3DSC Day 7: Install a Password Manager

Password Manager

Welcome to the second week of the Thirty-Day Security Challenge!  We are officially one-quarter of the way through the process!  Today’s task is install a password manager on your computer and/or phone. This is an absolutely critical step.  Future posts in this series will ask that you change current passwords and create new accounts with good, strong passwords.  Being limited to feeble human memory requires most of us to choose poor passwords.  We use the same ones on multiple accounts and some of the new ones we will create this month will probably be lost or forgotten.  Storing passwords insecurely on a Word document or spreadsheet isn’t a great idea, either, since it’s really vulnerable to loss.  The password manager will solve these problems for us by creating good passwords, recalling them for us, and storing them securely.

Below I have listed some reputable password management options.  Review these, choose one, and install it.  After you have chosen a password manager, secure it with a good, strong password.  Pin it to your taskbar (Windows) or keep in in your dock (Mac). This will place it within easy access for the remainder of the month.  Take a few minutes to get familiar with creating and accessing entries – you should be using this a lot in the future.

There are a number of good password managers out there and your choice will be somewhat driven by your operating system(s).  The list I give here is by no means exhaustive and there are loads of options.  I am only willing to list the ones that I have used and have familiarity with, however.

FREE OPTIONS

Password SafeWindows:  If you primarily use a single Windows computer, Password Safe is the way to go.  It is widely known for it’s user-friendliness.  Password Safe is what is known as a host-based password manager meaning your password database is stored only on one, single device.  It isn’t transmitted to the cloud or stored on a remote server.  There are variants of Password Safe for other operating systems, too, but none of them are supported by the original developer.

KeePass/KeePassX/MacPassCross-platform:  KeePass and its variants are open-source password managers and perhaps the most universal of the ones listed here.  There are forks that work on nearly any operating system you can imagine and all of the databases are compatible with other versions.  These are not the most user-friendly password managers, however, and they lack some of the functionality and polish of most of the alternatives.  They do enjoy the benefits of being strongly encrypted, cross-platform, and totally free.  Like Password Safe, KeePass (and its sister applications) only stores your AES-256-encrypted password database locally, on a single device.

LastPassCross-platform: LastPass is the only cloud-based password manager I would even begin to recommend.  LastPass stores all of your passwords in an encrypted database in the cloud.  This means that you can access your passwords from any device, as long as you can access the internet.  One other major benefit of a cloud-based password manager is that you will have an offsite backup of your passwords should your computer crash or be stolen. Unfortunately this is exactly the reason I don’t prefer LastPass; being able to access your passwords from the internet means that someone else can, too.  It also means that you might be tempted to enter your master password on a computer that you don’t own or control.  LastPass is free on a single device; to install it on multiple devices will require a premium account, which is only $1/month (which is still really close to free).  Premium accounts can be installed on all your devices and shared among up to five users.

PAID OPTIONS

Codebook Password Manager:  I have a fondness for Zetetic’s Codebook that I have written about it before.  I have used it for years on my iOS devices, and if you only have one or two devices this may be a great option for you.  However it is a paid program and you must purchase a subscription for each device.  Codebook is a host-based password manager that allows you to sync with other devices locally through Wi-Fi.

1Password:  I include 1Password because it consistently ranks among the most popular password managers.  I personally don’t love it but I also don’t have anything against it, and it does have some good things going for it.  1Password is a host-based password manager that allows you to sync with other devices locally through Wi-Fi.  It is also incredibly user-friendly and good looking, but it is expensive.

17 thoughts on “3DSC Day 7: Install a Password Manager”

  1. Is there some reason you don’t recommend the password manager from Blur? I signed up on your recommendation for masking.

    1. My biggest reservation is that it is cloud-based. Based on Blur’s track record and good security (long passwords, two-factor, etc.) I think it is probably decent, I just don’t trust them enough to handle my passwords to EVERYTHING.

      Justin

    1. I think Dashlane is decent. If you already have a premium account I’d probably recommend sticking with it. Dashlane is largely cloud-based, however. It’s also much more complex than KeePass, which means there is more opportunity for something bad to happen.

  2. I need a password manager that is compatible with both Windows and Android. I’m a bit confused as to how they work, to be honest, because I’ve never used one. Is it only possible to use one for both devices if my info is stored on the cloud? Maybe I’m missing something? Thanks in advance.

  3. I am leery about using a password manager – then someone only has to crack ONE password to get ALL my passwords. Can you tell me why I should change my mind?

    1. That’s not exactly true. If it is a host-based manager on your local machine they first have to get to it. If it is a password manager in the cloud you can also protect it with two-factor authentication and a number of other tools.

      Second, if you are NOT using a password manager and remembering them all in your head, you are probably only using a very small handful of passwords already. This means that if someone figures out the password to one site, they’ve probably figured out the passwords to most of your accounts.

      Don’t take my word for it – pretty much every security expert in the world recommends using a password manager.

  4. What are the downsides to 1password? Assuming you dont store the keyfile in the cloud anywhere, and only sync across devices via sneakernet, and also ignoring monetary cost, is it a good program or are there flaws?

  5. What about RoboForm? I’ve been using it for years. I also use Roboform everywhere. Is this good or not? Thank you for your help!

  6. How do you back up your passwords on MacPass in case your computer is stolen, breaks, or malfunctions? Sorry if that’s a bit elementary but appreciate the help.

    1. No worries, Craig! I save the database to a separate, encrypted location like a USB flash drive. It also gets copied along wiwth everything else when I backup my computer.

  7. Any knowledge of Keeper for apple devices? Keeper has a ton of good reviews. not sure whether to go with 1Password or Keeper. Thanks!

    1. I’m not familiar with this product. If price is not a factor I would probably go with 1Password. If price is a factor I would recommend KeePassXC (Mac) and MiniKeePass (iOS).
      Thanks!

Leave a Reply

Your email address will not be published.