Updated: September 14, 2020 by Agnes Talalaev
In this article, we will explain the importance of password management tools, password security, what are strong passwords, and also give some insights about the statistics in the world of passwords.
It’s probably no surprise that people use bad passwords. A recent study of publicly-available “hacked” accounts reveals ‘123456’ was the top used password, followed by “the much more secure” ‘123456789’ and “hard-to-guess” ‘qwerty’.
The study says that there are more than half a million cases where soccer (or football) fans use the club names as “Liverpool” or “Chelsea” as their passwords. For musicians, Metallica gets beaten down by 50cent. So if you know the person well, you may even guess the password a person is using.
The most common fictional names used as passwords were “superman” (333,139 users), “naruto” (242,749), “tigger” (237,290), “pokemon” (226,947), and “batman” (203,116).
The top ten most frequently used passwords?
If yours is on the list, we’d suggest going and installing a password management tool right now to start using password manager generated passwords to make sure they are unique.
Well, the truth is – nobody likes passwords and nobody likes to generate new passwords. That’s the reason why you should use password management tools to manage passwords. Life just makes so much more sense after starting to use one.
Firstly – you won’t remember every password you have. A very bad practice is to use one password in more than one account. To use a password is bad anyways – but we’ll go there later.
With password management tools you can easily access all your passwords from one place with one master key.
Secondly – use passphrases or generate a random key with your password management program.
Thirdly – the master key. Instead of using a password, use a passphrase, which is much longer in length. Use some numbers and upper and lowercase letters. And to make it clear – by passphrase you should consider generating a short sentence, but make sure, it’s something you’ll remember.
It’s important that all your passwords are unique. A good password manager will randomly generate your passwords for you, and store them safely. It doesn’t matter what password manager you use, as long as you use one.
We use LastPass and KeePass in our team – check them out. KeePass is a bit geekier, but LastPass is widely used and has good UI and is a multi-user password manager. Other options are Dashlane and 1Password. It’s your choice.
With LastPass, it’s super easy to save the passwords while minding your business on a daily basis. As they say – just remember your master password and LastPass remembers the rest.
The advantage here is that any time you log into a new account you can automatically one-click add the new password to your LastPass account and it will stay there whenever you need to use it on the account you save it to.
With LastPass, it’s easy because you can simply just install the LastPass extension in your browser for saving and accessing your passwords.
LastPass isn’t open-source, but there is a free version that can be used. And there is a premium plan for a bit more than $2 per month if preferred. The premium plan provides users with an option to store passwords, digital records, and other items that need to be digitally secured. Also, LastPass allows users to grant family and friends access to their account if an emergency arises.
We kinda don’t want to leave out that LastPass has experienced three data breaches since it was founded. They have implemented strong encryption and salted hashes to ensure complete security in the cloud which eliminates the need to store files locally.
But on the other hand, their password management system works within the browser as an extension for most users, which makes their data a high-priority target. LastPass is easy to use and convenient, but the convenience comes with a slightly reduced level of privacy.
Want to know more about LastPass – take a look here.
KeePass is a free open source password manager, which helps you to manage your passwords. You can put all your passwords in one database, which is locked with one master key or a key file.
KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm to encrypt its password databases. Both of these cyphers are regarded as being very secure. AES e.g. became effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information.
With KeePass, the complete database is encrypted, not only the password fields. So, your user names, notes, etc. are encrypted, too.
SHA-256 is used to hash the master key components. SHA-256 is a 256-bit cryptographically secure one-way hash function. No attacks are known yet against SHA-256. The output is transformed using a key derivation function.
Sounds impressive, isn’t it? But there’s more – KeePass as being an open-source password management tool is free and you have full control over your information.
And yes, we know, it looks a bit geeky and old school.
KeePass is a localized solution that is stored in database form. Although it requires syncing to keep the file up-to-date, the information is kept separately from the various access points someone may try to access your data. Even if someone could access your KeePass file, they would need the master key to open the database to discover your other passwords. That creates a very secure solution.
Users would be required to keep backups of their database in secure locations, preferably offline, in case something happened to the primary file. (source)
Want to know more about KeePass – take a look here.
Since we don’t have any Dashlane users in our team we needed to go and find reviews to get the idea of what’s up with Dashlane. We have heard a lot of good recommendations about Dashlane though.
First of all – it’s easy to use, secure and provides a lot of value even on free plans. But what about the pros and cons – here’s what we found:
From the get-go, Dashlane looks like a fairly typical password manager in terms of features. You have auto-fill, strong password generation and apps for iOS and Android. It distances itself from the competition by having one of the most well-rounded feature packages for security, however.
Every plan comes with real-time password monitoring, even the free one. From the moment you set your password in Dashlane, it will start tracking it for any security threat or breach and notify you immediately to change your password if it finds one.
The pricing is slightly more expensive than others but it sits well within the range set by other password managers. The Premium plan is slightly higher than average but comes with enough features to justify the cost.
One password management tool that has also been widely used is 1Password. Great name indicating that you only need to remember one password when using the password management tools – the master key.
As we read the reviews we saw that it said that 1Password is a nice password management tool out there thanks to its ease of use and excellent security. Its pricing plans are fitted more for families and small businesses rather than individual users.
One thing that caught our eye was that 1Password does not have a free plan and also there is no live support. But there is a 24/7 support forum which is also good – forums are a great way to get an insight about a product from other users.
1Password has a lot of features starting from multi-device sync, auto-fill on mobile devices (not for Android users, unfortunately), lower plans get 1GB per user and upgraded plans 5GB per user.
As for security, it uses the industry-standard encryption for storing your passwords. Data is stored locally and the most interesting part of 1Password’s security model is the secret key. This 128-bit key is generated locally and never sent to 1Password. Like your master password, it’s individual to you and cannot be recovered in the event you lose it.
Another great password management tool that we missed (but fortunately WebARX has awesome users, who reminded us) was Bitwarden which is 100% open-source software. And to top it all it has great UI as well.
The source code for Bitwarden is hosted on GitHub and everyone is free to review, audit, and contribute to the Bitwarden codebase.
Bitwarden is free and available for multiple popular platforms. Bitwarden has desktop apps for Linux, macOS, and Windows, mobile apps for Android and iOS and browser extensions for just about all web browsers, including Vivaldi and Brave.
The core features of Bitwarden are free but if you need up to 1GB encrypted file storage, 2-factor authentication with YubiKey, FIDO U2F, & Duo and priority customer support you can choose the premium deal1GB encrypted file storage
Bitwarden and like other we mentioned here, uses AES 256 bit encryption as well as PBKDF2 to secure your data.
AES is a standard in cryptography and used by the US government and other government agencies around the world for protecting top-secret data. With proper implementation and a strong encryption key (your master password), AES is considered unbreakable.
PBKDF2 SHA-256 is used to derive the encryption key from your master password. This key is then salted and hashed. The default iteration count used with PBKDF2 is 100,001 iterations on the client (this client-side iteration count is configurable from your account settings), and then an additional 100,000 iterations when stored on our servers (for a total of 200,001 iterations by default).
If you are looking something for a lifetime and if you are willing to invest in a starting startup you can also try out PassCamp.
The main PRO that we would emphasise on is that PassCamp is the only password manager that has unlimited guests. This means that once you set up your team, you can invite as many guests or clients that you need without paying a cent more.
So meaning other password managers mainly focus on personal use, adding team functionality as an afterthought.
PassCamp, on the other hand, was created and designed for teams. So not only do they have the features the other tools have but they also have unique features like multi-tier sharing.
You can also dig into their architecture with this white-paper and if you are looking for more info about PassCamp – this is a good place to look at.
And we also heard that PassCamp is featured on ProductHunt. Go and check it out.
Two-factor authentication (2FA), also called multiple-factor or multiple-step verification, is an authentication mechanism to double-check that your identity is legitimate.
It’s something that will keep your accounts even more secured and offer you an extra layer of protection, besides passwords. It’s hard for cybercriminals to get the second authentication factor. This will drastically reduce their chances to succeed.
2FA is a must-have for:
Here you can find some mobile apps that you can use for two-factor authentication: Google Authenticator (available for Android, iOS, Blackberry). Authy (for Android, iOS, but also available as a desktop app and browser extension). Microsoft Authenticator (Windows Phone 7).
The best time is now. Take the time – install the one you think will work for you the best and start using password management tools. This about your master key – make it long and something only you will remember and be part of the World Password Day.
PS! If you are already interested in passwords – you may also be in protecting your website against hacking attempts and data breaches. Take a look at WebARX platform where you will also have 2FA, vulnerability monitoring, backups, web application firewall, security reports and much more – you can try WebARX for free here.
Protect your websites from malicious traffic - set-up in under 3 minutes.
WebARX is compatible with the following platforms: