In this day and age, with so much available online and with so many different accounts to sign into, a decent password manager has become an essential tool for just about everyone. If we follow the common password rules…
- Do not use the same password across multiple accounts
- Always choose a long and strong password
- Avoid using dictionary words
- Avoid common sequences such as numbers or letters in sequential order
… it becomes even more apparent why we should all be using a password manager.
Browser Password Managers vs Dedicated Software
There are many misconceptions regarding browser password managers and, while I agree that they are generally not as secure as dedicated password manager software, they are nonetheless more secure than a lot of experts give them credit for. For example, I read an article written by a well-known tech writer warning people not to use Edge’s password manager. His reasoning was based on a third-party software called Edge Password Manager which, when run, would reveal all passwords saved in Edge in plain text. He reasoned that, if a third party gained physical access to a computer where the owner is already logged in, he/she could then run the Edge Password Manager software and reveal all the owner’s passwords. Well, I’m sorry, but that is total BS. If a third party with malicious intent gains physical access to a computer where the owner is logged in, the game is already over, regardless.
The fact is that Edge stores saved passwords encrypted in the Credential Manager. There is a ”show” link associated with each encrypted password but, in order to reveal the true password, you need to input the user account password. So, provided the user account is password-protected, the level of security is actually pretty decent.
I also read where another so-called expert claimed that the passwords saved in Firefox could easily be revealed by third-party password extractors, such as reCall. That is also utter BS. Firefox provides an option to protect saved passwords with a master password and are impossible to extract with the master password in place, not even by the very good reCall. Full disclosure– I have to admit here that I have been using Firefox’s password manager, protected by a very strong master password, for many years, albeit without any issues. The only password I do not allow Firefox to save is my PayPal password. Then again, I would not trust any password manager with any of my financial credentials, including dedicated password manager software.
There are a lot of articles out there warning people against using browser-based password managers. However, I don’t necessarily subscribe to that school of thought. As far as I am concerned, a browser-based password manager is far preferable to no password manager at all. That said, there is no doubt that dedicated password managers are not only more secure than browser password managers but also include a lot more features. I’ve been toying with changing over to a dedicated password manager for some time now, only being put off by terminal laziness. However, I have decided it’s probably time to bite the bullet and my research to date has led to me to a seriously worthy candidate.
Bitwarden – Best Free Password Manager
Bitwarden is a free and open-source password manager that is quickly gaining in popularity. I openly admit I hadn’t heard of Bitwarden until commencing my research but there are so many positive reviews that I was pretty much forced into checking it out further.
There is no doubt that Bitwarden ticks all the right boxes– syncing passwords across all devices, support for all platforms, 2FA (two-factor authentication), and an unlimited number of entries (accounts). Bitwarden provides clients for all common mobile and desktop platforms, supports add-ons for all major browsers, and syncs across all devices via the cloud. Now, I know some users are wary of cloud-based password managers but all data is fully encrypted before leaving the device and only the user can access it not even the Bitwarden team can read it. Data is protected with end-to-end AES-256, PBKDF2 is used to derive the encryption key from your master password, which is then salted and hashed using HMAC SHA256. These are all very secure and well respected cryptographic standards. Read more about Bitwarden’s Security.
As is the case with most password managers, Bitwarden will create, save, and remember long and strong passwords, logging you into already saved accounts and creating new entries for new accounts. If you have multiple accounts on a single domain, Bitwarden offers more fields, other than just the username and password, to help identify each entry precisely. Different types of credentials (such as Logins, Secure Notes, Credit Cards and Identities) also offer different fields for more specific information, and you can organize your items into folders to group particular types of entries together. Another interesting feature in Bitwarden is a button in the password field which checks if the password you input has been exposed, comparing the username and password with a database of known password breaches.
Because of Bitwarden’s cloud-based nature and the ability to sync across multiple devices, you do need to create an account, but it is all totally free. For a payment of $10US per annum, you can upgrade to the Premium edition which includes a few additional benefits. However, the free version is full-featured without limitations.
As I said earlier Bitwarden ticks all the right boxes and, in terms of features, it’s right up there with similar commercial offerings that cost quite a bit of money. Nothing among the free versions from alternative password managers comes close to Bitwarden’s feature set. Definitely worth serious consideration.
LastPass Free – A Very Good #2
LastPass has been around for ages, it seems, so I’m pretty sure many would already be familiar with the free edition’s very good feature set. It’s the closest to Bitwarden of all the free alternatives. LastPass’s free version supports syncing across all devices, unlimited passwords, a built-in password generator, multi-factor authentication, secure note storage, one-to-one sharing (not one-to-many sharing), and a security challenge. The security challenge feature reviews your existing passwords, provides you with an overall score and warns you about passwords that are insecure.
As is the case with Bitwarden, and all password managers that sync across multiple devices, LastPass utilizes strong encryption techniques, securing data with AES-256-bit encryption and salted hashes. Your data is encrypted and decrypted on your device, so the data stored with LastPass is readable only on your own device(s). Definitely a contender.
Dashlane & StickyPassword
Two very good premium password managers but neither supports syncing across multiple devices in the free versions. Furthermore, Dashlane Free is limited to 50 accounts and 5 accounts for password sharing. And StickyPassword Free does not support secure password sharing at all. Still, these are two very reputable password managers and the free editions might well include enough features to satisfy some users.
Bitwarden is all the rage at the moment and, after reading multiple reviews, I’m not at all surprised. It is a free and open-source password manager that comes very near to, if not on par with its subscription-based rivals. I seriously doubt you could do better for free.