A password manager is an application that allows users to store, generate, and manage passwords for local and online sites/services, they are typically password protected themselves and encrypt any data they store. Nowadays most browsers come equipped with basic password managers and are often the reason why you receive a “Remember Password” prompt after logging into a site.
Although native browser password managers are convenient they have significant security and application drawbacks that would cause any cybersecurity pro to shy away from recommending them. These password managers are limited in features and offer little to no security when compared to standalone password management software. Fortunately the password managers listed in this post have a better approach to security, offer more robust features, and are not platform specific.
Password managers are strongly recommended by cybersecurity experts for many reasons a few of which are :
- Eliminate the need to remember countless passwords (i.e. you would just need to remember one password to unlock the password manager).
- Eliminate the need to reuse passwords.
- Eliminate the possibility of using a weak password by using random generated passwords.
- Build a list of local and online accounts you can reference.
- Auto fill login information (if desired) an otherwise tedious task.
- Not limited to a single browser or operating system.
- Multi factor authentication capabilities.
- Restrict access based on user, device, location and much more.
Password Manager Deployments
There are two common deployments amongst popular password management software 1) Self hosted 2) Cloud hosted.
Having a self hosted password manager means that you are responsible for installing, configuring, updating, and managing access to both the software and the workstation that the software runs on. Popular self hosted password managers include:
Having a cloud hosted password manager means that all the prep work that comes with installing, configuring, and updating the password manager is done by others and you are simply responsible for using the product. Popular cloud hosted password managers include:
Pros and Cons
There are benefits to both self hosted and cloud hosted password managers.
Self Hosted
- Pro – Typically open-source and therefore free
- Con – Can be difficult to securely install and configure.
- Pro – If configured correctly offers better security compared to cloud deployments.
- Con – Remote access to password manager can be challenging. (If you are curious – https://support.1password.com/cs/sync-with-dropbox/)
Cloud Hosted
- Pro – Much easier to setup and use in comparison to local deployments.
- Con – Considered less secure (https://www.lastpass.com/security/what-if-lastpass-gets-hacked).
- Pro – Seamless third party integrations.
- Con – Requires monthly membership fee.
Final Verdict
In the end choosing the appropriate password manager boils down to security vs usability, and in most cases usability wins (no surprise) which is why I personally use LastPass. Using LastPass is effortless and I am able to integrate several third party services like Yubico and Authenticator apps for MFA, apply mobile device restriction policies, and use password recovery options in case a master password is lost.