I know nothing about it but seriously any password manager is better than no password manager.
But okay here’s what you want to look for in a password manager:
- Portability – you log in to accounts across devices, you want your password manager (PWM for the rest of this post) to work across devices and sync across devices. For most people you’re going to want a PWM with an app, but some people like to store a password vault on various devices so they aren’t reliant on internet connection to access passwords.
- Security – A PWM should never store your passwords in plaintext, they should always be encrypted. Pretty much all decent PWMs use 256 bit AES encryption which I know sounds like gibberish but basically it means your passwords are locked up with really hard math and if you’re comparing options do a ctrl+f on each PWM’s feature page for “256″ to make sure it uses the proper encryption standard.
- Usability – Some PWMs are a pain in the ass. You should try out a couple that seem like good options and figure out which one feels most usable for you. This may mean that you want a PWM with an app, or one with a browser extension that works in your browser; it may mean that you want a PWM with a very simple user interface. You may find that the paid features of a PWM make it more usable for you than the free version. The thing is that you have to USE it. Whatever PWM you are most likely to use based on the interface and features is the one you should install.
- Port-ability – There’s always the possibility that your PWM will have an update and the update will make it unusable for you; maybe you’ll hate the layout, maybe it’ll add steps that make using it inefficient. You may need to bail on your first choice, which is why you should make sure that whatever PWM you choose makes it easy to transfer your credentials from one PWM to another. Look up how-tos and tutorials on “how to move my passwords from bitwarden to apple password manager” or “how to import passwords into firefox password manager.” Any reasonable PWM will allow you to easily export your credentials; if they don’t let you export with a simple process, don’t install it.
Features to look for:
- Password Generator – a tool that will create passwords of varying complexity for you. If your PWM won’t generate complex passwords for you but will only store passwords you’ve created I would recommend looking for a different manager.
- Password Checker – a tool that ensures the password you have selected isn’t on any lists of compromised credentials.
- Customizable Security – maybe if your desktop and your cellphone are password protected with a short timeout you don’t care how long your vault stays open. Maybe if your desktop screen lock you want your PWM to lock itself after fifteen minutes. Maybe it’s easier for you to log in with a pin than a password, maybe you want to require multifactor authentication for access. Setting your settings the best way for you personally is going to make the whole PWM more usable for you, so make sure you’re comfortable with the options your PWM allows.
- Cards and ID – Some PWMs will allow you to securely store credit card info. This is extremely handy and very useful if you do happen to lose your cards. Some will let you upload photos of your ID or your car insurance or other things. This is also very, very handy.
- Customizable folders – Look, sometimes you just have to sort things. Your PWM should give you the option to create a folder structure that makes sense to you instead of limiting you to predefined categories.
Off the top of my head that’s all I can think of. I’m sure that the apple password manager is better than nothing so you should absolutely use it if that’s what’s easiest for you.
This is why the 256 bit AES encryption is important! If the password manager is hacked through the company’s servers getting broken into or something like that nobody has your passwords. The company doesn’t even have your passwords.
Choose a good, complex, memorable password for your password manager, don’t share that password with anybody unless it’s a life-or-death situation (literally; I don’t know the password to my spouse’s password safe unless he is going in for surgery) and unless someone is able to crack your password or gains physical access to your desktop while your password vault is unlocked there’s no way to get at the passwords.
You do need to have SOME good security practices in place to ensure safety even with a password manager.
- Don’t let people remote in to your computer
- have your computer time out after short period
- lock your phone and require a password to get back into it
- don’t give people you don’t know and trust physical access to your devices
- Use complex, unique passwords to log in to your devices and your password manager (I like doing this with song lyrics – “Nggyu,Nglud,Ngraady57″ is a rickroll and a family member’s birth year so it’s complex but easy for me to remember)
But if you’re worried about your passwords getting revealed in a data breach the way personal data gets revealed by like, target and experian and the US government then don’t worry about that. That doesn’t happen if you choose a password manager with appropriate encryption.
#PSA #the more you know #(I personally use KeePass (XC and DX variants)) #(I’m very happy with it but it is not for the faint of backup) #(for those use-cases I hear a lot of praise for Bitwarden)