Password managers are designed for an intended purpose. They can offer nice extras, even a free password manager protects you from the risks of using weak passwords or the struggle to come up with complex/unique passwords for every site you vist whilst remembering them all too! Generally you just need to remember one password called a “Master pasword” to access the storage area where your passwords are held, ususally called a “Vault”.
Tips
- Use a mixture of random words
- Enhance complexity by using words not found in an English dictionary
- Use a different language where possible – most brute force and dictionary attacks are based on English only
Problem with storing passwords in your Web browser
Chrome:
Google’s built in password manager is free and does the simple job of saving your password with form filling. Usually you’ll see a pop-up notification prompting you to save your username and password to your Google account. This means that next time you visit the said website, the username and password boxes will be pre-filled with your saved details.
Google also offer a security checkup which among other checks will notify you if you’re associated with a breach elsewhere online. Password generation is also available meaning your passwords are more complex and saves you time.
The primary disadvantage is that you are now within Google’s ecosystem – Chrome and Android, which for many users will not be a problem as you’ll tend to login to your account on multiple devices anyway. What you may notice is that certain features will not be supported. An example is that it can’t pre-fill login details in Firefox, Safari or Edge.
Password Managers
There is a huge selection of password managers and each has their own benefits and disadvantages. At the time of writing – 2021, there are 300 free and paid password managers on Google Play alone!
Password managers keep your information encrypted using high-measure protocols, so if the password managing company was hacked (company servers), the only data they would be able to access would be meaningless and useless. Additionally some services allow you to store your password Locally, which means the password is stored on your device so it’s not even sent across the network. Where data/passwords are stored on the company servers which can be useful when using multiple devices for example, the data should be communicated by being encrypted at both ends, referred to as End to End (E2E) Encryption.
Our choice – Keepass
I could explain all the reasons I chose Keepass but they even do that really well so here is their link to their Security features which pretty much speaks for itself