If you’re like most people, you probably don’t use complex passwords. Instead of using the strongest passwords to protect their accounts, most people strive to make their passwords simple. And many computer users attempt to commit their passwords to memory. In order to make everything easier to remember, they either make all of their passwords the same or only use slight variations.
But doing so can lead to big problems, because after only one of your accounts have been comprised, they all could be. The ideal solution is to use a password manager to keep all of your login credentials straight. A password manager works by storing all your login data in an encrypted database. Even if a hacker or eavesdropper got their hands on the encrypted password database, there’s nothing they could do to reverse engineer or open the database without the master password.
Furthermore, password managers usually have random password generation tools that create extremely complex strings of characters given certain criteria. Consider the following two passwords:
Which one do you think is going to be more easily cracked in the event of a brute force password attack? That’s right, the first one. By increasing the complexity with uppercase, lowercase, numeric digits, and special characters, it becomes exponentially harder for a password attack to succeed.
But I bet I know what you’re thinking. How on Earth could anyone ever memorize such a long and random series of characters? Well, most people don’t. You see, when you use a password manager, you can copy and paste your passwords, which will even help protect you against a certain type of malware called a keylogger.
How Password Managers Protect Against Keyloggers
A keylogger is a type of malware that runs invisibly on your computer as a background process. Some of them are so sneaky that even the latest and greatest antivirus and anti-malware applications can’t detect them. The point of the keylogger is to silently record every single keystroke a user enters. Then, the keylogger sends that data to the attacker.
Essentially, the attacker can see every single thing you type. While reviewing the keystrokes, they can see what you typed in to Google, the contents of a report your were working on, and even your usernames and passwords to banking sites, social media, and any other website you logged into.
But using a password manager will help prevent a keylogger from stealing your passwords. Because they have random password generation tools, all the keylogger will see is the click of your mouse button. That is, it won’t be able to see the randomly generated password since you didn’t physically type it out. And as long as you simply copy and paste the password from your password manager to the login field, the keylogger still won’t be able to catch your credentials.
Protection Against Caching
Web browser security has come a long way, but it’s still not perfect. These days, most web browsers will encrypt all of your cached login information. For example, if you set your web browser to automatically remember your username and password for Facebook, those credentials will be stored in an encrypted database.
Sounds pretty secure, right? It actually isn’t. There are still a lot of vulnerabilities concerned with caching login credentials in web browsers. First of all, some hackers can reverse engineer the database using special tools on Kali Linux. Furthermore, just think what would happen if someone stole your mobile device or computer. They would be able to access all the websites you cached in the blink of an eye.
The good news is that using a password manager will mitigate these threats. It all hinges on the master password. As long as you’re the only person who knows your master password, there’s nothing a hacker or thief can do to get into your online accounts.
Master Password Caveats
Password managers are more secure, but you have a tremendous amount of responsibility regarding your master password. You have to remember it and commit it to memory. It’s inadvisable to write down your master password (especially in the form of a sticky note stuck to your monitor), because it would be that much easier for someone to open the password manager and infiltrate your accounts. I suppose if you have to write it down you should make sure the copy is in a secure location, such as a safe. But in reality, you’re much better off memorizing your master password.
But if you fail to remember your master password, you’re in for a rough surprise. There’s no password recovery mechanisms on most password managers; having a recovery mechanisms would defeat the whole point of password security, and give hackers a greater chance of getting their hot little hands on your passwords. Essentially, if you can’t remember your master password, your password manager is worthless, and there’s nothing you can do to re-enter the password manager.
If that were to happen, you do have the option of going to each individual website and initiating a password reset. But I’ll warn you: it’s time consuming and not a lot of fun.
That said, let’s take a look at the 5 best password managers.
KeePass is perhaps one of the most popular password databases, and it’s completely free to use. And it operates on the model of a master password. Basically, the master password is used as a key to access the database. Whenever you add a new entry into KeePass, it automatically updates the encrypted database.
If a hacker or attacker got their hands on the database file, there’s absolutely nothing they could do to read your passwords, without knowing the master password, of course. There is no master password recover mechanism, either, because it would defeat the purpose of security. So the burden of remembering the password is on you. If you forget the master password, you’ll be forever locked out of your own database.
StickyPassword is yet another password database, and it is quite popular as well. It encrypts passwords using AES-256 encryption, just like KeePass. But it’s got some really cool advanced features like biometric authentication (yep, just like you’ve seen in the movies). They have both a free and premium version, too.
Some of its advanced features include the ability to automatically fill out web forms so you don’t have to lift a finger, it can generate random and extremely complex passwords (like KeePass), and it can even store payment card information to expedite the online checkout process.
LastPass is another fantastic password manager, but it’s a little different because it’s an online service. Like the preceding services, it employs a master password to protect your credentials. As such, it’s platform independent.
It too has the ability to autofill forms and password fields for you, which is a fantastic way to mitigate keylogger attacks. Plus, you can use it absolutely free of charge.
1Password is similar to LastPass, but you can’t use them for free indefinitely. Instead, they offer a 6-month free trial. It can be used to store a lot of sensitive information such as passwords, payment card data, and even an alarm code. I like how they have a feature that can tag credentials to better organize them, too.
If you want, they even have a browser extension to make life easier. After all, your web browser is where you’ll be entering login credentials anyway. Another thing I like is that their service can be used on as many devices as you want.
Firefox, as you may already know, isn’t strictly a password database. But this web browser has so many add ons and extras that it can easily and securely store all of your passwords in an encrypted format for free. In fact, by default, the web browser will store all of your cached passwords in an encrypted database.
I prefer a solution like KeePass so I can sync the password database with other computers using cloud storage. Nevertheless, it’s extremely secure. Once upon a midnight dreary, my computer crashed, and I was trying to recover all of may cached passwords from my HDD to make sure I hadn’t missed any of them. But when I opened the Firefox database that stores all the passwords, all I got were strange characters. Without the right key file, it’s impossible to decrypt the database.
I’m partial to KeePass, but that’s probably because I’ve been using it for so long. Password managers have evolved, and the latest services have some extremely useful features. However, even though these providers are secure, I always have qualms about storing passwords with an online service. That’s irrational, because there’s no way to break encryption without the master password. Still, these are the top 5 best password managers, and they’ll ensure that you don’t become a victim of a keylogging or malware attack that steals your login credentials.