A good password manager can help keep you safe online by allowing you to use a different random password of sufficient length for each of your user accounts. According to a Dashlane study, the average internet user has more than 150 online accounts, so a password manager is the only way most people can avoid reusing passwords. There is no shortage of great paid password managers out there, which may have you wondering which one is right for you. In this article, we'll take a look at the five most important things to consider before buying a password manager.
1. Do I want my vault to be stored in the cloud or on my device?
Your password "vault" is where all your passwords are stored. There are two approaches to storing your vault: on the device or on a cloud server. You might think you'd prefer on-device storage, and there are definite advantages to that. When your passwords are stored on your device, you don't have to worry about data breaches affecting the provider's cloud, or whether your information is transmitted and stored correctly. RoboForm is one of the few password managers that allows you to store your passwords only on the device, without any cloud intervention, while Sticky Password allows you to sync devices over local Wi-Fi. . On the other hand, if your device is lost or stolen, you will also lose all your passwords, with no way to recover them. It can also make it difficult to sync passwords between devices or move all your information to a new device. With cloud storage, the opposite is true: your passwords can be easily recovered if you lose access to your devices, but there are additional security concerns. Most password managers have strong encryption on their cloud servers, and the best ones encrypt your data on the device, even before it's transmitted to their servers. Dashlane is one such password manager.
2. How important is no-knowledge storage to me?
Zero knowledge refers to policies and architecture that eliminate the possibility of a password manager accessing your password. Remember that just because your data is encrypted on a provider's server doesn't mean they can't access it, it just means they don't. That is why some password providers use a knowledgeless architecture, which by design eliminates this possibility. Keeper is an example of a secure password manager that follows this principle. "The clear version of the data is never made available to Keeper Security employees or any third party," its website says. "In the unlikely event that Keeper was hacked, attackers could only access worthless ciphertext." However, the technology is not without its limits. First, it is extremely difficult to build such an architecture, which means that companies are not always 100% successful. More than one vendor has admitted to being unaware of an unlikely but possible scenario where their zero-knowledge policy could be compromised. Second, it makes it difficult or impossible to have some of the more practical features of password holders, such as inheritance and automatic password updating. Keeper, for example, refused to implement inheritance until it could do so in a zero-knowledge framework, and no one has yet to manage automatic password updates in this context.
3. What kind of recovery options do I want?
The main disadvantage of using a password manager is that if you forget your master password, your data may be unrecoverable. Different password managers have approached it in different ways. LastPass, for example, allows you to generate a one-time password to access your vault and reset your password, even though you'll need to sign in to the email address you used to use. Creat your account. However, this convenience means more flexible security, since anyone with access to your email address can access all of your user accounts. As another example, 1Password has improved security, so things are more complicated. It's technically possible to revert 1Password to a previous state (for example, if you recently changed your password and can't remember the new one), but you'll lose all new passwords and user information you've added since then. then. You will need to check what type of recovery options each manager offers and which one provides the right balance of convenience and security for your situation.
4. What about device compatibility and browser plug-ins?
Device compatibility is another important factor when choosing a password manager. Not all managers are compatible with all devices. This is especially important if you are purchasing a device manager for a professional environment, especially if multiple users will be using different devices and if you support remote workers and Bring Your Own Device practices. In this situation, you may need a Linux-compatible manager, such as NordPass. Also make sure that the password manager you choose includes a browser plugin for your preferred browser. These days, that's not a big deal, as most password managers have a robust plugin for all major browsers. If you use a less popular one like Opera, your options will be more limited. If you are purchasing for a professional multi-user environment, please note that team members may use different browsers.
5. Is it for my personal or professional use?
Again, your decision may vary depending on what setting you plan to use the password manager for: personal or professional. If you are dealing with a professional environment with multiple users, it is essential to find software with good user management features, such as user groups and secure password sharing. Dashlane and Keeper, for example, have strong multi-user functionality, including a centralized administrative panel for creating user groups, assigning permissions and passwords by group or role, and supporting an unlimited number of devices. IT administrators will want to ensure secure practices among employees, which the password manager can help you with. Additional security features like a strong password generator, password listener, and dark web analytics can help keep businesses safe. These features may cost more, but since 80% of hacker breaches result from poor employee password practices, they are well worth it.
Conclusion
The security of your user accounts and information online can be greatly improved by investing in a good password manager. No two services are the same, so be sure to do your research and consider these five important questions before making any decisions. All the password managers mentioned in this article have different characteristics and are considered among the best on the market.