Community Manager

Password_Header.pngHaving difficulties to remember multiple passwords? Then it’s time to set up a password manager.

Without a doubt, password security is a very important topic at a time, where virtually every part of our daily lives can take place on the internet. Be it shopping, entertainment, banking, etc.: Generally, every single website requires you to set up a designated account that contains your user information, namely personal details, your password, and if needed also financial data.

That’s why everyone should be familiar with some basic and easy-to-apply password best practices.

Good thing we’ve all been sensitized about that password topic long ago and learned our lesson by now – wait… in 2016, 18 out of the 25 most popular passwords were still variations of 123456? You’ve got to be kidding!

Well, I understand why people still choose these passwords. They’re easy to memorize, they might want to share an account and keep it simple, or they create an account that’s intended for one-time use. But let’s be clear about how unsafe choices like “123456” or “qwerty” really are: Dictionary-based cracking tools will try these common choices first and they will be compromised in a matter of seconds!

So, isn’t there an easy way to come up with strong passwords and keep track of all your login credentials?

Password managers can help you out. They’re always on hand within your smartphone and offer plenty of functionality.

What Can a Password Manager Most Commonly Do for You?

First and foremost, password managers can store an unlimited number of passwords across multiple devices for you. They can be installed as a program or browser extension on your PC, and most importantly on your smartphone or tablet, so you always have your passwords with you.

A password manager will always require you to set up a master password needed to access the app. As a next step, you can further strengthen security by applying two-factor authentication, like your finger print or a code provided by a second-factor/authenticator application . If your goal is maximum convenience, however, reducing your password manager login process to your finger print is a valid option, too. Just be aware, that fingerprint sensors, too, can be fooled and aren’t perfect by any means.

In case coming up with new strong passwords gives you a headache, password managers generally provide a random password generator. But because something like “vv7zco3KFFgY” is not what you’d call memorable, many have an additional feature that rates the strength of your passwords – so you can come up with a custom but secure password within the password manager app.

Which Password Manager to Choose

There are plenty of password managers to choose from and they all claim to be the best. Most of them share the same basic features to store your passwords but differ in how those features are available to the user. Depending on how strongly you plan to use your manager, the differences in more high-level features further complicate your choice. Hence, the key to finding the perfect password manager for you is to become aware of your own preferences.

Local Data Base vs. the Cloud

Yes, of course storing your data in the cloud has significant benefits, such as synchronization across multiple devices, a reliable backup system, and it works right off the bat. But for your password manager, convenience isn’t always the best way to go, since cloud storage belonging to big companies is generally a more exposed target to hackers with malicious intents.

Consider sticking with an app that stores your passwords encrypted locally on your device, protecting you of falling victim to a leak in the cloud, alongside thousands of other users. But not only does local storage keep you off the grid of untargeted cloud hacks. Even if you were to lose a device with your passwords stored locally, the data base is strongly encrypted, preferably with the encryption standard introduced in the next section.

Look for the AES-256 Bit Encryption Standard

If nothing else, a good password manager should provide encryption that adheres to today’s leading security standards.

To be on the safe side, keep an eye out for the term AES-256 Bit encryption, which is the Advanced Encryption Standard also used by governments, as well as TeamViewer.
Choose an App that Receives Regular Updates

With an app that stores the keys to all of your accounts, you don’t want to go with a hobby programmer, who puts their password manager on the App Store but lacks the diligence or plain work capacity to maintain it and keep up with the standards.

Security, feature, and user experience standards can change rapidly, even within a short period of time. In order to have a reliable and always-up-to-date product, you should choose a (corporate) vendor with good reputation instead of a hobby project.

Aside from the vendor name, which is displayed directly beneath the app’s name both in the App Store and Google Play Store, the availability of a paid version can be a hint towards the vendor’s reliability. Companies that offer paid services can be expected to deliver service, support, and maintenance on a reliable basis.

Excursus: How to Identify Malicious Fake Apps

Lately, a lot of fake applications that cause a barrage of ads or even malware to gather data from your device, have been spotted in the download stores. On first glance, they often look identical, using the original app icon and name to trick unwary users.

To identify malicious fake apps that probably use the original logo, have a closer look at the app and vendor name. Most of the time, either one of them sounds a bit off, using name extensions like “(…) update” or unprofessional vendor names. If you’re still unsure, look at the app description and reviews below. The description might very well be written poorly and spelled incorrectly and while fake apps are mostly accompanied by fake reviews, there still might be some legitimate reviews from users who realized they installed a fake version.

Basic Functionality vs. the Swiss Army Knife Approach

How do you plan to integrate the password manager into your day-to-day life? Will you only rely it to look up passwords for infrequently used accounts every other month – or will you fully embrace it, because you have to log into dozens of accounts every day?

For the casual user, a simplistic app that provides the basic storage features might already suffice. A clean look and well-thought-out user interface serve for easy navigation and get the job done.

If, on the other hand, you plan to make the password manager your central security hub, you should choose one that integrates well into the applications you already use (e.g. your favorite browser) and that allows for more high-level actions. More sophisticated features you might be interested in could include extra backups, import/export of passwords, or automatic password change.

Free vs. Paid Password Managers

Great news: There are free and paid versions of pretty much every recommendable password manager out there. Additionally, even the paid versions are very affordable with the majority of them priced between 1 and 5 dollars.

That means you can try different apps until you find the one that best suits your requirements and then upgrade to the premium version, if need be.

But what differentiates the free and paid version of password managers?

Free versions should still suffice for private use most of the time. However, they can be limited, e.g. by number of active devices, two-factor authentication options, or user support priority.

Apart from a premium consumer version, many vendors also offer corporate solutions that meet associated requirements, such as account management, security policies/reports, or secure sharing of passwords with colleagues.

As Always, It Depends

So, what’s left to say in order to sum up which password manager you should choose? That’s right, it totally depends on your personal requirements and preferences.

But to give more of an actual answer:

Look for AES-256 Bit encryption. Choose an app from a reputable vendor – available premium versions indicate good service. Free versions suffice for most use cases and are a great way to find your favorite password manager.

Are you using a password manager? Let us know in a comment below!