What is my password?
For every online account we use, we create a username and password. A username is an arbitrary alias you create to identify your account, and a password is a phrase you create to authenticate yourself and differentiate yourself from others. The username and password pair is used as an authentication method for many decades, and this isn't going away anytime soon. Since we rely on username and password to log into online accounts, we must secure them safely by creating a strong password in order to protect your account from others.
Password Managers
In today's complex world, we have more than several dozen online accounts and having to create and remember strong password for every accounts is next to impossible. Using the same "strong" password for every account is also a bad practice as you may already know. How do you cope with the problem? The answer is password manager.
1. Are free password managers worth using?
A quick answer is YES, but you must be wary which password manager you use. The fact that a password manager can actually steal your online passwords, you must pick one from a well-known brand or one that has a good reputation. A couple of built-in password managers are from Google Passwords and Apple's iCloud Keychain. Using Google Passwords is limited to the Chrome Browser, and iCloud Keychain is only limited to Apple devices. Apple has an instruction on how to setup iCloud Keychain on iOS, iPadOS and macOS devices.
Aside from platform-dependent password managers like Google Passwords and iCloud Keychain, there are a handful number of third-party password managers that offer free versions. Most of them hit you with paywalls by limiting you to a small number of passwords or limited to one device. A few free versions that stand out with unlimited passwords and an unlimited number of devices include Bitwarden, LastPass, and Zoho Vault.
2. Do pasword managers get hacked?
The answer is YES, but it's very unlikely and there is nothing to worry about. Password managers are software packages developed by companies to help users maintain strong passwords. Even though password manager software may go through a rigorous testing cycle to make it as reliable as possible, it may include bugs like any other software. Cybercriminals may try to hack into security companies like password manager makers to steal millions of passwords, but gaining access to password vaults will not allow them to decipher real passwords. All password managers encrypt user passwords with the industry's strongest encryption, and no one including the vendor will be able to decrypt the password without the master password.
Multi-Factor Authentication
With the Internet changing our digital lives, we often deal with sensitive personal data, cybercurrencies, and investment accounts and it's devastating if someone gains access to our online financial accounts. We may potentially lose thousands or millions of dollars if the account falls into wrong hands. MFA or 2FA comes into play to protect our accounts further from hackers even if they have access to the username and password. Two Factor Authentication (2FA) is requiring a second form of authentication in addition to 1FA (username/password) to enhance our online security. 2FA is usually time-based and generates a TOTP (Time-based One Time Passcode) to authenticate a user.
There are several forms of 2FA mechanisms, and they include SMS, Email, Biometric, Software, and Hardware approaches. Upon successful first authentication, the system requires a user to enter 2nd form of authentication.
- SMS: A one-time passcode is sent via SMS. A user must have the phone to retrieve this number.
- Email: A one-time passcode is sent to the user's email address. A user must have access to the email account.
- Biometric: If authentication is required on a smartphone, a fingerprint or facial recognition may be used to verify the identity. Some notebook computers are equipped with a fingerprint sensor.
- Software Authenticators: Smartphone apps such as the Google Authenticator, Microsoft Authenticator, and Authy provides TOTP codes for 2FA.
- Hardware Authenticators: USB and NFC keys such as the Yubikey from Yubico, Titan from Google, and FIDO U2F from Thetis are some of the examples of hardware authenticators.
Password Manager Comparison
There is a handful number of password managers available on the market today, and most paid versions offer the advanced features described above. The keys to making the password managers useful are ease of use and time-saving features such as the automatic webform population. Here are a few products that are worth considering.
| Devices | Offer Free? | Webforms | 2FA | Non-Web | Sharing | Price |
|---|---|---|---|---|---|---|
| Unlimited | Yes | Yes | Yes | No | Yes | $60/yr |
Dashlane offers a Free Version which is limited to 50 passwords, and on 1 device only.
| Devices | Offer Free? | Webforms | 2FA | Non-Web | Sharing | Price |
|---|---|---|---|---|---|---|
| Unlimited | No | Yes | Yes | Yes | No | $36/yr |
1Password currently does NOT offer free version of the software, but offers a 14-days Free Trial.
| Devices | Offer Free? | Webforms | 2FA | Non-Web | Sharing | Price |
|---|---|---|---|---|---|---|
| Unlimited | Yes | Yes | Yes | Yes | Yes | $30/yr |
Keeper offers a Free Version which stores unlimited passwords on 1 device only.
| Devices | Offer Free? | Webforms | 2FA | Non-Web | Sharing | Price |
|---|---|---|---|---|---|---|
| Unlimited | Yes (Best*) | Yes | Yes | Yes | Yes | $10/yr |
BitWarden offers one of the best Free Versions from the industry which stores unlimited passwords on unlimited devices with an ability to store credit cards, digital notes, and identities.
| Devices | Offer Free? | Webforms | 2FA | Non-Web | Sharing | Price |
|---|---|---|---|---|---|---|
| Unlimited | Yes | Yes | Yes | Yes | Yes | $35.88/yr |
NordPass offers a Free Version which stores unlimited passwords on 1 device only.
| Devices | Offer Free? | Webforms | 2FA | Non-Web | Sharing | Price |
|---|---|---|---|---|---|---|
| Unlimited | Yes | Yes | Yes | Yes | Yes | $36/yr |
Lastpass offers a Free Version which stores unlimited passwords on unlimited devices, but limited to websites only.
| Devices | Offer Free? | Webforms | 2FA | Non-Web | Sharing | Price |
|---|---|---|---|---|---|---|
| Unlimited | Yes | Yes | Yes | Yes | Yes | $23.88/yr |
RoboForm offers a Free Desktop version, which has no limitations. The free version is limited to websites only as it only supports desktop.
| Devices | Offer Free? | Webforms | 2FA | Non-Web | Sharing | Price |
|---|---|---|---|---|---|---|
| Unlimited | Yes | Yes | Yes | Yes | Yes | $12/yr |
Zoho Vault offers a Free verson for personal use. The free version has no limitation on number of passwords and devices, but it is only limited to passwords and doesn't allow storage of credit cards, digital nots and identities..
