Not All Password Managers Are Created Equal: Which is the Best?

Web-based password managers have emerged as a response to the proliferation of web applications.

As more of our daily life moves online, we’re using an overwhelming number of web services, each of which needs login credentials. But having multiple accounts doesn’t mean that we have multiple passwords: 78% of younger web users use the same passwords on multiple websites. Today, many services give you the option to log in using your Google or Facebook account. But by doing this, they also collect additional information about you--which is undesirable for an individual and unsafe for a business. To help people manage their growing pool of online accounts, password management software has emerged as a solution that offers secure password generation, storage, and timely updates.

Password managers: A world of options

Password managers can vary from standalone desktop applications to a part of a web or cloud service.

Device-based password managers were the first solutions to enter the market. They’re not associated with other applications, and store passwords locally on your phone or computer. Password managers are still widely used in cases where most web use is on one device that isn’t being shared. Newer versions of password management software work across multiple devices, with manual synchronization of devices via the Internet. Local password storage works well for stationary computers, but it becomes an additional risk factor with mobile devices: If you lose your phone, all of your passwords can be easily stolen.

Web-based password managers have emerged as a response to the proliferation of web applications.

This type of software lets you sign in to a single web-based “security vault” from any computer or mobile device that’s connected to the Internet--and enables you to retrieve all passwords for each device, regardless of the operating system that’s installed.   

Cloud-based password managers are an extension of web-based password managers. With these applications, all encrypted passwords are stored on a cloud service provider’s network, and the service provider is responsible for their security.

Password managers that use embedded security hardware are an extremely secure but less common option. They rely on hardware inside your device, such as a chipset, to store and encrypt data. Only a person who has a passkey, a fingerprint, or both of these credentials can retrieve that data. These types of password managers should be used if there is a high risk that your device may be physically hacked.

Single sign-on (SSO) is a different approach to password management that allows you to use one single password for every online application. SSO can be viewed as a  “trust relationship” that’s set up between an application (also known as a service provider) and an identity provider. To set up a trust relationship, these providers exchange a certificate that is used to prove identity information.

In general, web- or cloud-based password managers are the most widespread types of password management software used today, as they come in different forms (like browser extensions or desktop/mobile apps). Many people use the free built-in password management features that come with their browser, but the biggest drawback here is that there’s no synchronization between browsers: you can have all your passwords automatically stored in Chrome--but if you open Safari, they’re not there. In contrast, dedicated applications offer more flexibility to switch between different platforms, browsers and devices. 

Features to look for

Now that you know the different types of password managers available, what are the key features worth paying for?

Here’s a shortlist: 

• Generating hard-to-crack passwords: Almost every password manager auto-suggests strong passwords, but the most advanced applications use special algorithms to generate combinations of letters, numbers and special symbols that are more difficult to crack.
• Enabling two-factor authentication (2FA) or multi-factor authentication (MFA): This is a key feature that requires a user to verify their identity by adding information from an additional security token, bank card, or biometrics.  
• Secure sharing between users: This feature can be most helpful if you need to send a specific password to a colleague or family member. Secure sharing lets you switch account access between users without losing any data.
• Storing varied sensitive data: Certain password managers can function as  “secure vaults” that can store sensitive data, such as corporate bank accounts, credit card numbers, employee files.
• Enabling role-based permissions: A key feature that’s mainly used by employers, it lets IT administrators assign different levels of access permission to different people, depending on their position or rank. This ensures that employees only access information on a “need to know” basis, which protects an organization’s sensitive data and reduces server use.
• Autofill – the ability to automatically fill in online forms or profiles makes it much faster and easier to use an online service. Different password managers offer different approaches, using stored credentials, personal data and/or credit card numbers to complete online forms more rapidly. 

Features that stand out

Beyond the features offered by any reputable password manager, the real difference comes from the extra services that selected providers offer along with their core application.

Mobile password managers, for instance, may provide a secure browser that’s integrated with the autofill component. This browser can protect your credentials and block trackers and cookies from monitoring your browsing history.

Another attractive feature is a duress mode. This added safety measure protects you from being forced to share your password by letting you log in to a system while silently sending a panic alert--like a duress code that warns about a hostile intrusion. With the duress password, all sensitive data is deleted without any trace, and the only data that appears is unimportant neutral information.

Password managers can also be one part of a larger security bundle solution that may offer a variety of preset or tailored options, from antivirus protection and firewalls to VPN services.

Finally, when you choose a password manager, you’re also choosing a company that will hold your sensitive data. And as with any service, response time is a critical factor. So, to be sure that your passwords will be protected even in case of an emergency, it’s important to look for a service provider that offers prompt and efficient user support.

Our minds may be flexible and creative, but ultimately they can’t compete with machines when it comes to memory or the ability to generate randomized sequences of letters and numbers. Dedicated software is the best option for keeping and managing the many credentials we use for all our online accounts--but it’s up to us to choose wisely.

What are the critical features needed for password management software in your organization? Do you need extra physical protection? The ability to share passwords between team members? How many authentication layers do you need so that your systems are secure but not too complex to use? 

The choice is yours.