Our passwords are the most basic lock that separates our data and our accounts from unauthorized people. Therefore, it is necessary to always use strong and secure passwords that prevent hackers, and unauthorized people, from accessing our accounts. Unfortunately, for years we have been dragging bad habits in the use of passwords that, today, have become a danger to our security. And that is why, recently, a type of software has gained great popularity: password managers .
As its name suggests, a password manager is a simple program whose main purpose is to allow us to save all the passwords that we use to register on web pages (and other types of information) so that they are always safe and we can consult them whenever we want. This type of software uses a secure and encrypted database, which is protected with a master password, so that just by remembering this password we can have access to all our keys without having to memorize all of them. In addition, they also tend to have very complex algorithms that help us generate secure pseudo-random passwords to use when we register on any website.
Practices to avoid when choosing a password
Without a doubt, the worst practice we can use today is password reuse . This is to take a password, the main one, and use it on all the websites where we register. Although we save ourselves having to memorize several passwords, the only thing we achieve with this is that, if one of the websites compromises, and reveals our password, then we will have endangered the security of all the other websites that we use.
Another widely used practice is to use easy-to-remember passwords . These passwords, whether they are short or long, usually have to do with us in most cases, and anyone close to us who knows us, or someone who investigates us, could easily find out. It is very easy to remember these types of passwords, but it is not a security practice at all.
Finally, it is also very common to opt for relatively short passwords, the minimum number of characters required. In this way, in addition to being easy to remember, we can introduce it on the webs quickly without wasting time. A short password has a weak encryption hash, and if there is data theft, the attacker could easily break its hash and gain access to it.
If we combine the above three practices, we can imagine to what extent our security can be compromised.
Online password manager: advantages and disadvantages
In recent years , password managers in the cloud have gained special importance . These managers are characterized mainly because we can use them from our own web browser, or from an app, and everything we do is uploaded directly to the cloud. In this way, if we change computers or use the mobile, our passwords will always be available and synchronized. It is the most comfortable we can use, but also the most unsafe.
Would you trust your house keys to a stranger? Well, broadly speaking, this is what we do when we use online password managers. These are always controlled by for-profit companies, companies that are there to make money and that, honestly, we do not know what they can do with our data . The servers and clients are usually totally opaque, so we do not know if our data is being kept really safe or if it is, for example, in plain text.
Of course, they are the most comfortable that we can use to have the passwords always saved and synchronized. But they are not to be trusted, mainly due to the lack of transparency.
We can find a wide variety of password managers controlled by large companies that we can use to save our passwords without complicating ourselves. Two of the most popular are 1Password and LastPass . These two platforms allow us, in exchange for a subscription, to save all our passwords “securely” on their servers so that we can always have them available on all our devices.
In addition, there is another type of password manager in the cloud that, probably, we all use: those of web browsers . All browsers (Chrome, Firefox, Edge, etc.) have their own internal password manager. If we do not log in, it acts as a local password manager, but if we are logged in to the browser (and we probably have it), our passwords are sent to the company’s servers, where they are stored “securely”, and from where we can have them synchronized with all our computers and devices.
Local password manager: advantages and disadvantages
In addition to online password managers, there are also other similar programs that allow us to create a database with all our passwords so that we can save them safely. But, unlike the previous ones, these password managers are designed to manage them ourselves without depending on any other company or platform. We are talking about local password managers.
These types of programs, instead of depending on a company that provides us with this service (in exchange for a subscription), what they do is allow us to create the database we want, with the security measures that we want, and save it ourselves on our hard drives. In this way, nothing and nobody will be able to access the database and, therefore, our login keys.
Of course, local password managers are the safest and most private we can find. Its reliability depends on us, not on a company that just wants to make money. However, it should be noted that they are usually the most uncomfortable to use . These usually do not have synchronization functions between services, and their support, although good, is usually less than that of the cloud options. If we want to have our passwords on another PC or on our mobile, we will have to manually copy the database every time we make a change. Or depend on the cloud (like Google Drive, or OneDrive) to sync it. And, in the latter case, we will be losing the main advantage of this type of program.
Without a doubt, the best local password manager that we can download and install on our computer is KeePass . This program is characterized by being totally free and open source software. Any user can have access to the code to review or audit it without problem and verify that it is safe. And it can even help improve security or add new features to the program.
With him we will be able to create shielded databases that allow us to keep our passwords and other confidential information with total security and reliability. In addition, it has a large number of plugins that will allow us to have other functions and features, such as the synchronization of databases with the cloud to be able to access them from the mobile or from another PC.
And if what we want is an alternative in the cloud, but that we host ourselves and it is open source, then we can opt for Bitwarden . This alternative is similar to LastPass or 1Password, that is, it offers us a website where we can create a secure database and have everything synchronized in the cloud. The difference is that, unlike these others, Bitwarden is completely free and open source software. Furthermore, we have to set up our server to host this software ourselves, and only we will have access to it and all the data.