Most of us visit numerous websites every single day, including online stores, social networks, email services and e-banking resources. To interact with some of these sites as a customer or simply a registered user, you need to enter a login and a password. However, since it is impossible to remember those numerous combos of letters, numbers and special characters, some people reuse passwords in different sign-in scenarios.
This tactic is a slippery slope, though. A malicious actor who manages to infect your device and crack one such combination will be able to impersonate you by accessing your multiple accounts. Of course, you can keep a separate file with all your credentials or use similar characters in a different order, but these methods are not safe enough either.
The silver lining is that there are hugely convenient services you can use to step up your authentication hygiene. They are called–you guessed it–password managers. In a nutshell, these are tools that enable you to securely store numerous login-password pairs for various web resources.
How are password managers used?
Broadly speaking, there are two types of password managers to choose from: in-browser ones and standalone third-party apps. In this review, we will go over both categories. Regardless of the type, these tools store all your sign-in credentials for different sites and automate the authentication process.
This makes complex things easy and adds an extra layer of security to your data. Plus, it prevents anyone who compromises one account from accessing other accounts, thus helping you avoid the scourge of a single point of failure (SPOF).
Top in-browser password managers
To begin, let us dive into the password management features built into popular web browsers. One of their key advantages boils down to user-friendliness, because the browser prompts you to save a password and then allows you to view it in a dedicated interface whenever you want.
Another perk is the ability to synchronize your credentials between different devices. Passwords can also be encrypted and stored that way in the cloud. The browsers listed in the following rundown are free to use and so are their built-in password managers.
Google Chrome
Supported operating systems: Windows, macOS, Linux, Android.
Chrome’s built-in password manager offers you to store passwords under the umbrella of your Google account. It is convenient and easy for users with any level of tech skills to get the hang of.
This service can generate passwords for you, but keep in mind that the resulting combos are not as strong as the ones most commercial counterparts can create. For instance, there is no option to specify a larger number of characters than the default set-up offers or to use special characters.
Overall, this is a mainstream and very intuitive tool. The only caveat is that many security experts find it fairly unreliable because there is no master password, and if an account is hacked, the intruder may get hold of all the data in one hit.
Another thing worth considering is that user data is Google’s main product leveraged for targeted advertising and other sketchy things. Therefore, it might not be a good idea to store all your credentials using a single built-in password manager, especially when it comes to extremely sensitive information.
Mozilla Firefox
Supported operating systems: Windows, macOS, Linux, Android, iOS.
Firefox allows you to encrypt your passwords with a single master key. Furthermore, it is open-source and does not share users’ data with a parent company as some competing web browsers do.
The tool is equipped with a classic feature set: storing login-password pairs, encrypting the master password and the option for Windows users to import passwords from Chrome and Internet Explorer. It uses the symmetric 256-bit AES algorithm to encrypt users’ sign-in details. The manager also includes a component that generates complex passwords.
Opera
Supported operating systems: Windows, macOS, Linux, Android, iOS.
Although Opera’s built-in password manager is fairly rudimentary because it simply stores passwords and web forms, it has two significant advantages over some competitors. First, as is the case with the Firefox counterpart, it allows you to add a master password that will be required to unlock passwords in the browser’s storage. The master password matches the string used to log into the computer, though. The second advantage is the availability of a VPN.
Unfortunately, Opera is not immune to security incidents. In April 2016, the company reportedly suffered a breach in which hackers obtained more than 1.7 million Sync passwords and login credentials. However, the likelihood of such an attack occurring again is minuscule because Opera software engineers have since provided the option to add an extra passphrase to the Sync feature, which can now encrypt passwords, or all data synchronized between devices.
Safari
Supported operating systems: macOS, iOS.
Unlike Chrome or Edge, Apple does not allow its proprietary browser to handle sign-in credentials in isolation from the operating system. Passwords are kept in the iCloud Keychain, which functions seamlessly on Macs as well as iPhones and iPads.
Other than that, there are hardly any functional differences from the browsers mentioned above. Be advised, though, that you cannot specify a master password. The built-in password generator boasts decent efficiency: it distinguishes between authentication, registration and password change forms; moreover, it harnesses individual password creation algorithms for some sites.
The Safari browser is not available for PCs or Android devices, so this password manager is only suitable for those entirely committed to the Apple ecosystem.
Microsoft Edge
Supported operating systems: Windows, macOS, Android, iOS.
Since the redesigned Edge is based on the same open-source Chromium core as Google Chrome, the password manager configuration mechanisms in the two browsers are very similar. The browser has been recently enhanced with a password generator, which appears to work better than Chrome’s counterpart. Previously saved passwords must be deleted individually so that they are eliminated from Edge on other synced devices.
To sum it up, whereas built-in password managers are easy for the average user to master, they should be treated as a handy extension rather than as a separate solution that secures your passwords from different angles.
Their weakest link is that if someone gains unauthorized access to your computer and opens your browser, all passwords may be compromised in a snap because additional defenses such as extra user verification mechanisms are missing in most cases.
Best Commercial Password Managers
Password managers made by third-party developers offer more functionality. These products are cross-browser, provide more sophisticated mechanisms for generating passwords and have additional bells and whistles under the hood.
Dashlane
Price: $0 – $5.99 per month.
Supported operating systems: Windows, macOS, Android, iOS.
In addition to basic password management, this tool allows you to check your stored passwords for strength and have them automatically replaced with more complex ones in a single click if necessary. You also get 1GB of secure storage and a VPN service with no traffic limitations.
Dashlane supports Windows Hello, giving you the ability to log in with biometrics, including face and fingerprint scans. Plus, it allows you to check if your email addresses, passwords and financial information have been compromised and leaked on the dark web. The app has a free version, but with the caveat that it cannot store more than 50 passwords.
Keeper
Price: $2.91 – $6.01 per month.
Supported operating systems: Windows, macOS, Linux, Android, iOS.
Keeper boasts a streamlined and user-friendly interface while providing 10GB of secure storage. Like Dashlane, Keeper supports biometric authentication with Windows Hello. This password manager additionally offers a two-factor authentication (2FA) mechanism dubbed Keeper DNA, which generates one-time passwords on mobile devices. Keeper has built-in dark web monitoring and encrypted chat features that allow users to share files securely.
1Password
Price: $3.99 – $7.99 per month.
Supported operating systems: Windows, macOS, Linux, Android, iOS.
Just like the apps described above, 1Password is compatible with Windows Hello and scans the dark web for leaks of your sensitive data. It provides 1GB of encrypted storage. One of the awesome things about it is the family account option that supports up to five users simultaneously with an unlimited number of devices. 1Password also comes with a built-in parental control feature that prevents your kids from changing passwords for important services.
LastPass
Price: €0-€3.9 ($4.73) per month.
Supported operating systems: Windows, macOS, Android, iOS.
The free version of LastPass provides the broadest range of features across the whole spectrum of commercial password managers. It allows you to store an unlimited number of passwords on an unlimited number of devices with an extra option of granting access to one more user. The premium version lets you give access to multiple users and includes biometric authentication features, 1GB of secure storage, as well as 24/7 email tech support.
How do you choose the best password manager?
Password managers make it much easier to work with web services and to secure your accounts. This way of handling passwords is definitely more secure than old-school approaches, such as reusing passwords or using terribly similar combinations. It comes as no surprise that these apps are gaining a good deal of traction among users these days.
Nevertheless, when choosing a password manager that suits you the most, be sure to scrutinize its features. In-browser services are convenient and understandable for most users. Still, they tend to lag behind their commercial analogs in terms of generating strong passwords, availability of two-factor authentication and the option of switching between browsers. As a result, most InfoSec professionals think of these tools as garden-variety browser extensions and advise against using them to store sensitive data such as e-banking credentials.
Commercial password managers offer overarching functionality and work as standalone apps. Although many experts consider them more reliable than those built into browsers, the vast majority of users prefer the latter for their day-to-day web surfing.
Amsterdam-based David Balaban is the founder of the Privacy-PC.com project and is a computer security researcher with more than 17 years of experience in malware analysis.