Are password managers safe?
In this episode, we are going to talk about password managers and determine if they are safe for your to use.
Before I get into the analysis and comparison of each password manager, let’s talk about why password managers exists and why you should consider using one. If you’ve read any of my previous articles on password best practices, then you’ve probably have heard me mention how important it is to change your passwords and to have a strong and secure password. But it seems that almost every website requires you to have an account. How do you keep track of all your passwords and still practice password best practices? By utilizing a password manager, you can create unique passwords for each account and not have to worry about memorizing passwords. You only need one password to access your password manager and the manager does a pretty good job at either creating safe/secure passwords for your and/or remembering your passwords for you. With all of that said, let’s jump into my analysis of four popular password managers.
I decided I wanted to try out the four most popular password managers. Below is a list of the services that I decided to try out:
- Lastpass
- 1Password
- Bitwarden
- Strongbox
If you are anything like me, then you want to try before you buy. Pricing is one of the most important things that I considered when comparing the different services. Well, that’s not true. Safety/reliability was the most important thing but after looking at all four services, they convinced me that my passwords were safe. So, since that worry was out of the way, the next most important thing I was looking for was price.
Lastpass —It’s completely free for all your devices. You can opt for a $3 per month which provides encrypted file storage. For $4 a month you also get family sharing.
1Password — You get 30 days free or you can pay $3 a month. There is no completely free tier so after 30 days, you’ll have to pay up if you want to continue to use their service. Works for apps and all OS’s and comes with storage and unlimited passwords. Has Two Factor Authentication and if you have a family, they have a plan for $5 a month.
Bitwarden — This tool is open source and is completely free. they do have a paid version that is only $10 a year which throws in file storage and 2FA. $40 a year will get you the family plan.
Strongbox — Free but for iOS and Mac only. $41 lifetime payment. $60 lifetime family payment. Separate purchases for mac OR iOS. Not bundled.
Based on this, Laspass and Bitwarden were my favorite so far. I had not yet tried out the services at this point, but those two were pretty high up on my list. I wanted to like Strongbox because from a pricing perspective, it’s really nice. But I just didn’t like that it only works for iOS and Mac systems. I personally utilize four different operating systems and this service just didn’t do it for me. 1Password is my least favorite because they have no free plan at all. You get a 30 day trial and that’s it.
After using each service for a day or two, here are my initial thoughts:
Lastpass — Easy to get started. Prompts 2 factor authentication if you log in from a new location or device. Alternatively, when you visit a website that requires a password, LastPass notification pops up if you want to add to your account. It’s best to use the popup because it saves metadata for the website for you. Otherwise, you have to manually type in that information. I really like it, but maybe it’s because the interface is red and red is my favorite color. It’s super easy to use and there is so much you can do even with the free tier.
1Password — Utilizes a Chrome extension. Web interface is not as intuitive, but once you have a vault set up, you can add items. Has a built in password generator and audits your existing stored browser passwords which I thought was neat. It tells you which ones you should change because passwords might be compromised.
Bitwarden — Clean and simple interface. You get down to the brass tax right away. Very intuitive because they store your passwords. This is a password manager. Nothing special. No bells or whistles. You just get a tool to store your passwords and a few other things. Command line interface available and you can host bitwarden on your own server so you don’t have to go to the cloud. I didn’t see the feature where this embeds into your browser to automatically capture passwords when you type them in. I think this was a real bummer from a convenience standpoint, but otherwise, this service is great.
Strongbox — Accidentally installed Strongpass, realized my mistake and then downloaded the right one. Please note that this is only an iOS or Mac app. I really don’t like that there’s no web interface. The app has a ton of features and is open source, but you need to have an iPhone/iOS device to actually use the app.
Overall, my favorite interface and ease of use was Lastpass. I’m a very technical person and I know I would LOVE Bitwarden, but for the average user, I could see people liking the interface and ease of use of Lastpass. Let’s talk about my opinions of each service.
Lastpass — I personally love how easy it is to use this service. Whenever you visit a website it automatically prompts you to add your account. It’s used by 25 million people and 70 thousand businesses. It allows you track all the important things in your life without having to write things down on paper. 1 password to rule them all. Everything is encrypted locally. Built in security dashboard tracks your account to make sure you are safe online. You can share your information in case of an emergency and you have a safe way to share important files with people.
1Password — Interface is great. You can add/track a lot of different important files but there’s no free version. Has a higher level of security but the interface feels a little more clunky. When logging in from a new computer, you need to have your secret key which is in your emergency kit which is on a different computer. So, if you have multiple devices like me. . . it’s just a little more annoying, but I guess more secure.
Bitwarden — Very clean interface. It’s open source. It’s very affordable, but it’s very limited. There’s no automation that I can see which is a bummer for folks that like convenience. But, I think they do this because it’s probably more secure to manually enter data in yourself. But then again, it’s more error prone as well.
Strongbox — You need an app to utilize whether it’s on a Mac or on iPhone. Interface is clunky and not very user friendly. When going to a website, you don’t get an auto fill or anything that lets your auto enter passwords. Everything is done manually.
And finally, let’s talk about security policy. At the beginning of this article, I stated that overall security of the service was the most critical thing I was looking at when considering a password manager. All four of the managers that I looked at had a very solid, yet similar policy. I’ve linked their policies below so that you can read them. The only thing I’ll say is that when I started going down this journey of discovery, LastPass and BitWarden reached out to me immediately on Twitter and provided me with resources and reassurance that my data was safe. I like that companies reach out to their potential customers.
LastPass: https://www.lastpass.com/security/what-if-lastpass-gets-hacked
Strongbox: https://strongboxsafe.com/
Which one will I keep?
Lastpass — This is the one I’m keeping. It offers the most features. The Free version covers everything I would need.
1Password — I didn’t really like the interface, but other than that it’s very close to LastPass.
Bitwarden — If I only want passwords, this would be my go to. I just felt it’s missing too many features.
Strongbox — Too limited. Only works on iOS and Macs. I live on all types of devices. Not for me.
And there you have it! I’ve been using LastPass for the last few months and I really like it! If you are looking for a good password manager that is easy to set up, safe and secure, I recommend you give LastPass a try!
If you enjoyed this article, please make sure you head on over to my brand’s page and follow me on Twitter, YouTube, and on my podcast!
