Let’s face it: no one likes passwords—and for good reason. First, they're tiresome to create and easy to misplace. You have to devise long, nonsensical strings of numbers, letters, and symbols, and then you have to remember or store them in an inaccessible place. Second, passwords are a volume operation. You need a unique password for every account you use, and you're supposed to swap out your old passwords for new ones at regular intervals.
Why the hassle? Because the way hackers defeat those long alphanumeric strings is through brute force: They try myriad random combinations in lightning-swift sequence, hoping to unlock your passwords for access to valuable information. Short, easy-to-remember passwords like your birthday or your pet’s name make it a cakewalk for crooks to infiltrate your account, commandeer your computer, and steal your identity, your money, or both. Using the same password for all of your accounts compounds the problem by giving bad guys a master key (if they figure it out) to your entire online mansion.
One method of defense is a password manager, a software utility that saves, stores, serves, and generates secure passwords. These provide be the best barrier between you and an identity thief. Though we mention a number of password managers as examples in this story, because it's up to you to decide which package of features best suits your needs. Here are some pointers on what to look for.
Even folks with a minimal online presence now need multiple passwords (for email, insurance, banking, social media, retailers, messaging, chat, apps, subscriptions, and services). And as a result, the whole process of creating and maintaining passwords can become a deadly (or at least deadly boring) drain on your time and ingenuity.
Luckily, password management software can truncate the tedium by automating numerous processes and preventing time-consuming typos that can lock you out of your accounts or force you to change passwords in order to access important messages or other content.
Password managers work more or less like the keys to an apartment building. First, you need a key to get into the locked building (the master password); then there's another key for your apartment (the specific password for apps and services, stored within the software’s encrypted database or vault). Many password managers also handle the task of generating stronger and more secure passwords than your existing ones.
Many password managers have browser extensions for logging in to your web accounts or filling in forms. During setup, some managers will help you gather your login information in their databases.
If your private information is suddenly exposed—because someone hacked into data that included your social security number, credit card, or health information, for example—you need to be able to change all of your passwords pronto, and these utilities should be able to handle that job without much fuss.
Device and Platform Compatibility
In the early days of the internet, most people had just one desktop or laptop computer and an email account to think about. But today you can access accounts across smartphones and tablets, and that puts a premium on strong passwords and other forms of personal information protection. Most high-quality password managers—including Dashlane, LogMeOnce, LastPass Premium, and RoboForm Everywhere—can sync across Windows, Mac, Android, and iOS devices via companion apps. Some even let you authenticate on mobile devices with a fingerprint or a picture rather than a master password.
Still, it's a good idea to check a utility's specs to confirm that it supports your devices' operating systems. Open-source Linux and Microsoft Surface RT get less love from password managers than Mac OS and Windows do, and fewer packages (such as RoboForm Everywhere, LastPass Premium, and Keeper Backup Unlimited) support them.
Besides being compatible with your main device's OS, your chosen password manager should support your favorite browsers. Almost all password managers work with Internet Explorer, Chrome, Firefox, and Safari. You can be pretty safe in assuming that almost all managers also support iOS and Android, but fewer—like RoboForm, LastPass, Keeper, and SplashID Safe—support BlackBerry and Windows Phone.
Advanced Security Technologies
All password managers are not created equal. For maximum security and convenience, look for a cross-platform manager that excels at password generation, uses industry-standard AES-256 encryption and two-factor authentication, and offers auto-fill options. Many password managers include some form of multifactor authentication such as biometric, SMS, or Google Authenticator.
Dashlane offers U2F (Universal Two-Factor) authentication protocol from the FIDO (Fast IDentity Online) Alliance, while LastPass Premium offers multifactor authentication, automated password switching, actionable security reporting, and password inheritance. The premium version of Sticky Password supports fingerprint-based biometric authentication on a mobile device and permits Wi-Fi syncing across devices. With 1Password, you can store encrypted data locally on your computer or mobile device; it also lets you use iCloud or Dropbox syncing. Keeper protects information with 256-bit AES encryption, PBKDF2, and multifactor authentication.
Some password managers notify you of weak or duplicate passwords and can help you construct more-secure ones. Some even automate the task of changing those passwords periodically. LogMeOnce combines a password strength report with an automatic password changer. Many password managers can store your credentials, so it’s not a great leap for them to be able to fill in web forms with routine data such as first and last name, email address, and phone number.
Several managers include a digital legacy feature, which transfers login information to trusted individuals or family members after the primary user's death or incapacitation, and permits secure sharing of login credentials with specific contacts or family. LogMeOnce can track stolen devices and offers enhanced reporting and single sign-out. RoboForm Desktop, Dashlane, 1Password, LastPass, and others let you store passwords locally. Dashlane will notify you if you have an account on a site that has been hacked—and it can capture receipts from online shopping.
Many password managers also have digital wallet capabilities for storing your credit card information, importing and automatically saving passwords and related secure notes, keeping your passwords organized and categorized, and storing additional encrypted files in a digital vault.
What if you lose your master password? You may be out of luck. Many password managers, including 1Password, Keeper Backup Unlimited, Sticky Password, and RoboForm Everywhere, cannot recover your master password if you lose it.
Despite their fine qualities, password managers can get hacked. It has happened to LastPass several times, for example, although the company’s strong security algorithms prevented encrypted user vaults from being compromised.
Given enough time, a supercomputer can crack any algorithm. So if you’re sitting on high-value information, these consumer-level programs must yield to professional-grade techniques.
Choosing password managers that have two-factor authentication in addition to an encrypted vault can help. But there is no ironclad guarantee that nothing will ever go wrong. Consequently, you may feel more comfortable with storing your password collection locally rather than in the cloud, as RoboForm Desktop and others can do.
Price and Support
Dozens of utilities are available—some free, others subscription-based at prices of up to $50 a year—for both desktop systems and mobile devices, with key databases stored locally or in the cloud. LastPass and Dashlane have free versions designed for use on a single device. Keeper is $10 per year. Some utilities charge extra for cross-platform syncing.
Most password managers are easy to use, but even experts run into problems occasionally. So be sure to look into the companies' responsiveness to user issues. Every company offers email support, but a few—like RoboForm Everywhere, Password Genie, and Keeper Backup Unlimited—also have a live 24/7 chat option.
Faced with a guerrilla army of hackers bent on disrupting the honest business of the internet, you no longer have the option of taking a laissez-faire approach to online security. If your password is still "password" or your cat's name, and you reuse the same password for different accounts, you are playing a dangerous game. The easiest way around the problem is to choose a password manager and let it analyze and generate strong 12- to 16-character passwords for each of your accounts.
Don’t balk at paying a reasonable fee for the service, either. Identity theft is too serious to take your chances with. Try out a few apps and then go with the one whose features and interface you like best. Remember, if it’s not easy to use, you won’t use it. Then make your decision, get it done, and sleep well.