provides convenience and, more importantly, helps you create better passwords, making your online existence less vulnerable to password-based attacks. Read our guide to VPN providers for more ideas on how you can improve your security, as well as our guide to backing up your data to make sure you don’t lose anything if the unexpected happens.

Updated August 2022: We’ve updated pricing and added some notes about the FIDO Alliance’s efforts to get rid of the password and why we’re no longer featuring LastPass.

Special offer for Gear readers: Get a 1 year subscription to WIRING for $5 ($25 off). This includes unlimited access to WIRING.com and our print magazine (if you want). Subscriptions help fund the work we do every day.

If you purchase something through links in our stories, we may earn a commission. This helps support our journalism. learn more.

Why not use your browser?

Most web browsers offer at least a rudimentary password manager. (This is where your passwords are stored when Google Chrome or Mozilla Firefox asks if you want to save a password.) This is better than reusing the same password everywhere, but browser-based password managers are limited.

The reason why security experts recommend that you use a dedicated password manager is concentrated. Web browsers have other priorities that haven’t left much time to improve their password manager. For example, most of them won’t generate strong passwords for you, and will leave you at “123456”. Dedicated password managers have a singular goal and have been adding useful features for years. Ideally, this leads to better security.

WIRED readers have also asked about Apple’s MacOS password manager, which syncs via iCloud and has some nice integrations with Apple’s Safari web browser. There is nothing wrong with Apple’s system. I’ve actually used Keychain Access on Mac in the past and it works great. It doesn’t have some of the nice extras you get with dedicated services, but it takes care of protecting your passwords and syncing them between Apple devices. The main problem is that if you have non-Apple devices, you won’t be able to sync your passwords to them, since Apple doesn’t make apps for other platforms. All in Apple? Then this is a viable, free and integrated option worth considering.

What about “Password Death?”

There has been a concerted effort to get rid of the password since about two days after the password was invented. Passwords are a pain, no argument, but we don’t see them going away in the foreseeable future. The latest effort to get rid of the password comes from the FIDO Alliance, an industry group that aims to standardize online authentication methods. It’s supported by many of the major browser manufacturers, but we haven’t seen a working demo yet. Still, this is an effort we’re keeping an eye on because it holds more promise than what’s come before. For now, at least, you still need a password manager.

How do we try

The best and most secure cryptographic algorithms are available through open source programming libraries. On the one hand, this is great because any app can incorporate these encryptions and keep your data safe. Unfortunately, any encryption is only as strong as its weakest link, and cryptography alone won’t keep your passwords secure.

Here’s what I check: What are the weakest links? Has your master password been sent to the server? Every password manager he says it isn’t, but if you look at your network traffic while you’re entering a password, you’ll sometimes find that it is. I also examine how mobile apps work: for example, do they leave your password store unlocked but require a pin to get back in? This is convenient, but sacrifices too much security for this convenience.

Source link

Leave a Comment