Password Manager Apps

My posts about passwords over the last few weeks have generated requests for information on password manager apps. As this is quite a complicated subject I thought it warrants an article.

Most of us have apps on our phones, tablets, computers and other devices for a mixture of pleasure and work all of which require unique passwords. Yeah right, you say there is no way I can remember passwords for around 1,100 logons (in my case). You are of course absolutely correct, and you are not expected to remember 1,100 or even 100 passwords.

Using a password manager app means you do not have to remember a password ever again! Well, only 1 - to access your password manager.

What Happens if the Password Manager Company is Hacked?

This is the number 1 question I get asked! So let's address it right at the start.

There is a possibility that the password manager is hacked. The various companies are aware they are a prime target for the threat actors (hackers in English!). If they succeed in getting into the password vaults of the customers of the password manager companies (where all your passwords are stored in a password manager app) the threat actors have access to many thousands of people's apps, bank details, payment cards and all the data necessary to steal money and identities.

The password manager companies are well aware of this and that if they do lose your information they also lose their business. The password manager companies employ military grade security technology and practices to protect your information and ultimately their businesses.

Even if the threat actors get in to the password manager company unless they crack the encryption for your personal vault all they will see is the encrypted records of each access credential, that will not make any sense to them but look something like a row of hashes (####).

There is a risk but it is well managed.

If your own access credentials to your password manager app and personal vault are weak then it is you that has been hacked and not the password manager app. Always use a memorable password phrase or complex password generated by the app and 2 factor accreditation. Never be tempted to use the this password for access to any other app.

What are the Advantages of Using a Password Manager?

As I have said in the opening paragraphs you will only need to remember 1 password for ever more and that is your password manager app password! So make it a good one (see last week's post on password structure)

Password Structure

Most password managers allow you to set a format for your password, for example:

1. The length of your password - at least 8 characters please!
2. A random or complex password meaning upper and lower case letters, numbers and special characters like #.
3. A memorable password which is a password phrase.
4. Should you need a PIN code the password manager will also set this, just elect how long you want it to be.

Password Generation

For me this is the most important function. The password manager generates your password according to your requirements set in Password Structure above. No more thinking how can we make a password complex just click on generate password and a complex password, password phrase or a PIN code is generated.

The Password Manager Integrates With All Your Devices

The password manager integrates with all your devices and will fill in your logon credentials automatically into the chosen app you are accessing.

It can take a few adjustments to get the address right for it to automatically fill in the details but once achieved you are all set. In the interim you can copy and paste the user name and password.

Your Password is Securely Stored

No more notes, word documents or handwritten books of passwords at the mercy of the threat actors. All your passwords are securely stored in your personal vault.

Use the Password Manager as the 2FA Authenticator

Some password managers also incorporate functionality to allow you to use them as your 2FA authenticator.

What is 2FA? A password is not always sufficient to protect your account and a second key is required to add an additional hurdle to deter the threat actors. To use 2FA an authenticator is required and the password manager may be able to fulfil that role too. There will be a post soon about 2FA.

Not Only Passwords

Password Managers can also store everything about your life. The image below from 1Password shows what else you can store in your password manager.

I Have Got a Password Manager - What's Next?

Fantastic! You have a password manager what do you do now?

1. Set up an account for the password manager app
2. Download the app to all your devices
3. Sign in using the same credentials for all your devices
4. Set up the browser extension in whichever browser you use on your computer
5. Now it is time to start entering your apps and strengthening your passwords.

Entering your app addresses and website addresses and changing the password to one generated by the app can be quite daunting. So, do it on a risk based approach. Identify the apps that store the most critical data for your business. Set up five accounts a day.

Which Password Manager do you Recommend?

This is the second question I get asked most frequently! I will not recommend a particular password manager here. You will all have different requirements and my Professional Indemnity Insurance will not cover me for such public advice!

As with everything it depends on your requirements:

• Are you a sole user?
• Do you require team access?
• Do you require family access?
• How do you interact with your apps personally (are you techie or not!)
• Does your employer, franchise parent, other parent organisation require you to use a particular password manager app.

I will list in alphabetical order 5 password manager apps most frequently recommended this year on various forums. There are not any free apps listed, to get the apps providing the strongest security always pay for an app.

1Password

1Password is very rich in what it can do, virtually everything you could possibly want securely stored. This is not a recommendation but I have used 1Password since 2012.

• Password generator.
• Store all documents and records such as passport, driving licence, medical records, NI number, bank account details, payments card details and crypto wallet and more.
• Watchtower function receives alerts for Compromised passwords, compromised websites, unsecured websites, vulnerable passwords, reused passwords, inactive 2 factor accreditation and expiring items (credit cards expiring in 2 months, passport expiring in 9 months etc).
• Latest encryption (AES 256 bit encryption) and multiple techniques to protect your data at rest and in transit.
• Dashboard representation of your cyber security.
• Versions for personal use, family sharing or business use.
• Emergency kit for access if you are in hospital or worse.
• Travel mode which will keep all your logon details secure from prying border guards.

Dashlane

A powerful and easy to use password manager.

• Password generator.
• Password changer to change multiple passwords at once.
• Built-in Virtual Private Network (VPN) to protect you should you work on public wifi.
• Secure notes.
• Scans for data leaks, e.g. email addresses, weak or recycled passwords.
• Dashboard representation of your cyber security.

Keeper

Another strong contender with a good list of features.

• Password generator.
• Stores identity (driving licence, passport etc information) and payment card data.
• Keeper can store sensitive files and documents, photos and videos.
• Up to 5 emergency contacts who can have access in the event you are in hospital or worse.

LastPass

A very popular choice because it is lower priced than the other options. Lower price also means less functions.

• Password generator.
• Limited storage for identity documents
• Scans for data leaks, e.g. email addresses, weak or recycled passwords.
• Charges extra for functions the others offer as standard

NordPass

NordPass is slightly different to the other options listed here. Nord is a cyber security company who also provides NordVPN, a virtual private network app. Their password manager uses an addition to AES encryption, XChaCha20 encryption and Argon 2 for key derivation separating it from all other password managers. However, it is quite short on features.

• Password generator.
• Secure notes
• Store payment card information