Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Fact: password managers are a must; it really doesn’t matter if your endpoint’s part of a larger enterprise network or hooked up to your home’s router. With each account demanding a unique and, therefore unrepetitive password (yes, I have felt the need to say that out loud), the odds are that you’ll forget a couple of them along the way.
This is one reason why a password manager should become the norm, the second one being auto-generated phrases. If you’re still having any doubts about whether or not your business should make the switch, keep on reading. This article may change the way you look at password management, which isn’t an easy task considering the number of accounts (23 per person, on average).
So, without further ado, here’s the best password manager money can buy and some notable alternatives. Enjoy and stay safe out there!
What is the best password manager?
Let’s talk about the elephant in the room which, in this case, would be the best password manager. So, in my (humble) opinion, the best app out there is 1Password. If the name doesn’t ring a bell, I won’t blame me – it took a lot of research and a whole a lot of trial-and-error to nail this one. I have to admit that I was a little suspicious at first.
Maybe because I’ve grown a little too comfortable with LastPass. Anyway, after giving 1Password a try, I’ve discovered that the ‘rumors’ were not exaggerated. Although it’s pretty light compared to, let’s say, BitWarden, DashLane, and even LastPass, it packs quite a lot of features. On top of that, it’s easy to set up and can be deployed on any machine running Windows, Mac OS X, Android, iOS, and ChromeOS. Pretty impressive considering that 1Password started out as an Apple-dedicated product.
Features-wise, let’s start with the basics: password vault and the secret key generator. As you probably know by now, every password manager asks you to create a so-called Master Password (the one to rule them all). Unlike other apps, 1Password will give you a helping hand in generating a strong password. Not exactly an in-app feature, but it does come in handy when all you think of is your cat’s name or DOB.
As any honorable pass manager, 1Password supports in-browser integration; works with the major league players and with a bit of wishful thinking, it can be integrated into newcomers such as Brave.
1Password’s key differentiator is, without a doubt, the secret key generator. It’s marketed as being an extra security layer, but it’s more than that. Upon activation, this feature generates a one-time and unique key that encrypts all registered passwords.
An outstanding security feature, but has one major caveat – if you lose this key, you won’t be able to decrypt your passwords, and, well, use them. To make matters worse, should this occur, not even 1Password can decrypt the passwords on your behalf. Still, keeping your secret key safe (perhaps in a vault-type folder or something similar) will prevent any accidents.
Another one of 1Pasword’s perk is its built-in 2FA authentication system. It works, more or less, like Google’s Authenticator – if you attach an email address, it will generate a unique authentication code. Hurry up, because you’ll have about 30 seconds or so to input the code before it expires.
And, finally, we come to the very reason why we consider 1Password to be the best password manager: the travel mode. You may be inclined to think that this feature may be similar to Waze’s drive mode or something like that. Well, it doesn’t. Travel Mode is a nifty feature that allows the account user to wipe all sensitive data from a device.
That includes cookies, any passwords stored in plain text, and other such info that can be used to track or spy on the user. Basically, you leave home with a clean slate – you can connect to any public or private Wi-Fi, without having to worry about someone stealing your data. Once you get back home to ‘safety’ you can restore the wiped data with a single click.
Other useful features
1. 365-day item history
Restore/retrieve passwords deleted within the last year. Quite useful if you want to redeem an account you haven’t used in a very long time.
2. AES-256 encryption key using the Encrypt-then-Mac technology
No, it doesn’t have anything to do with Apple’s Mac devices. Mac’s short for message authentication code is a cryptographical practice that involves appending a short piece of information to the delivered package.
This ‘tag’ is used to confirm that the package came from the stated sender and not from someone else. In Encrypt-then-Mac schema, the plain-text password is first encrypted in order to produce what cryptography regards as Ciphertext.
A key is then used to encrypt the encryption (yes, I know it sounds odd). But that’s not the end of it – the hash function (the file’s ‘footprint’) also receives its own encryption key. This produces the message-authentication key. So, the Encrypt-then-Mac approach is a Cyphertext with an appended MAC.
3. Integration with most browsers and a of third-party apps
For instance, 1Password supports full integration with your favorite browsers and some popular third-party apps such as Slack.
4. Password-checking for duplicate, weak or compromised passwords in the vault
1Password crawls your vaults at regular intervals, searching for duplicate, weak or potentially compromised passwords. It also serves as a reminder to change passwords on a regular basis, a rule-to-be that should be embraced by home and enterprise users alike.
5. Competition-grade features
AgileBits’ password manager features: password recipes (shows you the ‘magic’ formula to create strong passwords for your accounts), unlimited devices & passwords (allows you to generate an unlimited number of passwords for, well, an unlimited number of devices; great asset if you’re looking for scalability), automatic form-filling, optional 2FA, multiple vault generator, activity log and full trail audit, vault-sharing and syncing.
Last, 1Password allows you to create custom groups and digital wallets. Additionally, it’s fully compatible with all biometric login methods such as Face ID, Touch ID, and fingerprints.
As you can see, there is a lot of things to be said about 1Password, but from what I sketched so far, it’s not hard to imagine why this is the best password manager on the market.
The only other caveat I could find is pricing. 1Password doesn’t have a free version, although it does come with a 30-day free trial. Still, compared to the competition, it’s much cheaper, at least as far as the consumer part is concerned ($3 per month will get you cross-platform compatibility, 365-day deleted passwords, 2FA, 5 guest accounts, round-the-clock support, and Travel Mode).
The second price tier, which mostly concerns small businesses and enterprises, comes with full features and a negotiable monthly fee.
Anyway, that’s it about 1Password. If you’re interested in more technical details, you can always check out the company’s blog and support pages.
The next step would be to take a closer look at what the competition has to offer. Let’s get cracking.
Top 4 Options Analyzed
The anatomy lesson is far from over. Up next, we are going to look at 1Password’s competitors in terms of features, pricing, and everything in between.
1. LastPass
Let’s not start off on the wrong foot – LastPass is a great password manager, packed with features, and, above all, free for all to use. The reason why LastPass is not included in the first section of the article is that the password manager had to wrestle down one ‘minor’ data breach and a vulnerability that could have led to yet another leak.
Although LastPass said it has patched the issue at Google’s Project Zero behest, users have begun looking for alternatives. It makes sense, considering that a data breach and subsequent leak of this magnitude could endanger at least 10 million users.
Okay, so that’s one black ball for LastPass. Anything that could redeem it? Well, considering that LastPass has 16 million users around the world, it stands to reason that it does have its perks. First of all, it’s free of charge – at least the personal plan, which is pretty reasonable. So, in just a matter of seconds, anyone can set up a LastPass account, create a master password, and start adding personalized or auto-generated ones to the vault.
This says a lot in terms of user experience. The basic lineup has quite a lot of features considering that it’s free: multi-factor authentication, security challenge, auto-fill passwords, secure notes, personal vault for every created user, authenticator, cross-device compatibility, and more.
Premium and family options are also available, but I’m not going to cover them here. You can find more about LastPass’ personal pricing tiers and features by checking out the appropriate page.
On the enterprise/SME side, pricing varies a bit compared to the consumer side, but not by much; it’s a bit more personalized. Anyway, on to features, perks, and everything in between that makes what it is today.
In my opinion, the key differentiator has to be the “change multiple passwords at once” feature (it’s pretty self-explanatory). That’s strike one for LastPass. Unfortunately, that’s 1Password’s only hiccup in its battle against LastPass. If the latter threw the gauntlet, 1Password did not only pick it up but totally used it to bash LastPass.
Another aspect that sets apart the two managers is the ability to store data locally and the website compromise alert – if you have an account on, let’s say Evernote, and someone breaks into the database, 1Password will send you a notification. Based on the recommendation, you can either change the current passwords or disable the account until the issue’s resolved.
That’s LastPass for you. Now, let’s move on to another golden oldie – Dashlane or, as I like to call it, LastPass’ archenemy.
2. Dashlane
Should Dashlane have its very own coat-of-arms, I guess its motto would be “we see the unseen and shield you from darkness”. In a very loose translation, this means that Dashlane is the only password manager that actively monitors the dark web for data leaks or, more specifically, for dark web vendors who want to sell the data taken from your endpoints or accounts. To my knowledge, it’s the only one of its kind that offers this kind of monitoring service.
Unfortunately, this feature is available for the premium version only. Of course, no one’s stopping you from getting the premium package which packs a whole lot more than dark web monitoring – maybe the price.
Compared to its competitors, the shift from free to premium has a price tag of $40 (yes, I know it’s kind of steep). In terms of features, there’s virtually no difference between 1Password and Dashlane.
However, 1Password’s cheaper, scalable, and it does have the Travel Mode which, in my opinion, is much more useful than Dashlane’s dark web crawling endeavor, especially for remote employees or people who travel a lot.
Security-wise, Dashlane employs 2FA and the YubiKey – cryptography’s undisputable champ, with zero breaches to date. Unfortunately, 2FA via YubiKey is only available for the bourgeoisie (aka the premium users) and the free version doesn’t offer that perks – only one device, password storage for 50 accounts, pass-sharing for 5 accounts, a password generator and change, security alerts, and autofill.
As I’ve said, pretty basic and, from a customer standpoint, not really worth the investment if you’re running less than 20 accounts. Sorry Dashlane, but 1Password wins the day again.
3. Bitwarden
Most of you have probably never heard about Bitwarden. Don’t worry – I haven’t either before starting to work on this review. The best analogy I can come with is that Bitwarden is the VLC of password managers – open-source, modable, powerful, easy to deploy, and, most importantly, it’s free.
Well, at any rate, that’s how the project began. Back in 2016, the dev team behind Bitwarden devised a product intended for the iOS and Android markets. Fast-forward in time, the little engine that could become one of the most competitive password managers on the market – it even gave LastPass a run for its money.
It’s a great gadget, but not without flaws. If you’re new to this, I would suggest installing Bitwarden first to get the hang of things. Features-wise, compared to the competition, this password manager kinda falls short.
Bitwarden doesn’t work offline, meaning that it needs an active Internet connection. Can’t say if that’s a major pitfall, but it does rule out field auto-filling for locally-generated password vaults.
Bitwarden has indeed a free version, but it’s kind of bland – two users, two collections, unlimited shared items, and that’s about it. Of course, you can always go for Premium. It’s around $1 per month if you opt for the Family plan. This will get you five user accounts, unlimited shared items & collection, on-demand self-hosting, and monthly vault health reports.
There’s also an Enterprise version, which will get you a few interesting features like full trail audit, on-premises hosting, user groups, directory sync, and an additional security layer (MFA). You can find out more about what Bitwarden has to offer by visiting their official website.
4. KeePass
I like to think of KeePass like Bitwarden’s distant cousin; they’re very much alike, both in terms of features and functionality. The only difference is that KeePass is free to use and deploy. That’s right; it doesn’t have premium features and, unfortunately, overall, it has that lackluster feel. Even the interface looks that it was made to wither away on a computer running Windows 98.
Anyway, in terms of features, KeePass packs SHA-256, AES, and Twofish encryption protocols, password groups, export to TXT\HTML\XML\CSV, database transfer, autofill, multiple user keys, lightweight installations manager, and a plug-in based architecture.
Of course, KeePass’ forte is its open-source nature. I’m guessing that someone with the know-how, can make this password manager outperform everything on the market. Not that great for a budding business or a company, but decent for a home device handling 20 or so accounts.
Wrap-up
1Password is, by far, the best password manager on the market. Granted that it is a little out of price range, but it’s still the most cost-effective and secure solution out there. So, what do you think about 1Password? Have you tried it out yet?
I usedto agree with you, but after trying Sticky Password (in Local-mode) I tend to disagree 🙂
The problem with security is expertise versus convenience. The best password manager is Keepass because it has NEVER been hacked. However, quite a lot of expertise and patience are required to configure Keepass. Therefore, since most users have neither the patience nor the expertise, they opt for the simple solution, 1Password. Since 1Password is a cloud solution, it is a target of hackers. Keepass on the other hand is completely local and can be saved on a portable USB stick. It is by far much more difficult to attempt to hack. Hackers prefer low hanging fruit. 1Password has more bang reward for the hacking effort. Therefore, hackers opt for 1Password. Personally, I recommend Keepass over ANY other password manager if you are serious about password security.
Bitwarden is the best !
Unpopular opinion: Any thoughts on Zoho Vault?
A few questions to clarify (and perhaps add perspective);
– You like the feature of you being able to restore something you securely deleted 365 days ago?
– You state that BitWarden is “flawed” but without mentioning where and how…?
– You state that BitWarden can not be used in offline mode? (I’ve just tested from flightmode – no issues at all?)…
– Has anyone of them been able to provide independent 3rd party vetting of their services?
– Final comment; IMHO No talk about breaches of services, T&C’s or anything like that, when comparing services that will store credentials at their storage points, appear a bit to shallow.
Have to agree, after trialing many different solutions over the years I came to the same conclusion.
Outstanding product
what about Sticky Password??
I use sticky password and love it. No faults