What is my password?
For every online account we use, we create a username and password. A username is an arbitrary alias you create to identify your account, and a password is a phrase you create to authenticate yourself and differentiate yourself from others. The username and password pair is used as an authentication method for many decades, and this isn't going away anytime soon. Since we rely on username and password to log into online accounts, we must secure them safely by creating a strong password in order to protect your account from others.
Password Managers
In today's complex world, we have more than several dozen online accounts and having to create and remember strong password for every accounts is next to impossible. Using the same "strong" password for every account is also a bad practice as you may already know. How do you cope with the problem? The answer is password manager.
1. Are free password managers worth using?
A quick answer is YES, but you must be wary which password manager you use. The fact that a password manager can actually steal your online passwords, you must pick one from a well-known brand or one that has a good reputation. A couple of built-in password managers are from Google Passwords and Apple's iCloud Keychain. Using Google Passwords is limited to the Chrome Browser, and iCloud Keychain is only limited to Apple devices. Apple has an instruction on how to setup iCloud Keychain on iOS, iPadOS and macOS devices.
Aside from platform-dependent password managers like Google Passwords and iCloud Keychain, there are a handful number of third-party password managers that offer free versions. Most of them hit you with paywalls by limiting you to a small number of passwords or limited to one device. A few free versions that stand out with unlimited passwords and an unlimited number of devices include Bitwarden, LastPass, and Zoho Vault.
2. Do pasword managers get hacked?
The answer is YES, but it's very unlikely and there is nothing to worry about. Password managers are software packages developed by companies to help users maintain strong passwords. Even though password manager software may go through a rigorous testing cycle to make it as reliable as possible, it may include bugs like any other software. Cybercriminals may try to hack into security companies like password manager makers to steal millions of passwords, but gaining access to password vaults will not allow them to decipher real passwords. All password managers encrypt user passwords with the industry's strongest encryption, and no one including the vendor will be able to decrypt the password without the master password.
Multi-Factor Authentication
With the Internet changing our digital lives, we often deal with sensitive personal data, cybercurrencies, and investment accounts and it's devastating if someone gains access to our online financial accounts. We may potentially lose thousands or millions of dollars if the account falls into wrong hands. MFA or 2FA comes into play to protect our accounts further from hackers even if they have access to the username and password. Two Factor Authentication (2FA) is requiring a second form of authentication in addition to 1FA (username/password) to enhance our online security. 2FA is usually time-based and generates a TOTP (Time-based One Time Passcode) to authenticate a user.
There are several forms of 2FA mechanisms, and they include SMS, Email, Biometric, Software, and Hardware approaches. Upon successful first authentication, the system requires a user to enter 2nd form of authentication.
- SMS: A one-time passcode is sent via SMS. A user must have the phone to retrieve this number.
- Email: A one-time passcode is sent to the user's email address. A user must have access to the email account.
- Biometric: If authentication is required on a smartphone, a fingerprint or facial recognition may be used to verify the identity. Some notebook computers are equipped with a fingerprint sensor.
- Software Authenticators: Smartphone apps such as the Google Authenticator, Microsoft Authenticator, and Authy provides TOTP codes for 2FA.
- Hardware Authenticators: USB and NFC keys such as the Yubikey from Yubico, Titan from Google, and FIDO U2F from Thetis are some of the examples of hardware authenticators.
Password Manager Comparison
There is a handful number of password managers available on the market today, and most paid versions offer the advanced features described above. The keys to making the password managers useful are ease of use and time-saving features such as the automatic webform population. Here are a few products that are worth considering.
|
Devices
|
Offer Free?
|
Webforms
|
2FA
|
Non-Web
|
Sharing
|
Price
|
|---|---|---|---|---|---|---|
|
Unlimited
|
Yes
|
Yes
|
Yes
|
No
|
Yes
|
$60/yr
|
Dashlane offers a Free Version which is limited to 50 passwords, and on 1 device only.
|
Devices
|
Offer Free?
|
Webforms
|
2FA
|
Non-Web
|
Sharing
|
Price
|
|---|---|---|---|---|---|---|
|
Unlimited
|
No
|
Yes
|
Yes
|
Yes
|
No
|
$36/yr
|
1Password currently does NOT offer free version of the software, but offers a 14-days Free Trial.
|
Devices
|
Offer Free?
|
Webforms
|
2FA
|
Non-Web
|
Sharing
|
Price
|
|---|---|---|---|---|---|---|
|
Unlimited
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
$30/yr
|
Keeper offers a Free Version which stores unlimited passwords on 1 device only.
|
Devices
|
Offer Free?
|
Webforms
|
2FA
|
Non-Web
|
Sharing
|
Price
|
|---|---|---|---|---|---|---|
|
Unlimited
|
Yes (Best*)
|
Yes
|
Yes
|
Yes
|
Yes
|
$10/yr
|
BitWarden offers one of the best Free Versions from the industry which stores unlimited passwords on unlimited devices with an ability to store credit cards, digital notes, and identities.
|
Devices
|
Offer Free?
|
Webforms
|
2FA
|
Non-Web
|
Sharing
|
Price
|
|---|---|---|---|---|---|---|
|
Unlimited
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
$35.88/yr
|
NordPass offers a Free Version which stores unlimited passwords on 1 device only.
|
Devices
|
Offer Free?
|
Webforms
|
2FA
|
Non-Web
|
Sharing
|
Price
|
|---|---|---|---|---|---|---|
|
Unlimited
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
$36/yr
|
Lastpass offers a Free Version which stores unlimited passwords on unlimited devices, but limited to websites only.
|
Devices
|
Offer Free?
|
Webforms
|
2FA
|
Non-Web
|
Sharing
|
Price
|
|---|---|---|---|---|---|---|
|
Unlimited
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
$23.88/yr
|
RoboForm offers a Free Desktop version, which has no limitations. The free version is limited to websites only as it only supports desktop.
|
Devices
|
Offer Free?
|
Webforms
|
2FA
|
Non-Web
|
Sharing
|
Price
|
|---|---|---|---|---|---|---|
|
Unlimited
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
$12/yr
|
Zoho Vault offers a Free verson for personal use. The free version has no limitation on number of passwords and devices, but it is only limited to passwords and doesn't allow storage of credit cards, digital nots and identities..
June 12, 2019
How to Create a Stronger Password?
Do you use the same password for all your online accounts? Creating a unique and strong password for each of your accounts is the first step in protecting your privacy. Learn how to create a strong password, and augment with 2-factor authentication to secure your online accounts.
Learn more
May 19, 2017
What is Multi-factor authentication?
Multi-factor authentication also commonly known as MFA is an authentication process where more than one authentication mechanism is incorporated. A common implementation of MFA is the 2FA, which stands for 2-factor authentication. In a 2FA, two different authentication mechanisms are combined to successfully authenticate a user.
Learn more
August 9, 2019
Is password manager needed?
How do you manage your online passwords? You already know you need to create a strong password for each of your online accounts, and not to use the same password. Storing your password in a clear-text format defeats the purpose of using a complex password. Learn how password managers can help you manage your passwords.
Learn more
January 30, 2021
What is 2FA?
2FA (2-factor authentication) is a form of MFA where a user is required to supply 2 forms of authentication to allow access to the system. The traditional authentication system used the username/password pair to grant access to an account, but a growing number of hacking due to the use of weak passwords prompts the industry to offer an additional form of authentication to enhance the security of login access.
Learn more
March 16, 2021
What is Webauthn?
We are accustomed to username and password pair to protect our accounts whether that is a computer, bank account, smartphone, or personal email. We also know that password is not the most secure authentication method available today, and there are so many hacks and data breaches that threaten our security. Learn how WebAuthn can enhance your online security.
Learn more
January 29, 2021
Are you up for browser password managers?
Web browsers today offer a built-in password manager, and auto-populate username and password on the websites you visit. This is a very convenient feature offered by virtually all web browser makers including Google Chrome, Safari, Firefox, and Microsoft Edge. The question is whether you can trust browser password managers to store your passwords without a security risk.
Learn more