In recent years, password managers have become increasingly popular with consumers.
They promise an end to the challenges of remembering numerous different passwords and security codes for online accounts.
Companies including RememBear, Enpass and LastPass have emerged to service this burgeoning industry, which aims to reduce the $56 billion lost to identity fraud in 2020 alone.
As the pandemic drives everything from work meetings to ordering drinks in the pub into the virtual world, there are now hundreds of password managers available to buy and use.
But what do they actually do? And why should you consider installing one?
Why is this a problem?
Let’s illustrate the issue with a simple test.
Imagine if the password on your favourite online account suddenly expired, and you had to think of a new one.
It’s inadvisable to use anything which could be guessed, such as pet names, memorable dates, or the rock band you air-guitar to when everyone’s gone out.
In the age of two-factor authentication and biometric data, passwords often have to contain a minimum of ten characters.
Did the password you thought of include a blend of uppercase and lowercase characters?
If you used two consecutive numbers, that tends to be rejected by password management algorithms.
You might also need to add a special character (including exclamation marks, hashes and ampersands).
Now you have a password you can use – until it expires, and the whole process begins again.
It’s especially frustrating since you’re not supposed to share the same password among more than one account in case it gets hacked.
Consequently, password managers have become big business in recent years.
Instead of having to remember 80 different passwords, you only have to remember the master password used to access your account, where other login credentials are saved on your behalf.
Think of password managers as front door keys. You don’t need separate locks on the fridge and TV, because the front door keeps unwanted visitors out.
How do password managers work?
After creating an account with a password manager utility and choosing a lengthy password, it will ask you to input login credentials for regularly used websites.
This data will be securely encrypted, and only supplied to the host servers when you visit a website requiring those login credentials.
The password manager will fill in ‘username’ and ‘password’ fields on your behalf, with cryptographic protection ensuring rogue agents can’t view the data being securely distributed.
Information is synchronised across multiple devices, with one account serving both a laptop and smartphone.
It may also extend across different web browsers, for effortless switching between Edge and Firefox, or between Safari and Chrome.
The services reviewed below are all compatible with Windows, MacOS, iOS and Android, while some additionally work on Linux-powered computers.
Password managers can also suggest random strings of alphanumeric characters and symbols for newly-created accounts, meaning you don’t have to generate your own login credentials.
Value added services
In isolation, password managers are extremely useful. However, certain brands and platforms also offer extra benefits:
- Some can remember multiple passwords for each platform – ideal if more than one person shares a particular device like an iPad.
- Others serve as authentication apps, simplifying the process of two-factor authentication (such as the SMS codes sent when attempting to log into a financial platform.)
- Many will flag up weak account IDs and suggest stronger alternatives, or advise you when existing passwords expire.
- Newer platforms also store personal information like addresses and debit card details, simplifying online checkouts.
- One or two will even notify you if any saved passwords turn up in databases of stolen or compromised personal data.
What are the advantages of using password managers?
The main benefit of employing such a service is simplicity. Providing you can remember a master password, you won’t end up locked out of any online accounts again.
Simply log onto the utility on whichever device you’re currently using (whole-home coverage is normally provided), and the manager software does the heavy lifting.
The complex character strings stored and suggested by password managers are more secure than relying on 123456 (amazingly, this remains the world’s most commonly-used password).
You don’t need to modify every bookmark in your web browser with an abbreviated reminder of a revised password, or scroll through bookmark lists hunting for reminders.
Many utilities go above and beyond the basics by offering full form propagation, authentication tools and other niceties which simplify the online experience.
Some even scan the Dark Web, checking if any of your saved passwords have been compromised. If they have, the utility will immediately notify you.
What about the drawbacks?
The main drawback is that you’re placing all your eggs in one digital basket.
If that company gets hacked, or an employee leaves confidential data at a bus stop (which happened to the Ministry of Defence recently), the thieves have the keys to your digital kingdom.
You’re also paying for a service that web browsers like Google Chrome will conduct for free – though it’s worth remembering the Opera browser has experienced a high-profile data breach.
Another drawback is that it becomes progressively harder to disengage from these platforms as time goes by.
You’ll quickly forget login credentials used to enter without thinking, and nobody would ever guess the manager chose y&vCde92vEG7#fGm as a password on your Boots account.
Forgetting your password manager login credentials effectively blocks access to every online service you use, since there’s usually no way to reset the master password.
Restoring access to every account stored in the utility would be incredibly time-consuming and frustrating – and potentially unachievable in certain instances.
Finally, while paying a few pounds per month might not seem like much, it adds up as the years go by.
Four password manager platforms worth considering
The relatively youthful NordPass distinguishes itself with dedicated browser plugins for most of the big modern web browsers, and it’s also Linux compatible.
It stores card and banking details, synchronising across up to six devices, with no limit to the number of passwords it’ll store. One of the few things it can’t do is automated form-filling.
As well as handling the basics, the user-friendly Dashlane monitors the dark web for data breaches, notifying you if saved passwords are discovered in compromised databases.
It can store scanned documents and receipts, while a VPN offers additional security when surfing the web. It’s expensive, albeit offering plenty of value-added services.
Keeper reprises Dashlane’s dark web monitoring, as well as flagging up duplicated passwords. It’ll support a household of users, with secure file sharing and encrypted messaging.
Accessed through a customisable interface, Keeper offers a variety of subscription offers and services, including secure messaging and file storage.
Like Keeper, 1Password offers family accounts supporting up to five users on shared or standalone devices. Its comprehensive coverage even extends to command line operation.
Its USP is a travel mode which effectively deletes any stored data during transit, reinstating it only once you’ve safely arrived at the destination.