Security experts say you should have different passwords for every single login, but how do you keep track of them all? You could keep a list, but how can you keep that list secure? That's where a password manager shines.
In this article:
How do password managers work?
People tend to underestimate how easy it is for hackers to crack passwords. It would take just two minutes for a cyber criminal or security expert to break into an account protected by a seemingly random selection of numbers. Unfortunately, simple passwords (e.g. your birthday) can seem appealing because they're easy to remember. Thankfully a good password manager can help you overcome this problem.
Most programs can make passwords for you. All but one of the password managers we tested (My1Login) include a secure password generator that can create codes for each account you've added to the vault. Then they handle the logins for you with the autofill feature, so you don't need to worry about memorising the complex combination of letters, numbers and symbols that a good password requires. Some password managers also assess the strength and quality of all the passwords in your vault, including any that you've made. Some can also provide security reports such as repeated password notifications and information on unsafe websites.
An example of a password generator. This one is included with RoboForm.
Important features to look for
When you gather the digital keys to your most valuable chests of information in one place, you want to make sure your password manager has the best possible security measures in place on desktop and mobile.
- An inbuilt encryption tool scrambles the contents of your vault, making all the information unreadable to anyone that manages to break in, unless they know how to decrypt it. The algorithms at the heart of well-regarded encryption tools are so complex, it would take millions of years for hackers to force their way in.
- Software that offers two-factor authentication adds a second step to the login process, such as an additional, one-time password that's sent to your smartphone via text message. This extra layer of security is becoming increasingly common and most programs include this significant feature.
Almost all password managers in our test encrypt their vault with AES 256-bit (advanced encryption standard), which is a widely implemented, well-regarded option that's even used by the US and Canadian governments to secure top-secret data. Another encryption standard you might come across is Blowfish-256, which is a little older and hasn't been used quite as much as AES-256. Although it's secure, its creator Bruce Schneier is encouraging people to stop using it in favour of his more recent release, Twofish. These programs also encrypt their vault before sending it to the cloud, which protects your data from being intercepted during transfer.
How much do password managers cost?
The password managers in our most recent test range in price from $15–40. However, one of the top performers, Norton Identity Safe, is free.
What happens if you forget your master password?
Unfortunately it's called a master password for a reason, and unless your memory returns, you're not getting into the vault. That's the downside to having every login locked up tight as a drum.
Some password managers, however, have a feature that can allow a third party, such as a close relative or friend, access to your vault after a certain time. This is handy in the case of accident or death and allows your precious information to not be lost forever, but passed on to a trusted person.
If you've lost a relative, or they can no longer support themselves due to dementia or a stroke, for example, you'll need to access their vault in the same way you'd manage their bank account and estate. Transferring their master password to your name makes this process much easier, as you don't need to individually contact Twitter, Facebook or Gmail. This level of access requires proof of relationship or approval from the second party such as a birth certificate.
Digital legacy features that let you nominate someone to access your account should you pass away are becoming more common in software and some websites, including Facebook, but it's far more convenient to access a password manager vault that has your passwords stored in one place.
Why you should consider your device and platform
Even though most of the password managers in our test are multi-platform, few perform perfectly across the board. Because of this, you should look at how you access password-protected websites, then use that as a starting point to determine your needs and wants.
Tip: Desktop and mobile versions of the software are not always identical for features and ease of use, so try out the software on both platforms before deciding which one you want to use.