By Natalie Wetzel | Aug 12, 2023 at 8:35 am
Streaming services, shopping websites, social media, banking apps and transport companies – the list of platforms and service providers we use every day is endless. And everywhere you can create an account or install an app. But nobody can and wants to remember all the access data. Password managers are the helpers of the hour here. TECHBOOK has checked which are particularly safe and practical.
Do you still remember the notebooks or paper lists in which one neatly wrote down access data and passwords and then hid them somewhere on the bookshelf? Sure, you can still do that today, but it’s not particularly safe. And especially not when you’re sitting somewhere in the train, bus or office and just want to log into the online shop or book your next vacation trip. Then you often ask yourself: Uh, what was my password again? And where do I quickly write down the access data for the newly created account? A password manager on your smartphone, laptop or device of choice can be a real help.
Password managers should be well protected
But how secure are these apps and services, to which all access data is entrusted after all? (Except for the ones you forgot to write down and hope you’ll never need again.) The concept of password managers is very simple. You collect all access data and secure them with a master password. This over-password is – at least for the users – also the greatest weakness of the digital keychain. It must not be too easy to crack, but at the same time it must be easy to remember. If the main password is forgotten, the password manager is as useful as a locked safe at the bottom of the nearest lake. If you don’t trust your memory, the paper method for that one password might become attractive again – provided you find an excellent hiding place.
Alternatively, you can also use a text file with password protection on a well-kept USB stick. This form has another advantage in the event of one’s own death. “In this way, the heirs can take care of the digital estate in a structured manner,” explains Jennifer Vanessa Kaiser from the Rhineland-Palatinate consumer advice center. But even without ulterior motives about their own mortality, many users already work with a password manager as a matter of course, without really being aware of it. We are talking about browser solutions – some of which, however, have a dangerous security gap.
Also interesting: Forgot your WiFi password? 6 tips to get it back
Firefox, Safari and Chrome browser solutions
When you create a new account on any website, the accommodating browser often asks whether you want to save the login data. The next time you visit, you no longer have to enter your username and password manually; instead, the browser fills them in automatically. For example, Apple’s Safari uses the iCloud keychain and can therefore provide the respective access data on all devices that have an active user account. Chrome works the same way but uses the Google account. Firefox uses the Firefox Account with the synchronization service Sync or the program Lockwise.
As convenient as it is in everyday life, there is an annoying disadvantage for some users: If you frequently switch between browsers, you either have to keep in mind where which access data is stored, or save all data in all browsers. Or commit to one browser in the future.
And when it comes to security, there is a glaring lack in the browser solutions from Firefox and Chrome. These browsers save the passwords in an unsecured manner. This means that everyone who has access to the end device concerned also has access to the login data stored in the browser. Only Apple’s Safari browser saves the data in a key ring that is secured with a password. In practice, this means that Safari only fills out the access data on a website when you enter the device password or the PIN on a smartphone or alternatively verify yourself with Face ID or fingerprint. Especially with the last two methods, the effort involved in this detour is hardly worth mentioning, but it increases security enormously.
How to ensure more security with Mozilla Firefox
With Mozilla Firefox you can activate this little extra mile by specifying that Firefox protects the login data in the integrated password manager Lockwise with a master password.
To do this, open the Firefox browser and go to “Settings”. Now select the menu item “Privacy & Security” and scroll to the “Access data and passwords” section. Here you can make various settings, including “Use master password” and set a master password that you should ideally be able to remember.
If you now feel the need to store this master password in a safe place or generally want to save your access data securely independently of a browser, a password manager app is recommended.
A password manager should be able to do that
Experts have long advised using passwords that are as complex as possible, and passwords are becoming increasingly easier to crack with the support of AI. This means that the following applies even more urgently than before: use long, meaningless passwords with plenty of numbers and special characters. This is where password managers come in to help, as they can generate passwords with a wide variety of security levels. However, a secure password is usually a password that is difficult or impossible to remember. So you could say that password managers create their necessity – at least to a certain extent – themselves.
However, there are other aspects that a good password manager must meet. The application should have secure file storage and, if possible, be portable to multiple devices. After all, most services, accounts and apps that require a login are also used on multiple devices. On websites and in apps, the password manager automatically fills in the data and also completes forms and payment details. If the password manager recognizes a password as too weak, it should offer the option to replace the password with a stronger one. In addition, some password managers include dark web monitoring and alarms in the event of security breaches. However, not every password manager includes all functions and, especially with the free versions, you often have to make compromises.
The safest free password managers
The list of really safe and completely free password managers is pretty short. However, it is worth taking a look at the trial versions of the paid services or using their free version with a reduced range of functions, such as Bitwarden. Unfortunately, as is so often the case with password managers, the same applies: money or comfort.
KeePass
KeePass is a completely free password manager that easily rivals paid models for security. The database is encrypted using Advanced Encryption Standard (AES) and the Twofish algorithm. Since KeePass is an open source project, the program code is publicly available and is constantly being improved and controlled. However, setting up the app requires some prior knowledge or at least research if you want to use the full range of functions. You have to install additional plug-ins to import passwords from browsers or automatically fill in login data. The biggest challenge, however, is that KeePass is officially only available for Windows, so Android, iOS and MacOS users are dependent on third-party apps. However, these are usually also open source, which ensures an appropriate level of security.
The safest paid password managers
Bitwarden
Bitwarden stands out from the list with its comparatively low price of 10 euros per year. Bitwarden contains all the necessary functions and is even an open source project. Handling is uncomplicated, weak master passwords are not permitted and the sync process runs automatically.
Keeper
Keeper is one of the more expensive services at $42 per year. But it contains practically all common functions, such as logging on to websites using Face ID or fingerprint. There is also a disaster recovery option and Keeper also estimates the strength of a password. If you want, you can add Darknet monitoring, which is already included in the price of other password managers. Those who attach great importance to controlling the sync process themselves will not be completely happy with Keeper, since the service does not allow user-owned servers or alternative solutions.
Dashlane
Dashlane is available as both a desktop app and a web application. Both versions are intuitive to use and have an extensive range of functions, above all automatic login and saving of user data. However, the app is no longer being developed. Depending on the subscription – Advanced or Premium – Dashlane also includes a VPN, but is comparatively expensive at up to 53 euros. The permanently free version, on the other hand, is limited to one device.
1Password
1Password by AgileBits is a very useful password manager that fulfills all relevant functions and even has a feature or two more to offer. In addition to Windows, Android, macOS and iOS, the service also supports Linux and ChromeOS. It also includes the Travel Mode feature. Here, users can completely remove their sensitive data from the respective device and instead store it on the company server of 1Password. The function is intended for trips to countries that may require access to a smartphone or PC. After the trip, you can deactivate the travel mode again so that the data is restored automatically. Similar to Dashlane, 1Password is in the higher price segment.
Enpass
Unlike many other password managers, Enpass does not store user data on a central server. Instead, users can decide for themselves whether they want to store their passwords in a cloud, directly on the device or in a home Network Attached Storage (NAS). However, a minimum of technical knowledge is required here. In addition, Enpass is the right choice for those who don’t want to be burdened with a subscription, as there is also a one-time purchase option.