I am a huge supporter of password managers and now that I’ve invested the time to populate one, I won’t ever not have one. I personally use two different password managers: 1password and KeePassXC.
That was the BLUF, now the write-up. First off, what is a password manager? A password manager is a software application designed to store and manage credentials. It also generates strong passwords. Passwords are either stored in an encrypted database locally or on a cloud, depending on the program. There are many benefits to using a password manager, including:
- Only need to remember 1 password
- Auto-generate highly secure passwords for you
- Use across all your devices
- Save time
- Share databases with family members
Why use a password manager? Many people use weak and/or relevant passwords in their life. This is why social engineering is one of the most effective ways to hack someone’s online account. A password manager helps solve this problem by not only generating random, complex, and strong passwords, it saves them in an encrypted vault and only requires the user to remember 1 master password.
My first password manager was Apple’s keychain. Like all of Apple’s products, it worked great, but only in Apple’s ecosystem. I had a Mac computer at the time as well so I was only inconvenienced a handful of times when working on a windows computer. Then I slowly transitioned to storing passwords in the browser’s built-in password manager. This solved the cross-platform issue for me since my chrome profile syncs across my devices. This is where I stayed until I realized there’s a security risk associated with storing passwords in your browser?!
While the vulnerability was patched, the fact that it’s possible for my browser to be hacked to the point where they can take my saved passwords was enough for me to make the jump. I had read about password managers and went down the rabbit hole of which is the best.
First I began looking into Free and Open Source Software (FOSS) options, I came across KeePass, KeePassXC, and PasswordSafe. These all save your database locally on the machine, which is great from a security standpoint, but sort of a pain because they don’t sync across all your devices (If you go this route the workaround is to save the database file to a cloud account like iCloud, Dropbox, or Google Drive. Then point the program to read from the cloud drive – It’s just a little extra inconvenience but can easily be done). I downloaded all three and ultimately went with KeePassXC; it has a more modern look and is more supported than its original program KeePass. The original KeePass was developed for use only on Windows, it is written in C# and therefore requires Microsoft’s .NET platform. KeePassXC is written in C++ and thus can be natively run on Linux, Windows, and macOS. KeePass is a great password manager and is very proven. However, on systems other than Windows, you’ll have to KeePass using the Mono runtime libraries. This takes away some of the looks and feels that you are used to. All three are solid choices, secure, and have good functionality. I like the look and feel of KeePassXC and its browser integration. But you really can’t go wrong with either.
So that covers just me, but what about joint accounts or multiple logins to the same system? My password manager solution had to be a family-wide adoption; if it was a cumbersome process then the likelihood of my wife using it was about null. Bitwarden was a very appealing option, it is open source so huge plus there, cloud-based which I liked, it can sync to all of my devices, and is free! My hesitation came from different reports of trackers found on the website and certain data it collects. The free account is also limited in some of its features. But if this sounds like something you’re looking for, I would give the recommendation to use bitwarden. It’s a very good product.
Some years ago Lastpass had a breach, it was put out that no user vaults were exposed but usernames, salts, and hashes were included. So I passed right by. It was also reported that like Bitwarden, Lastpass had trackers within its website.
I had 2 options left that I was considering, 1Password and Dashlane. Dashlane is a tried and trusted password manager that you cannot go wrong with. I almost went this route but I wanted to try 1password first. My thought was that if I tried Dashlane and loved it I didn’t want to switch to 1password just to switch back. 1password’s application and browser integrations were smooth and elegant, it had an updated look at the ease of use, well, couldn’t be easier. My wife happened to walk behind me one day when I had the application open and said “oh our IT dept is pushing for a contract for this at work, we’re all going to be using it soon.” That was it for me, I was looking for ease of use, cross-compatibility, and something my wife would use. If she’d be using the same program at work, it would be seamless to use in her personal life. Dashlane never got the chance to see how good it really is. But in some other comparison articles, it matches up with 1password features. On another note, 1Password doesn’t have any trackers embedded in its main site.
I have been extremely happy with 1password and I save everything from logins, payment methods, and wifi passwords. I love there are personal vaults for my login-specific items and shared vaults where we can put shared login and payment or bank information. The apps are very smooth and better detect username & password fields better than KeePassXC. There is a feature to integrate 2FA which I have done from some websites, but for sites like financial types, I think keeping some separation is a good thing; for those, I’ll use a third-party authenticator application.
I personally don’t think it’s a question of ‘should I use a password manager, but rather which should I use? I hope the information in this post is helpful for making a decision on which password manager is for you. There are free routes and there are paid routes. KeePassXC is an excellent password manager and with a little extra work can function the same as 1Password. If your looking for something that’s complete and easy to use right out of the box, and don’t mind paying a small amount per month then I fully recommend 1Password.
The fine print: I am not sponsored or endorsed by any company mentioned in this article. I performed my own testing and research when making my decision. I personally purchased and maintain my family subscription with 1Password.