Imagine waking up one morning to find all your accounts hacked! And when you head over to reset your passwords, what do you find? Your email account is hacked as well!
Well, why did this happen? And how to prevent it? You will find all the answers in today’s article on Password Managers! Finally, the most awaited topic is here!
As this is the first post on Password Managers, I will go over the basics in detail. In this article, we will discuss everything from the meaning and importance of a password manager to the factors you should consider while buying one for yourself!
Are you a newbie who wishes to learn everything about a password manager? Then sit back and enjoy this article cause the next 10 minutes would clear every single one of your doubts!
So, with no further ado, let us jump straight into our review.
- What is a Password Manager?
- How Are Passwords Hacked?
- How Does a Password Manager Work?
- Reasons to Use a Password Manager
- Why Do You Need a Different Password?
- Functions of Password Managers
- Browser Password Manager Vs Password Manager
- Are Password Managers Safe?
- Should You Use Password Managers?
- Important Factors to Consider While Choosing a Password Manager
- 1. Offline Access Vs Online Access
- 2. Password Generator
- 3. Two Factor Authentication
- 4. Auto Capture
- 5. Auto Fill
- 6. Auto Login
- 7. Import & Export Options
- 8. Sharing
- 9. Recovery Options
- 10. Security Audits
- 11. Pricing
- 12. Payment Options
- 13. Extension Support
- 14. Devices
- 15. Password History
- 16. Security Alerts
- 17. Password Reports
- 18. 2 FA Keys
- 19. User Interface
- 20. Types of Data Stored
- 21. Encrypted Storage
- 22. Support
- 23. 5/14 Eyes
- What is a Self-Hosted Password Manager?
- How to Use a Password Manager?
- Best Password Manager?
- Conclusion
- FAQs
What is a Password Manager?
Password Manager is a software that simplifies your life by memorizing your passwords for you. It can also generate strong passwords and passphrases to secure your online accounts.
Your login information is stored in an encrypted format, protected with a main password called ‘Master Password’.
The passwords you store can only be accessed after providing the master password. This makes it a very secure and reliable software.
Now you can forget the stress of creating and memorizing hundreds of passwords. Just remember one and that is all! Your password manager will remember the rest for you!
What’s more? You can access your passwords anywhere, anytime, and on any device, be it your desktop or your mobile phone!
How Are Passwords Hacked?
Your passwords can be hacked in multiple ways. Some of the most common ways are:
- Brute Force Attack: Here, the hacker keeps on trying out all possible password combinations until he reaches the target password. This process is time-consuming, but your password is sure to be cracked in the end!
- Dictionary Attack: This is a form of brute force attack, where the hacker uses words from a dictionary, and the data leaked from previous breaches to guess your password.
- Social Attack: This is a type of Dictionary attack performed using your personal information to guess the correct password.
- Phishing Attack: This is a hacking technique where the hacker tries to gain your trust by presenting you with authentic-looking copies of websites, emails, and login pages in order to gain your sensitive data.
How Does a Password Manager Work?
Let’s say you enter your login credentials on Facebook. Now, a password manager will:
- Capture your login information and help you login the next time you visit Facebook.
- Store your passwords in an encrypted format within a secure folder.
- Protect your entire vault with a master password that is not known to anyone but you.
You can access a password manager through all devices, including desktop or mobile. It is also available as browser extensions.
Reasons to Use a Password Manager
I bet you’re considering the risks involved with using a Password Manager.
Is a password manager safe? Can I trust it? What if it leaks all my passwords? My whole life will be ruined then!
Well, don’t you worry! If anything, a password manager only takes away stress from your life by solving four major problems! Let’s check out what they are.
1. Reusing Passwords
We all tend to use the same password for multiple sites. Why do we do that? Because it’s practically impossible to remember 25-50 different passwords, right?
This is what makes our accounts vulnerable to hackers.
A Password Manager helps create a unique password to secure all of your accounts. This eliminates the need to reuse a password on multiple websites.
2.Using Easy to Remember Passwords
What kind of ‘secure’ passwords do you generally create? Do let me know in the comments section below! 😀
Birth dates, mobile numbers, the name of our secret crushes, etc are the most common and simple passwords! Anyone can crack them within 5-10 tries!
This is why you need a strong password! A strong password comprises the following:
- At least 16 random characters
- Uppercase and lowercase letters
- Letters, numbers, and special characters
Your security can be enhanced by a 100 times if you use a password manager.
It generates strong passwords that would take hackers thousands of years to crack! You can even customize them as per your requirements.
3. Manually Typing Passwords
If you are a lazy bee like me, you probably hate manually typing your passwords into every website. A password manager is exactly what you need!
It fills out your login information with just one click! Some password managers even provide an auto login feature!
While using a mobile device, you can simply auto-fill your passwords with your fingerprint too! Cool, isn’t it?
4. Managing Passwords for Different Accounts
If you have hundreds of accounts, it’s impossible to memorize the passwords for each one of them.
A Password Manager can store a whole chunk of passwords, personal information, card details, and more, unlike our mind, which is prone to forget things after a while!
Why Do You Need a Different Password?
These days, data breaches have become a common occurrence. Even companies like Sony, Zomato, and Canva have not been spared!
Do you know that “123456” was found to be the most common password of the year 2020, being used by over 25 lakh people! Scary, huh?
Well, imagine this! You are using “123456” as a password for all your accounts. Now, if a hacker cracks one of your accounts, he will definitely try it on multiple places like your Gmail, banking accounts, social media, and guess what? Everything will be cracked in a split second!
Do you know that all your accounts are linked to your email account? So, if your email is hacked, you’ll land into serious trouble. This is exactly where a password manager saves you from your data being compromised!
Functions of Password Managers
All Password Managers comprise some basic functions required for storing and securing your information. Let us take a look at them.
1. Password Generator
A Password Generator creates complex passwords using a combination of letters, numbers, and special characters. You can also specify the length of your desired password!
2. Auto Capture
Auto Capture feature saves your login credentials when you type them on a website for the first time.
3. Auto Fill
When you visit a website for which your credentials are already stored in the password manager, it fills the information with a single click.
4. Save Notes
Other than saving your username and password, you can also store important details like credit card information, receipts, passport, backup codes, personal details, etc in a secure note.
5. Share Passwords
Different password managers can have varying degrees of sharing capabilities.
You can easily share some or all of your logins with other users through a link or email, and also tweak the permission options, etc.
6. Import and Export Passwords
Most password managers can directly import your passwords from other password managers and browsers with a single click!
Password exports are generally saved as a CSV file, supported by all password managers.
7. Encrypted storage
This is an additional feature that is seen in many password managers. You usually get 1GB of encrypted storage to store all your important data, and this space can only be accessed using your master password.
Browser Password Manager Vs Password Manager
You might have noticed that browsers, too, provide password management functions these days. Well, if that is the case, should you use a browser password manager or a separate one?
Chrome, Firefox, Safari, or Brave, all have the same purpose – to create a better browser. Password Management is only an additional feature. It’s not the primary function of browser password managers.
This is why you’ll notice many drawbacks in their password management capabilities like:
- Lack of a separate password generator
- Inability to autofill your login credentials in mobile
- Saved passwords are quite easy to access (enter your laptop’s password, and it reveals the saved passwords!)
- No Two Factor Authentication
- No Email verification or New device authentication if someone logs into your account
- No Master Password protection
- No access to your passwords in offline mode
- Lack of strong encryption standards (most password managers don’t even mention the security protocols used!)
In short, browser password managers are terrible at handling your passwords. So, you should always go with a separate password management software for complete protection.
Are Password Managers Safe?
There is no guarantee that all password managers are safe, and you shouldn’t trust all of them blindly. To ensure better safety and privacy, always check if your password manager:
- Is well-established
- Has excellent security features
- Offers proper encryption methods
- Has gone through proper security audits
- Is open-source (like Bitwarden)
All these factors help decide if the password manager can be trusted.
Should You Use Password Managers?
It’s 2021, guys, and online security is the need of the hour! If you have over 20 accounts online, then you definitely need a password manager.
Not only will it generate stronger passwords and enhance security but also prove to be convenient while accessing multiple devices.
You might wonder – Does everyone need a paid password manager? The answer is NO! Nowadays, you can also get some efficient password managers for free!
Take a note of how much time you spend online logging in and out of your accounts to decide if you should use a paid or a free password manager!
Important Factors to Consider While Choosing a Password Manager
You now know what a password manager is, how it solves some major security problems, and what are its important features. Now, we come to the most important part!
If you are considering using a password manager, you should know what are the factors to choose the right one. I have compiled a list for you all. Check this out.
1. Offline Access Vs Online Access
There are two types of Password Managers based on how they store your passwords – Online and Offline. Both these options have their own advantages and disadvantages.
If you go for Offline Access, your passwords would be stored locally on your device (e.g. laptop) and cannot be accessed from any other device (e.g. mobile).
The only drawback with Offline Password Manager is that if your hard disk crashes or someone gets hold of your laptop, all your important passwords would be lost forever! Is the risk worth taking?
Therefore, you also have Online Password Managers, where your passwords are stored on the cloud. A Cloud-Based Password Manager can be accessed from your laptop, mobile, and all other devices.
These days, a combination of online and offline access is also available. So, you can access your passwords and data stored in secure notes like your ATM pin, bank details, etc without having an internet connection!
2. Password Generator
Password Generation is the most important function of any password manager. So, always check if it is able to generate a powerful password.
Is the password generator easily available in their desktop app, browser extension, and their mobile app? Letters, numbers, and special characters are usually available for generating a strong password.
Another important feature is a ‘Passphrase’. This feature is important when you need to type passwords. A passphrase is a string of random words put together, separated by a symbol.
For example: bridge chocolate kitchen dinosaur are four random words, but when I join them with a separator like a hyphen, then bridge-chocolate-kitchen-dinosaur becomes a strong passphrase.
It would take a computer 100 decillion years to crack this password! Not kidding!
Pass-phrases are very cool because they generate strong passwords that are easy to remember but difficult to crack!
3. Two Factor Authentication
Two Factor Authentication (2FA) is an additional security step for verifying your identity.
Good password managers support Authenticator apps like Authy, Google Authenticator, etc through which you can receive login codes.
Alternately, also check if you can receive verification codes by email, and if it supports hardware security keys like Yubikey.
4. Auto Capture
This is the most basic function of every password manager.
When typing out your login credentials for a website for the first time, your password manager should display a pop-up asking if it should save the provided information.
5. Auto Fill
After auto-capturing your login information, when you visit the same website, your password manager should fill in your credentials and wait for you to hit login.
A majority of password managers provide a tiny icon beside the login fields, which, when clicked, fills in your details correctly.
This adds an extra layer of security and protects you from data hijacks and phishing attacks. Even security experts recommend not using Autofill!
6. Auto Login
Auto Login feature fills out your saved credentials for a website and automatically logs you in without requiring any manual action.
But it might give rise to some security problems, which is why I don’t prefer both autofill and auto-login features.
7. Import & Export Options
Import and Export functions make the password management experience convenient and effortless.
If you’re shifting from another password manager, always keep a note of
- The type of files it can import
- Number of password managers supported
- If there’s a specific format for importing your password files.
Also check if you can import and export additional data like your notes, backup codes, documents, and extra fields.
8. Sharing
Sharing is another interesting function of all major password managers.
Always check
- What kind of sharing options are offered?
- Is secure sharing possible?
- Is it necessary to have an account to access the shared data?
9. Recovery Options
Your password vault is secured with a master password. But in case you forget that, is it possible to recover your passwords?
Many password managers don’t provide this option because of the security risks. Others offer recovery options like backup codes, recovery kit, 2FA, etc.
10. Security Audits
If you’re going with an open-source password manager like Bitwarden or KeePass, then security audits wouldn’t be a necessity.
But if it’s a closed source software, then you should check the company’s history, their frequency of security audits, and if there have been any data breaches in the past.
11. Pricing
Password Managers come with a variety of pricing plans. Some provide you a free account, some offer a free trial account valid for around 15 days.
The paid plans cost around $36 to $40 per year depending on your chosen plan and requirements.
12. Payment Options
Ensure what kind of payment options are supported with your password manager.
- If you don’t have international payments enabled, will non-international payment cards work?
- Does the password manager accept debit cards or Rupay cards?
13. Extension Support
Extensions for all popular password managers are available for Chrome Browser.
But if you use any other browsers like Safari, Firefox, Edge, Brave, etc, do check if the browser extension is available.
14. Devices
All popular password manager apps are available for Windows, Mac, iOS and Android.
But if you’re using Linux, then do check if it’s supported by your password manager.
15. Password History
The password History feature is useful in case you accidentally update or delete any passwords.
Many password managers keep a list of passwords previously used, along with details about when it was used.
16. Security Alerts
Also called Breach Scanner, this feature helps analyze if your logins, passwords or any other sensitive information has been leaked on the dark web.
17. Password Reports
This is a very helpful and privacy-friendly feature provided by most password managers.
Once you are done storing a few passwords in your vault, it analyses your logins and generates reports on password strength, weak passwords, reused passwords, compromised passwords, etc.
18. 2 FA Keys
2FA keys are an advanced feature. They make your password manager act as an authenticator app (like Authy or Google Authenticator) and generate login codes.
People find this convenient because it eliminates the need to depend on other apps for being authenticated.
Your password manager can act as an authenticator itself, by generating 2FA keys, copying them and authenticating your identity!
I don’t recommend embedding your login keys inside your password manager. because then it isn’t really two factor authentication.
If a hacker gets hold of your account, he will have access to all your passwords and your 2FA keys! This situation is super scary!!
19. User Interface
User Interface also plays a significant role while using a password manager.
Before choosing one, analyze
- Is the interface clean and easy to use?
- Are all the functions easily accessible?
- Are proper applications available for all devices?
Pro Tip: Only go for a password manager that has the features you need.
20. Types of Data Stored
Along with storing your logins, check if your password manager allows you to store
- Secure notes
- Your personal details
- Debit and credit card information,
- Your passport
- Other important documents and receipts
21. Encrypted Storage
The paid plans of most password managers provide you with 1 GB of storage space encrypted with zero knowledge. This means nobody, other than you, can read your data.
You can keep your important files safe in this encrypted space. And if you want free cloud storage, check out this video.
22. Support
Password Managers rarely provide Live Chat support because it’s not needed in most situations.
But always check if their knowledge base and forum support is diverse and informative, and if email replies arrive within 1 working day.
23. 5/14 Eyes
5/14 Eyes Countries are those countries whose governments can force different companies to reveal their data. USA, New Zealand, Canada, etc are some of them.
Even though your data remains protected with zero knowledge encryption, 5/14 Eyes Alliance is still not liked by many people.
So, while choosing a password manager, always check its country of origin and if it falls under the 5/14 Eyes Alliance.
What is a Self-Hosted Password Manager?
A Self-hosted password manager lets you use your own servers (e.g. Digital Ocean) to store your logins. This is great from the security point because you no longer need to depend on cloud-based services.
A good example of a self-hosted password manager is Bitwarden. You can simply install Bitwarden on your server for free, but using the premium features like Sharing would cost you extra charges!
How to Use a Password Manager?
For this demonstration, I’ll be showing you how to use Bitwarden Password Manager. It also has a free version, so you can do this process along with me. Let’s go!
Step 1: First, let us start by creating an account on Bitwarden. You will need to enter your name, email, a strong master password you can memorize, and a master password hint in case you forget it!
Step 2: After you log in to your account, download the Bitwarden extension for your browser and log into it as well.
Bitwarden is available for Chrome, Firefox, Safari, Edge, and Brave.
Step 3: Now you can save your logins. You can either add your details manually, like this.
Or you can just go over to a website and add your login information. Bitwarden will capture your details and ask you to save it through a pop-up.
Step 4: That’s it! Now, when you visit the same website again, Bitwarden will request to autofill your saved credentials, after which you can log in to your accounts. Easy, right?
Step 5: If you need a strong password while creating a new account, Bitwarden’s password generator is heavily customizable.
You can also use passphrases. They are strong and much easier to remember!
So, this is how you can use a password manager. All of them work in about the same manner.
Best Password Manager?
If you’ve come this far, the only question that remains is – which password manager is the best? Well, have some patience, guys!
I have researched and tested out all the popular password managers recently, and will post the detailed review and comparison videos soon.
So, you might subscribe to my YouTube channel for that!
Conclusion
So, that was all for this article. I hope you found this information helpful and insightful for purchasing a suitable password manager.
Have you ever used a password manager before? Let me know your experience with it in the comments section below.
I will share more on password managers. Detailed reviews of some popular password managers will drop soon on this blog. So, stay tuned for the latest updates by subscribing to my Newsletter.
This is Kripesh signing off! Take care, guys. I’ll be back soon with another article. Till then stay safe and keep learning!
FAQs
1. What are the types of password managers?
Password managers are mainly of 4 types.
Desktop Based – It stores your passwords locally on your device. You cannot use it on other devices.
Cloud Based – It stores your passwords on the company’s servers. The transmission involves heavy encryption, and your data can be accessed from multiple devices.
Browser based – If sync is on, your passwords are stored on the cloud. Otherwise, they are stored in the browser itself.
It is available as a built-in feature in web browsers like Chrome, Safari, Firefox, etc. It lacks basic password management functionality and has weak security features.
Self-hosted – It lets you create your own server and store your passwords on it.
2. Can a Password Manager Change My Old Passwords for me?
Password Managers provide reports for weak and reused passwords in your vault.
Some password managers can automatically change your passwords with a single click, but only on specific websites. This feature is still under development, and most websites do not support it. So, it’s not a viable option at present.
3. Where Will My Passwords Be Stored?
While using a desktop based password manager, your passwords will be stored locally on your device. And while using a cloud-based password manager, your passwords will be stored on the company’s servers.
In both the cases, the passwords will be encrypted with a master password. Password Managers generally use AES 256-bit encryption method and end-to-end encryption, so your data is 100% safe!
4. What If I Forget My Master Password?
Some password managers don’t provide any recovery options if you forget your Master password.
While some others help, you recover your account using backup codes, recovery kits, and other methods of two factor authentication.
5. How to Create Strong Passwords?
You should follow these rules for creating strong passwords:
It should at least comprise 12 characters.
Must have uppercase and lowercase letters, numbers and special symbols
Should not be a very common dictionary word.
Password Managers have a password generator, which helps us create strong and unique passwords.
6. Should I pay for a password manager?
It depends on your needs. If you only need a password manager for basic functions, then the free version would work.
But if you want to use premium features like encrypted storage, data breach reports, advanced sharing options, and more, then you may consider going for a paid password manager.
7. What does a password manager do except for storing your passwords?
It not only saves your logins but also:
Helps you create strong and unique passwords.
Provides detailed reports on weak and compromised passwords
Auto-captures and auto-fills your information on websites.
Lets you share your passwords with other users.
8. Can I use a web browser to manage my passwords and login information?
Yes, all major web browsers provide some basic password management features.
But they don’t follow strict encryption standards and security measures. Also, they are not convenient for using on all devices, which is why I feel you should use a separate password manager application.
9. What are the disadvantages of a password manager?
The only disadvantage is that all your passwords will be stored behind one master password.
So, if you forget the master password, you may end up losing all your passwords!
10. What is a 3D password?
A 3D password is a highly secure process of verifying the user’s identity that involves multi-factor authentication.
The user needs to provide a combination of Password/PIN + Authentication key + Biometrics in order to gain access to any account.
11. If I use a password manager and the site goes out of business what happens to all my logins?
All your passwords would be lost! This is why you should only use reputed password managers. If you wish to know my recommendations, do watch out for the detailed videos dropping soon!
12. What are default passwords?
Default passwords are the passwords that come with a device by default. For example, if you purchase a Router, the default username and password would be ‘admin.’
13. What are the advantages of using strong passwords?
Strong passwords are very hard to crack because they combine letters, numbers, and special characters. They also cannot be hacked easily with a brute force attack. So, you should always use strong passwords on your accounts.
14. What are the advantages of using unique passwords?
By unique passwords, we mean, different passwords for different websites. The biggest advantage is that if one of your accounts gets hacked, at least the others would be safe because you did not use the same password everywhere.
This is where Password Managers can be of great help to you.