Welcome to the second week of the Thirty-Day Security Challenge! We are officially one-quarter of the way through the process! Today’s task is install a password manager on your computer and/or phone. This is an absolutely critical step. Future posts in this series will ask that you change current passwords and create new accounts with good, strong passwords. Being limited to feeble human memory requires most of us to choose poor passwords. We use the same ones on multiple accounts and some of the new ones we will create this month will probably be lost or forgotten. Storing passwords insecurely on a Word document or spreadsheet isn’t a great idea, either, since it’s really vulnerable to loss. The password manager will solve these problems for us by creating good passwords, recalling them for us, and storing them securely.
Below I have listed some reputable password management options. Review these, choose one, and install it. After you have chosen a password manager, secure it with a good, strong password. Pin it to your taskbar (Windows) or keep in in your dock (Mac). This will place it within easy access for the remainder of the month. Take a few minutes to get familiar with creating and accessing entries – you should be using this a lot in the future.
There are a number of good password managers out there and your choice will be somewhat driven by your operating system(s). The list I give here is by no means exhaustive and there are loads of options. I am only willing to list the ones that I have used and have familiarity with, however.
Password Safe – Windows: If you primarily use a single Windows computer, Password Safe is the way to go. It is widely known for it’s user-friendliness. Password Safe is what is known as a host-based password manager meaning your password database is stored only on one, single device. It isn’t transmitted to the cloud or stored on a remote server. There are variants of Password Safe for other operating systems, too, but none of them are supported by the original developer.
KeePass/KeePassX/MacPass – Cross-platform: KeePass and its variants are open-source password managers and perhaps the most universal of the ones listed here. There are forks that work on nearly any operating system you can imagine and all of the databases are compatible with other versions. These are not the most user-friendly password managers, however, and they lack some of the functionality and polish of most of the alternatives. They do enjoy the benefits of being strongly encrypted, cross-platform, and totally free. Like Password Safe, KeePass (and its sister applications) only stores your AES-256-encrypted password database locally, on a single device.
LastPass – Cross-platform: LastPass is the only cloud-based password manager I would even begin to recommend. LastPass stores all of your passwords in an encrypted database in the cloud. This means that you can access your passwords from any device, as long as you can access the internet. One other major benefit of a cloud-based password manager is that you will have an offsite backup of your passwords should your computer crash or be stolen. Unfortunately this is exactly the reason I don’t prefer LastPass; being able to access your passwords from the internet means that someone else can, too. It also means that you might be tempted to enter your master password on a computer that you don’t own or control. LastPass is free on a single device; to install it on multiple devices will require a premium account, which is only $1/month (which is still really close to free). Premium accounts can be installed on all your devices and shared among up to five users.
Codebook Password Manager: I have a fondness for Zetetic’s Codebook that I have written about it before. I have used it for years on my iOS devices, and if you only have one or two devices this may be a great option for you. However it is a paid program and you must purchase a subscription for each device. Codebook is a host-based password manager that allows you to sync with other devices locally through Wi-Fi.
1Password: I include 1Password because it consistently ranks among the most popular password managers. I personally don’t love it but I also don’t have anything against it, and it does have some good things going for it. 1Password is a host-based password manager that allows you to sync with other devices locally through Wi-Fi. It is also incredibly user-friendly and good looking, but it is expensive.