What is a Password Manager?

A password manager is a program or service that allows you to record login information such as username, password, login link, and other information that varies from service to service.

Why do I need a Password Manager?

According to Edward Snowden (love him or hate him, he is a cyber-security expert), weak passwords can be hacked within seconds. Softwares to perform this are legally available for free all over the internet.

Additionally, humans are garbage at remembering passwords that would be considered "secure." Between that and the instruction to "never write down your password," we default to weak passwords like "CityOfBirthYEAR" or "NameOfPetSpelledWrong."

While contemporary advice to switch to a passphrase is great, not all websites allow for this for a variety of reasons (such as limits to password length or not allowing spaces in your password). The best solution I've found in my experience is a reliable password manager.

What should I look for in a Password Manager?

The most important thing is to look for a service that claims to be "zero knowledge," or put another way "we can't see your passwords." A good provider will ensure that your password database is encrypted in such a way that no employee of the company can see your passwords and information. Remember: if they can see it, so can a hacker who gains access.

You should also consider whether or not cloud-based services are right for you. Cloud-based services offer incredible convenience, but you also run the risk that the provider is lying about not being able see your passwords or the risk that a hacker will download your database and then have all the time in the world to guess the encryption to get into it. On the other hand, locally-stored databases run the risk of getting deleted, lost, or corrupted if you don't keep reliable backups.

Product/Service Pros Cons

Bitwarden
  • Open-Source
  • Audited
  • Cloud-based
  • Available on all operating systems
  • Has a feature to generate secure passwords automatically
  • Cloud-based

KeepassXC
  • Open-Source
  • Available on all operating systems
  • Has a feature to generate secure passwords automatically
  • Has a feature to remind you to change your passwords at intervals of the user's choice
  • Is not cloud based, so no risk of your passwords getting swept up in a corporate data breach
  • Not audited
  • Is not cloud based, so it can be difficult to coordinate across multiple platforms without some conscious thought and requires user to be conscious of backups