Password Managers FAQ

At first password managers seem like simple programs intended to make the lives of internet users easier by storing logins in an encrypted vault. However, the truth is that password managers are intricate programs that can not only handle those online accounts, but also any other data that is deemed to be sensitive, such as credit card information, software licenses, router settings, ID documents, and more.

Although password managers exist in various forms – as desktop programs, mobile apps or online vaults – there is one major thing that they all have in common: each password entered into the vault is encrypted with military-grade encryption, making them invisible to everyone but the program’s user and people with whom the user shares data via the program’s secure sharing interface. This makes password management programs much safer than the built-in solutions of web browsers, which almost never encrypt the data saved in their vaults. Additionally, the storage of many password managers can also be protected by two-factor authentication, which requires the program’s user to enter a secondary, temporary passcode after providing the master password, the virtual key to the software’s vault.

It’s worth noting, however, that this master password is actually the only password that you will have to remember, as everything else – including the autofilling of passwords into the appropriate login screen – is taken care of by the software. Not only are passwords automatically imported from each web browser via convenient extensions, but you’ll also be given the option to replace any weak original logins with more complex ones generated by the program’s built-in password generator. In addition to that, such software can monitor everything that is entered into its vault at all times and can even inform you if passwords are in need of changing. Many password managers also check the websites of your stored accounts on a regular basis and will send an alert should a security breach have occurred and recommend the necessary replacement of the potentially compromised password.

But to really enhance the convenience of use, the multi-faceted nature of password managers means that they can also work across multiple platforms as well. Firstly, all password managers come with a smartphone app that contains all the same features of the desktop version, alongside the option to unlock the vault with a PIN code or even a biometric authentication method like a fingerprint. Secondly, thanks to the cloud syncing function, all vaults belonging to the same subscription can be synced to ensure the same passwords and other credentials automatically match across the user’s various platforms. This is a huge asset should the program be installed on a new device, but it can also serve as a backup storage for passwords should the software – or even the hardware it is stored on – fail for some reason. And before you ask, yes, cloud syncing is perfectly safe, since any data uploaded to the cloud goes through the same encryption as everything else that enters the password manager’s vault.

Despite seeming like a complex system where every feature is related to one another, it’s actually quite easy to understand how password managers work. Basically, a password manager is a digital vault that stores your credentials that are either added manually or have been imported from your browser via a clever add-on. This vault’s content is then made available for all connected devices that the password manager is installed on – thanks to cloud syncing – but since it’s always protected by a specific password it’s only you who has access to the data within the connected vaults.

However, this is just the surface. By going deeper you’ll find that a password manager has many surprises that not only make the program safer but also much more convenient.

The vault

This is considered to be the heart of every password manager since this is the digital storage where all your passwords and other credentials can be found. Due to its importance the vault is the most protected part of any password management software, meaning that it is only accessible to those with the so-called master password – the virtual key to the vault.

For security purposes most password managers allow users to further protect this vault by adding a secondary authentication option, which is usually a passcode generated by a special app or a fingerprint for biometric confirmation.

The browser add-on

If the vault is the heart that makes a password manager work, then the free browser extension is the vein that connects the software to the browser. In fact, it’s one of the most useful features of password management programs since not only does it import your passwords and other credentials from the browser to the software’s vault, but it also works the other way around by automatically filling out the input boxes of login screens and online forms. However, there’s more, as the add-on also lists all stored passwords and their associated websites, allowing you to be directed to the desired page with a single click and – if the program is advanced enough – even automatically log you into the account.

It’s worth noting, though, that these add-ons are the most vulnerable part of password managers, since they don’t receive the same treatment as digital vaults when it comes to security.

Mobile apps

The mobile app is usually a carbon copy of the desktop password manager where its features are concerned. In fact, if the cloud syncing option is turned on – of which we’ll talk about soon – the app’s own vault can be automatically filled with all the same credentials stored in the main password manager software. However, most mobile apps can even be more advanced than their computer counterparts as they often provide additional options for unlocking the vault, such as a four-digit PIN code or a fingerprint.

Additionally, apps typically come with a built-in, secure internet browser as well, which isn’t there just for decoration; using this special browser is the only way that autofilling is possible on mobile devices.

Additional authentication options

The default method for unlocking the password manager’s vault is by providing the master password, but in most cases these programs and the sensitive data saved in the vault can be further protected by adding a secondary authentication option into the mix. Usually this is achieved by pairing a two-factor authentication app like Google Authenticator with the password manager, but there are rare instances where it’s the program itself that provides this app.

Cloud syncing

Although this is a feature that is only available to premium subscribers, it’s essential if you want to avoid the hassle of setting up the software on a new device. By activating cloud syncing not only can you save credentials to the cloud for backup purposes, but you will always be able to access the same up-to-date credentials regardless of the device the password manager is used on. And if that’s not convincing enough, all passwords are encrypted before entering the cloud, which makes this feature more than ideal for sharing certain credentials with others without the need to leave the password manager’s safe environment.

It’s not only that the use of password managers is convenient, but it’s the safest way of protecting all your logins and any other sort of sensitive data. To be completely honest with you, owning a password manager is the only logical thing to do since neither Excel spreadsheets nor password logbooks can provide such a high level of convenience and security that is available with password management software.

Why is it a blessing?

For starters, advanced password managers always encrypt the data entered into their vault with military-grade encryption – which is the same level of security provided for online banking. It’s for this reason that downloadable password managers are without doubt a better option than the built-in password managers of web browsers that don’t even encrypt logins and forms, in turn making them vulnerable to hacking attempts. And if that’s not enough, password management software is capable of doing exactly the same thing as its browser-based counterpart, allowing for the autofilling of passwords; the only difference is that due to the extra protection provided by its encryption, all data remains hidden from prying eyes until the login is made.

However, it’s not just unwanted parties for whom the data is invisible, in fact the encryption is so strong that not even the password management software’s developers can find out what is stored inside the user’s personal vault or learn what kind of data they have synced between the various devices connected to the company’s cloud. What the company does know, however, is whenever a website the user has stored in the vault is compromised, and it will promptly alert all users to change their passwords and therefore preventing data theft and any further damage. Password managers are programmed in such a way that they will even evaluate the strength of each password that is entered into a vault, rating users’ passwords from a security standpoint and highlighting those that need to be replaced with more complex ones generated by the software’s built-in password generator.

These password management vaults only require memorizing the master password, but beyond that it’s even possible for vaults to be protected by either physical security tokens or by the more common two-factor authentication apps. Once this option is activated nobody will be able to enter the password manager’s storage without first providing a secondary passcode, which is the most effective line of defense should the master password ever manage to be compromised.

The fault in our password managers

Even though password managers are indeed your best option to protect valuable data from hackers and other wrongdoers, they are, unfortunately, not infallible. Thankfully, the list of problems is relatively small when compared to the advantages of these programs, though they could cause some major headaches if they aren’t properly dealt with.

Out of all the issues with password managers the biggest problem by far is related to the most convenient feature of all, the browser add-on. Unlike the password manager itself the extension is always a step behind security-wise, meaning that these handy tools are in fact the only backdoor hackers could use to compromise these solutions. Admittedly, the companies behind password managers are always alert, releasing the necessary security patch as soon as possible, but as the constant attacks against LastPass prove, they are far from enough.

The other weakness of password management software is the master password, which is worth absolutely nothing if it doesn’t comply with the rules of creating strong passwords – which is the reason why people are trusting such software to begin with. And if there is no two-factor authentication option on board your chosen software, then the master password would essentially end up being your only line of defense against hackers. And there is no need to explain what might happen if that password is compromised…

Simply put, the use of a password manager is a win-win situation. Such tools are much more secure than any Excel spreadsheet, in-built browser password management – which are the worst option of all due to their overall vulnerability – or weak but memorable passwords. But they’re also highly convenient tools that makes the browsing experience even more streamlined.

What do you get with a password manager?

The password manager is not just a simple tool designed to replace sticky notes containing all your passwords, it’s a powerhouse that protects your online identity while making your life easier than ever.

Aside from the fact that the password manager reduces the number of passwords that you’ll need to memorize to just one – the master password, basically the virtual key to the vault containing all stored passwords – it also has the functions to store other types of data too, such as credit cards, ID documents, software licenses, and so on. Once all the information has been imported from your browsers via the password manager’s free add-on – which also autofills the necessary data and saves new logins into the vault – you’ll then be the sole person with access to the credentials stored within the password manager.

Ultimate password security

There is no reason to be concerned when it comes to security either, since the vault can be further protected by pairing the software with two-factor authentication. Passwords are evaluated by the program, too, with weaker ones being replaced by virtually unbreakable ones created by the built-in password generator.

To top it all, password managers are multi-platform solutions that are adapted to practically all known operating systems. This means that the same program can be used on multiple devices and, if you want, all these apps could share the same credentials thanks to the option to sync the contents of your vault via cloud syncing, which uses the same military-grade encryption to hide passwords from prying eyes.

Free vs paid

The good news is that most password managers are available for free for an unlimited time, and often have none of the most important features blocked. The bad news is that other useful features – such as two-factor authentication, the syncing of vaults, or unlimited password sharing with other users – are usually part of a premium subscription.

However, it’s worth noting that even the most basic of password managers ensure that the necessary features to keep credentials safe are present. However, for the fullest experience it’s recommended to opt for a paid version, which usually doesn’t cost more than $3 a month – a price that can be further reduced by opting for longer subscriptions and making use of any coupons and discount offers.

Trial and error

Picking a password manager can go one of two ways. It could turn out to be the exact software that you were looking for, or something that isn’t worth keeping. That’s why opting for free trials and money back guarantees should be considered: this way users can take the unlimited version of the chosen solution for a test drive and could either decide to keep the service or look for a completely new one.

Should the latter happen then moving to a new password manager is easy. For starters, the data can be saved as a .CSV file, which can then be simply transferred to the new program. Additionally, if the program is uninstalled, then all those credentials left in the vault go with it – and not even the password management service will be able to recall them.

If we want to be more precise, perhaps the question should be “why am I not using a password manager yet?” Security experts say it is the best way to make sure that all accounts you have registered on the sites you regularly visit have unbreakable passwords.

Since all major password management software has a browser add-on, importing your existing account credentials and saving the new ones to the program becomes ridiculously easy. Most password managers evaluate the strength of each of your passwords or even notify you if the site you are visiting has been affected by a security breach. No matter why the password has to be changed, users can make the necessary modifications with a flick of a switch, even using the built-in password generator or, in certain cases, fetch a new password from the online password generator of the same company.

You don’t need to worry about remembering those complex passwords either: the use of the password manager only requires knowing a so-called master password. Other login credentials are either stored in the cloud or on your device and are either immediately displayed when logging in to the chosen site or the program logs you in automatically. These programs are also capable of importing password spreadsheets – provided it is in a format the manager can handle – but the process works the other way around as well.

Not to mention such a program works across different platforms, meaning that passwords from a number of various devices (e.g. smartphones and tablets) that the software is installed on can be imported into your password manager account. Speaking of smart devices, if you want to add an extra layer of security, the vast majority of password managers provide the so-called two-factor authentication (2FA) that makes breaking into your accounts virtually impossible.

And as a little extra password manager users can share their passwords with others via a secure environment, while other data can also be stored in the very same safe storage your passwords are kept in.

And what about the disadvantages?

Unfortunately, since password managers are programs that heavily rely on the internet, they are vulnerable to hacker attacks. The biggest security concerns are usually related to the mobile apps and the browser add-ons, which are the most sensitive parts of these programs and more commonly the least secure aspects of a user’s digital life. But thankfully when a security breach hits any of the password manager companies, they immediately alert users informing them of what needs to be done to minimize the damage and quickly release any necessary patches.

A bigger problem not related to security is that the free versions of password managers are limited: although this kind of software operates with ridiculously low monthly fees, they often omit the most crucial features from the free version, risking the data of those using the software for free. And as an added bit of funny trivia, the man who originally created the whole ‘use complex passwords everywhere‘ concept has confessed that the idea may be ineffective after all; in other words, some people believe it’s better to stick to a strong password you can easily remember than rely on an incomprehensible line of characters that password generators and managers create for us.

Still, even with the above disadvantages in mind, having a limited free password manager with only the most essential features is better than having no password protection at all and offering your most precious data on a silver plate.

Many security experts and some guidelines suggest that we should change our passwords frequently. While good security practices are worth following, everyone knows of the frustration and annoyance that occurs when a notification pops up requesting a change of account password for security reasons.

Why you should change passwords regularly

The debate around the benefits of frequently changing passwords has been around for a long time, and there are pros and cons to doing so. Many security experts agree that increasing the frequency of password changes increases account security as it reduces the window when cyber criminals can have to access your account should your details be hacked in some way.

The drawbacks of changing passwords too frequently

While corporations and businesses may have their own rules for its employees, the focus here is on everyday users for online accounts. As such, everyone should ask themselves two basic questions before applying a personal password policy:

1. Will changing the password frequently actually increase security?
2. How does this impact the user (you)?

Studies across all industries have shown that instead of strengthening it, frequent password changes reduce security. The reason is simple: humans tend to re-use the same password, or variations thereof, across multiple accounts and that makes the password-cracking process easier.

Below we will take a look at how frequently you should change the password for the most popular services that play important roles in daily life. There are of course guidelines worth following but a healthy amount of personal control is always recommended when it comes to password-changing policies: in some cases it makes sense to change them frequently while in others it does not, and often the decision comes down to your own preferences.

How often should you change the master password?

The master password is the key to all your data stored in a password manager, so it makes sense not to change it at all. Here is why:

• A memorable and cryptographically secure master password is the best way to protect your data. It may be a hard process for many to come up with a strong master password, but that also makes it hard to crack.
• Changing the master password means you’ll need to relearn the new one. Usually that will take a few days with a truly secure password, and that’s hassle you want to avoid because it only adds another stress factor onto your daily workflow.

Change the master password only if you are using a weak one, otherwise just leave it as it is – a suitably secure password will stop any hacker from brute-forcing their way into your password manager anyway.

How often should you change your Facebook password?

As often as you are comfortable with. The best way to protect your Facebook account is to enable two-factor authentication. Still, keep in mind that SMS codes aren’t considered secure due to a flaw in how the cellular networks work, so use a third-party authentication app such as Google Authenticator or LastPass.

How often should you change your Wi-Fi network password?

If you are installing a new router, then change the default password immediately and customize the network name at the same time. Use a cryptographically secure password and encryption so you can take the bother of regular password changing off your mind. It’s recommended to use a password manager to store these credentials, especially if you already need to deal with an abundance of passwords. Change the password at will, but you don’t have to do it every six months.

How often should you change your Windows/Mac os password?

Like with every device used in public places where others (such as coworkers) can eavesdrop, it is recommended to change your account password from time to time. Security experts say it’s good to change these passwords every three months but it is up to you to decide if you are comfortable with this timeframe. If the computer is only used at home, then there’s no need to consider changing it.

How often should you change your online banking password?

Financial institutions will usually prompt users to change their online banking passwords if you haven’t done so within the company’s preferred policy period. Always use two-factor authentication if available and ask for SMS or push notifications for every transaction that is made. This way you can easily identify unauthorized transactions. If the bank doesn’t prompt for a new password within a year, then it’s a good idea to do it yourself and store the new one within a password manager.

How often should you change your Apple ID password?

If you have two-factor authentication (2FA) enabled, then no one without physical access to your device can access your account without the piece of information displayed on the trusted device. If you can’t enable 2FA, either change the password from time to time (every year) or use another second layer of security available such as two-step verification.

How often should you change your Google password?

The frequency of a password change is also influenced by the data it protects. Enable two-factor authentication with Google to make your account more secure and reduce the stress of frequent password changes. Otherwise it is recommended to change the password every year.

The best way to change passwords quickly

Coming up with a secure password can be a challenge after a while, but this is where password management applications are of great help. They don’t only reduce the burden of memorizing unique passwords, but they also keep track of the authentic URL for sites that you are registered with, keeping track of any usernames and passwords you sign in with.

On top of that, password managers have features that know how old those passwords are and their security level. This piece of the puzzle helps users stay informed on the status of their passwords and if the user considers a password change to be a must, then it is possible to get it done with just a single click – even with multiple passwords at once.

The short answer is yes, it’s safer to have a password created by a generator than to use one that even a mediocre hacking tool could crack. However, the longer answer requires a more in-depth explanation.

Using a password generator is one of the best ways to ensure optimal account security. While some online generators like RANDOM.ORG only let users customize the length of their new passwords, others like PasswordsGenerator.net allow the inclusion or exclusion of various characters and even provide tips on how to independently create strong passwords.

The greatest advantage of these online services is that they are free. However, unlike password generators included in paid software packages, online password generator tools are not completely flawless.

The risk of online password generators

Although randomly generated passwords are unique and difficult to guess, there’s no guarantee that the online generator isn’t keeping a copy of the new password. This means users may unknowingly end up providing access to all their accounts.

In addition, the online tool may well be using the HTTPS communications protocol that most secure sites do, but this is far from bank-level encryption. So if the password generator’s site is compromised, then your passwords may be too. Moreover, many websites offer to store generated passwords in encrypted databases for users. This may sound advantageous at first but will only tempt cybercriminals to hack the database, which may result in them stealing millions of passwords in one go.

If that doesn’t hammer home the risk of using online password generators, RANDOM.ORG actually discourages using these free tools to create passwords. However, it suggests that if users do, it’s best to avoid applying these passwords to accounts containing highly sensitive data.

How to keep online generated passwords safe

Obviously, users don’t have to avoid online password generators entirely. There are various ways to keep generated passwords safe, starting with surfing the internet in incognito mode to prevent the web browser from automatically saving user data.

An even better solution is to use free online password generators provided by password managers, such as LastPass or Dashlane. Not only do these services offer all the benefits of a regular online password generator, but they also guarantee that neither the internet service provider nor the software developer is storing your new password.

Randomly generated passwords are definitely harder to crack than those created by users themselves. However, hackers are always seeking holes in security and malware is constantly becoming more evasive, so it’s important to use powerful cybersecurity tools like password managers to keep personal data safe. As the saying goes, prevention is better than cure, meaning users shouldn’t wait until the damage is done to secure their passwords.

Although any solution that makes the lives of internet users easier when it comes to passwords should be praised – we all know the difficulty that comes with memorizing a bunch of complex passcodes – but using any of the best-known web browsers to keep important credentials safe is an exception from that rule. In fact, no matter how convenient it may seem to be able to save everything into a built-in password manager within your chosen browser, under no circumstances should this method be used for storing such valuable data.

Why browser password managers should be avoided?

Vulnerable Coding

The basic working principle behind the built-in password managers of browsers is the same as that of third-party password management apps. They offer users the option to save the credentials of an online account whenever it is entered into a webpage so that it can then be recalled when that particular page is visited again.

Both in-browser tools and bespoke software save time and the struggle of memorizing complex passwords, but unlike professional software – which uses military-grade encryption that cannot be compromised – the functionality of browser password managers means that they aren’t invulnerable. Simply put, a hacker can easily bypass the default protection methods applied within browsers and have access to all the sensitive data stored within in just an instant – as almost happened with Microsoft Edge in early 2017.

Sharing is not caring

What’s really concerning about password managers within browsers is that each time the program is opened you are automatically agreeing to share your data with unknown parties. Google Chrome is already notorious for its shady privacy policy that forces users to make certain modifications to their privacy settings in order to prevent third parties from prying upon them. Combine this with the fact that Chrome’s built-in password manager isn’t password protected and it becomes real nightmare fuel for both security experts and users alike.

Incomplete protection

Admittedly some browsers do provide additional security features with their password management. For instance, both Firefox and Opera lock their built-in password managers with a master password to prevent credentials from being compromised at a local level. Opera even goes further in that regard, since it has a built-in VPN with which users can make their data traffic invisible from prying eyes with a flick of a switch.

However, this type of local protection is immediately lost when data syncing is involved. This is especially evident in Firefox, where the master password has to be disabled to start online data syncing between devices, which sadly makes the whole protection created by Firefox useless.

Password managers are (still) your best option

The average internet user has no idea how many ways stolen personal information can be misused, but what’s certain is that in the end it’s always the user themselves who will be in a pickle. As such, storing sensitive information safely is crucial, and that’s something you won’t get from browser password managers. Third-party password management solutions, however, provide outstanding safety features with which you can be certain that any information stored in the software’s virtual vault remains untouched by wrongdoers.

For starters, the military-grade encryption ensures that passwords, credit card data, IDs and whatever else is hidden from anyone that doesn’t possess the master password, the key that decrypts the data and unlocks the user’s credentials within the vault. In addition to that, password managers can evaluate the strength of each entered password and if any are deemed weak, then it can be highlighted alongside the option to replace it with a new unbreakable one generated with the app’s password generator. But what really makes password managers a must-have is that they can seamlessly integrate with any browser via add-ons that provide the same ability to save and recall credentials that browser password managers offer alongside the added bonus of the utmost data safety.

The internet has three layers: the surface web, the deep web, and the dark web. The first refers to websites regulated by search engines and is used daily by most people. The other two terms are often used interchangeably, but this is inaccurate. While the deep web is accessed all the time, such as when you log in to your email or online banking, sites on the dark web are heavily encrypted. You need a special browser, such as The Onion Router (Tor), and top-notch internet security to access these.

Although the dark web is typically associated with cybercrime, it isn’t only a place for illegal activities. For example, artists based in countries with heavy censorship upload their work to sites on the dark web to share it with their fans. It’s also quite telling that the American government actively supports the Tor project. Still, if your personal data ends up on the dark web, it means hackers have breached at least one of your online accounts and are trying to sell your information.

Dark web monitoring

Cybercriminals use the dark web to buy and sell stolen data about you or your business. This is dangerous on many levels: if hackers steal your identity, they can commit crimes in your name or significantly damage your company’s reputation.

Dark web monitoring tools search the dark web and notify you if they find your stolen data. These services regularly sweep through the thousands of dark web pages, looking for previously specified information. That is, you choose if you want them to look for email addresses, social security numbers, passport information, medical identification numbers, and, of course, financial details.

It’s possible to check the dark web for stolen data manually as well. But if you’re new to this, you should never access the dark web on your own. Other than the fact that it’s rather complicated, it’s like choosing to walk into a lion’s den, as hackers can track you easily if you don’t know what you’re doing. Moreover, governments are generally suspicious when somebody accesses the dark web. Instead, visit the website Have I Been Pwned to check if your information is on the dark web – all it requires is an email address.

Password managers also come with dark web monitoring tools. They scan the dark web for your credentials and warn you when your data is found. The best part is that some password managers make it really easy for you to update the accounts that have been breached, taking only one click to change them.

How to keep your information off the dark web

The best protection is prevention. Improving your password hygiene with a password manager and using one-time passwords (OTPs) to authenticate yourself is your best bet. It’s also wise to get educated about different hacking methods, such as phishing, malware, ransomware, and social engineering. Unfortunately, there are situations when data ends up on the dark web regardless of all this protection, such as when a cyberattack affects an entire company. If you discover that your sensitive information has been stolen, identity theft protection may be able to help you retrieve it.

First things first: it would be great to find out how the service was hacked and, more importantly, whether the hacker got hold of your data. If you notice an unusual login or transaction that’s only applicable to you and haven’t read about the password management service being hacked, then it could mean that a cyber criminal has somehow found a way to get hold of your data. This could be via a keylogger, malware, or other methods of infecting your computer or mobile device.

The best thing to do in such a case is to reinstall the operating system and restart your computer or mobile device from scratch to fully eliminate any malicious software from it. Change your device password and master password immediately after doing this.

Change passwords

Once this prepping is finished, log into the password management app and change the passwords for all important accounts such as online banking, email, and the like. Basically, you should take the same approach as with phishing thefts: change the password and activate two-factor authentication everywhere that it is available.

Choose another password manager

If the password manager’s central database gets hacked, then it is up to you to decide whether to stay with them or switch to a more secure service. Do some research: google the service provider’s name and the word “hack” to see if it had been hacked before. If it has happened more than once, it may be a good time to pick another one…

It goes without saying that even the most reputable password managers, like any company, can run into problems that aren’t their fault. We don’t have to go back too far in time to find that OneLogin, LastPass, Keeper, Dashlane were hacked, while even 1Password has had bugs identified and addressed during the last couple of years.

Sadly this list of big names proves that a breach can be inevitable because if a developer doesn’t mitigate the risk by taking into consideration one or more potential attack scenarios, then cyber criminals will find the Achilles heel of the service and gain access to user data.

What makes the difference, however, is whether such hackers will obtain user data in plain text or an encrypted format. If they do somehow get into the system then you are completely exposed with data stored as plain text, but if the latter is true then the hacker has a lot more work to do because all they will get is strings of gibberish.

How to keep yourself informed

If a password management service communicates well with its users, then you’ll get an email or notification shortly after they notice a data breach. If you’re concerned, it’s good to keep an eye on your emails and distinguish between phishing scams and legitimate messages sent by the service provider. Regularly check the newsletter, blog, or social media channels to stay informed about the system status of the password management service.

Another great source of information is the news. Various blogs and media outlets will report a hack if one has occurred and even mention the name of the service. Check the social media feed of your preferred news service to keep yourself up to date with what is happening in this area.

Basically, every password manager has the same working principles: keeping your most sensitive data safe. But with that in mind there are many other aspects that could determine which solution suits you the best, such as the overall strength of the software’s security, its list of additional features, and of course the price.

Security

By far the most important aspect of any password manager is how well it protects the credentials that are entered into the software’s so-called vault – and this should always be the first thing in mind when considering the purchase of a password manager. Thankfully there are a number of high-quality password management programs that are champions of security that cannot be compromised thanks to their military-grade encryption – the same method used for internet banking.

How password management solutions do differ, however, is where that encryption happens. In that regard, there are both password managers with only a cloud vault – like LastPass – and those that operate with a local storage. Although both types of password managers are secure, those solutions that encrypt data locally are better as local encryption ensures that hackers cannot access and decrypt the data without the master password even if the device that the software is installed on is compromised.

Another important aspect is whether or not the password manager is capable of handling two-factor authentication. In most cases the program has to be paired with a third-party two-factor authentication app – like Google Authenticator – but there are rare instances where the necessary app is actually provided by the password manager’s developers.

Mobile app

One of the biggest advantages of password managers is that they always come with a smartphone app that is capable of everything that the desktop program is. Although this is indeed a great asset, a good password management app should have its own merits, too. Simply put, ideally the app will possess advanced features like the option to access the vault through fingerprint detection, a built-in browser that supports the autofilling of passwords, or the ability to serve as a tool that authenticates other devices whenever the program is installed elsewhere.

Additional features to look for

Aside from the option to store an unlimited number of logins and other types of credentials – ID documents, software licenses, credit card data etc. – a decent password manager should be equipped with many other features to make the use of the software as safe and as convenient as possible.

One such feature is the browser add-on, which not only fetches credentials stored in the browser’s own vault and will prompt you to save your logins when first accessing an account, but it also autofills any data already saved to the appropriate place – be that a login screen or an online form. Another feature to keep an eye out for is the password evaluator, which measures the strength of each password and can even display the overall security score of your vault, highlighting and enabling you to take countermeasures should your password be deemed too weak.

The password manager should also be capable of cloud syncing, which is crucial for having the same data up-to-date across all devices that the software is installed on. And then there is password sharing, a feature that families and teams – who are usually recommended to use the same program for convenience – will find particularly useful. With this option on board users can send and receive passwords without leaving the encrypted interface of the password manager.

Pricing

The good news is that the majority of password managers can be used for free, sometimes even with none of the most important features limited. The bad news is that certain bonus features of convenience like the cloud syncing or unlimited password sharing are only available for paying users.

Thankfully, these premium versions of password managers are typically available free for first 30 days of use, meaning that the program can be taken for a proper test drive without any restrictions. However, it’s worth noting the low monthly costs of subscribing to an unlimited password manager, which is especially true if you either subscribe for a longer period of time or purchase a larger number of licenses to share with a family/team, since the per capita costs are cheaper as a result.