The Cloaked 2023 Guide to Password Managers

October 17, 2023
·
6 min
deleteme

Protect yourself from future breaches

In a world where data privacy and security have become priorities, password managers are king. They are some of the first lines of defense against hackers, and act as major productivity tools for both personal and professional use. While they've proven to be main contenders in the fight for online privacy, it's important for consumers to know how which password managers will work best for them.

Read through our comprehensive guide on password managers to learn everything you need to know to make informed decisions.

What is a Password Manager

In so many words, a password manager is a piece of technology designed to store, manage, and use passwords across the user’s online ecosystem. 

People now live so much of their lives online that it has become increasingly necessary to protect the credentials used to access everything from bank accounts to school computers. Technological advantages are the first line of defense for technological threats, and safeguarding our passwords is top of mind for deterring cyberattacks.

A Little History

As people entered into a digitally connected age, it quickly became apparent that new technology meant a whole new approach to data security.

In 1997, the first available password manager designed to store credentials was introduced. Called Password Safe, this original tech was rolled out as a new tool to be used with Microsoft 95.

From here, the password management industry only got larger - and more complicated.

Evolving Technology

The evolution of password managers has been largely based on two things: Security and convenience. 


Key features of standard password managers now include:

Password Storage: A password manager securely stores all your usernames and passwords (and related credentials) in an encrypted database. This database can be protected using a master password, an encryption key, and/or biometric signatures unique to a specific user, such as a facial or retina scan.

Secure Password Generation: Many password managers can generate randomized passwords that incorporate current security best practices. Secure passwords are typically a combination of letters (both upper and lower case), numbers, and special characters, making them difficult for hackers to uncover.

Auto-Fill and Auto-Login: Password managers can automatically fill in login credentials for websites and apps, saving you the hassle of typing them in manually. They can also automatically log you in when you visit a website.

Cross-Platform Sync: Password managers often offer synchronization across multiple devices and platforms. This ensures that your password database is accessible and up-to-date on your computer, smartphone, and tablet.

Strong Encryption and Built-in Security Features: Good password managers use strong encryption methods to protect your data. They also employ additional security measures like two-factor authentication (2FA) to enhance the security of your various accounts.

Password Auditing: Some password managers can analyze your existing passwords for security weaknesses and prompt you to change them if they are weak or reused across multiple accounts. They can also identify passwords or credentials that may be out of date, or that need changed due to potential risk of breach.

Secure Notes and Data: In addition to passwords, password managers may allow you to store other sensitive information like credit card details, secure notes, and personal information.

Using a password manager reduces the risk of data breaches and unauthorized access to your accounts. It also simplifies the process of managing credentials, making digital security more convenient and efficient. If technology is easy to use, then people are more likely to adopt it - and this has been the key factor perpetuating the ongoing utility of password management software.

Are There Different Types of Password Managers?

While the earliest commercial password managers were created specifically for use with browsers, the technology has become increasingly diverse. To keep up with the needs of consumers, password managers have had to become more versatile in their applications. There are now different categories of password managers, all with unique functionality and features.

The various types of password managers include:

Locally Based (Offline) Password Managers

Some password managers allow you to access your credentials offline using an encrypted key or password. For additional security, password managers may allow you to save a master password or key in a location other than the password manager itself.

These password managers store your passwords and other data directly on your device, typically in an encrypted form. This means that your sensitive information is not uploaded to a cloud server, reducing the risk of data breaches or unauthorized access by third parties.

In addition to these characteristics, many offline password managers are available on various platforms, including Windows, macOS, Linux, and mobile devices (iOS and Android), allowing you to synchronize your data across different devices securely.

Cloud-Based Password Managers

Cloud-based password managers, also known as online password managers, are software tools and services designed to store, manage, and secure your passwords and other sensitive information in the cloud, rather than on your local device. 

They store your encrypted password information on remote servers usually maintained by the service provider. This allows you to access your stored passwords from anywhere with an internet connection - whether it’s a desktop computer or mobile device.

Many cloud-based password managers provide instant synchronization of credentials across all devices. The security of these password managers is determined by the steps the parent company takes to ensure bad actors can’t gain access to their systems. To offset risks, good cloud-based password manager providers are always taking proactive steps to improve their defenses.

Browser Based Password Managers

Browser-based password managers are built-in or integrated password management features provided by web browsers. These features allow users to store, manage, and autofill passwords for websites and online accounts directly within their browser.

These are usually only usable when a person is accessing the internet on one primary browser, and will not be available across all devices. In addition to this drawback, browser-based password managers are only as secure as the browser itself. Other password manager providers are focusing on securing one product, while browser companies do not necessarily deliver at the same level.

SSO (Token) Based Password Managers

Single Sign-On (SSO) based password managers, also known as SSO and/or token based password managers, are tools or systems that combine the convenience of single sign-on with password management capabilities. 

SSO is a method that allows users to access multiple applications and services with a single set of credentials, eliminating the need to remember and enter separate usernames and passwords for each service. SSO-based password managers take this a step further by integrating other password management features as well. These can include things like password auditing capabilities, additional information storage, and password sharing.

How do Password Managers Work?

Most password managers work by providing secure encrypted storage for a person’s login credentials. Some are attached directly to a browser while others work independently as apps across online and offline devices.

Depending on the type of password manager being used, the user will need to download the password management software across all devices where it will be used. From here, they will need to create a master password or phrase that will allow the user full access to everything contained within the password management software.

This master password is the figurative “key to the kingdom,” and will need to be closely protected, secure, and updated often to offset risk. 

Once the password manager is securely installed and set up, the user will be able to either import old credentials into the software or create new ones to get started. The user can usually choose to enable autofill features and notifications related to the password manager. 

Long-term use of a password manager may also include regular prompts to update credentials as required by security best practices.

What are the Risks of Using a Password Manager?

As with any new technology intended to protect our information, password managers have become a ready target for hackers and criminals. Threats span from the physical protection of devices to the digital security of third party password management companies.

There are several concerns when it comes to the use of a password manager, including:

  • The physical device security. If all of your credentials are stored on one centralized device then all it takes is someone you trust or someone who has found a way to gain access to your device lock code to also gain access to every account that can be accessed through the stolen device. In addition to this risk, it is also possible for a hacker to load keylogging software onto devices with the intention of using this to gather passwords for a variety of accounts. Keeping devices locked up when not in use is extremely important.

  • Poor password "hygiene." Reusing passwords, not updating passwords, and not tracking data breaches are all examples of poor password hygiene. Best practices are always changing based on the capabilities of password management software. However, it is important to follow the guidelines provided by both the industry and the software providers to stay as secure as possible.

  • Data breaches that expose passwords. Hackers are always looking for new ways to gain access to sensitive information. They can expose credentials in larger scale attacks through widespread data breaches or target passwords specifically based on what they want to access (like baking or shopping accounts). Sign up to services that monitor for data breaches and make sure to update credentials often.

There are new security risks and challenges coming to light every day. The more advanced password manager security gets, the more advanced we can expect hackers to get. Choosing a password manager provider should always include an audit of their current security features and their ability to respond to new threats as they come.

How to Choose the Best Password Manager for Your Needs

When choosing a password manager, it’s important to understand what you’ll be using it for. Different uses require different levels of security. For example, a password manager for use at a high-risk job will require a more robust system of checks and balances than one you may want to use to open new e-commerce accounts.

Before choosing which password manager to use, consider the following:

  • Security - Obviously, a large part of why anyone gets a password manager in the first place is to improve personal security and privacy. It makes sense to make the security of the product the number one selling point when choosing password management software. Take the time to look at the types of encryption being used (military grade is usually good), the level of security and privacy compliance the company has reached (SOC 2, etc.), what third parties the company contracts with, and how they claim to actually protect the data being stored in their systems. If the password management provider does work with third parties, check out their security and privacy protection. Much of this information can be found within the privacy policy.

  • Features - Password managers offer a wide range of features from family password sharing to two-factor authentication (2FA). The level of security necessary and the purpose of the password manager determine what features are needed. Security features such as encryption and 2FA should be a given. However, it is a good idea to consider additional security features over those that are more focused on convenience and ease of use. A password manager without end-to-end encryption isn’t a good idea, regardless of how sleek the interface is or how easy it is to use.

  • Reviews - Looking up past user experiences can give you a good idea of what to expect from a password manager provider. Not only can this give you insight into customer service issues, but it can also give you a heads up about previous security breaches and how they were resolved. Look for patterns of negative reviews and disregard any one word or noticeably fake feedback. It’s also a good idea to check reviews from more than one site to test for consistency.

  • Customer Support - When looking through reviews, note any customer support complaints. Looking for a pattern of complaints around how customer issues are handled can be a red flag when choosing a reliable password manager. Bad customer service can offset many other advantages as it may impact how well the company responds in the event of a security breach.

  • Risk Responsiveness - Password management companies are a target for hackers and cybercriminals. Because of this, every one of them should have a plan for how they respond to security breaches. Make sure to research password managers to see if they have had prior data breaches, and how they responded to these. Any company that delayed telling customers about the breach or who did not make significant security changes after it occurred is not a good option.

TL:DR - Guide Cliff Notes

In summary, password managers are a necessity for anyone who wants to securely navigate the internet. However,  the type of password manager should be determined by security needs and functionality required by the user. In addition to these considerations, users should also scope out features, customer service capabilities, data breach response protocols, and past reviews prior to choosing the option that works best for them.

Stay in the Know with Cloaked!

Click here to sign up for Cloaked and get all the benefits of a password manager plus our additional features!

Protect yourself from future breaches

View all
Privacy Info
November 4, 2024

Mastering Personal Information Management: Securing Your Digital Life

Mastering Personal Information Management: Securing Your Digital Life

by
Abhijay Bhatnagar
Privacy Info
November 4, 2024

Mastering Personal Information Management: Securing Your Digital Life

Mastering Personal Information Management: Securing Your Digital Life

by
Abhijay Bhatnagar
Privacy Info
October 29, 2024

Unveiling the Productivity Impact of Spam

Unveiling the Productivity Impact of Spam

by
Arjun Bhatnagar
Privacy Info
October 29, 2024

Unveiling the Productivity Impact of Spam

Unveiling the Productivity Impact of Spam

by
Arjun Bhatnagar
Privacy Info
October 18, 2024

Embracing Decentralized Privacy: The Shift from Centralized Services

Embracing Decentralized Privacy: The Shift from Centralized Services

by
Pulkit Gupta
Privacy Info
October 18, 2024

Embracing Decentralized Privacy: The Shift from Centralized Services

Embracing Decentralized Privacy: The Shift from Centralized Services

by
Pulkit Gupta