5 things to consider before buying a password manager
When looking for a password manager, there are key elements you need to consider. We outline the top five factors to bear in mind
Keeping track of multiple passwords via the best password managers can help you to organise all of your accounts, generate new passwords quickly and easily, and keep all of your important data and information secure.
Password managers form a key part of maintaining online security, allowing you to create unique passwords for all accounts, and enabling you to minimise the damage that any compromised account might do.
With many password managers competing for personal and business customers, it can be hard to know which one is right for your needs. Below, we've highlighted five features that you need to consider when picking a password manager.
1. Where are your passwords stored?
One of the most important things to consider when choosing a password manager is where your passwords and other encrypted data will be stored. Generally speaking, there are two places data can be stored—on your device or in the cloud.
Having your passwords on your device can be appealing. You’re in control of your own data, and your passwords can’t be compromised when there is a hack at a data centre that is potentially thousands of miles away. You also don’t have to worry about de-encrypting your passwords over a public Wi-Fi network when you’re away from home.
However, local storage has some drawbacks. Without a cloud connection, it can be hard to sync your passwords across devices. Some password managers, like mSecure and Sticky Password, get around this by enabling you to sync using your home Wi-Fi network.
The other problem is that if your device is stolen, your passwords are stolen with it. The thief won’t be able to de-encrypt your data without your master password. But unless you have a backup, all of your passwords will be gone. With a cloud-based password manager, you can always recover your passwords from any device.
2. Is the password manager zero-knowledge?
If you opt for a cloud-based password manager, it’s important to consider whether or not your provider actually has access to your password. Many popular password managers, including LastPass, Dashlane, and Keeper, operate using zero-knowledge encryption.
Under this security architecture, your passwords are encrypted on your device before being transmitted over the internet to your provider’s servers. The encryption key—your master password—is never hosted on the servers. As a result, even if your provider’s servers are breached, the hackers can only get their hands on encrypted versions of your passwords.
The problem with zero-knowledge encryption is that it creates problems in other areas. Password sharing is often impossible if zero-knowledge encryption is used, since you would necessarily need to transmit your encryption key to whomever you share your password with. Automatic password updating is also impossible within a zero-knowledge architecture.
3. Does it offer 2FA?
Password manager providers generally put a lot of work into keeping their servers secure. But how secure is your own computer? The most likely way for a bad actor to get their hands on your passwords is to go through the client-side interface on your device, such as by using malware that logs your keystrokes.
The easiest way to defend against this is with 2FA (two-factor authentication). With two-factor authentication enabled, a hacker might have your master password—but unless they also have your smartphone in hand, they still won’t be able to break into your password manager. Plus, the text you receive about a login attempt serves as an alert that someone is trying to break into your account.
Relatedly, it’s a good idea to look for a password manager that has an auto-lockout timer. This requires you to re-enter your master password (and go through 2FA again) after you step away from the software for a few minutes.
4. Can you share your passwords?
Password sharing is tricky from a security standpoint because it potentially exposes your encryption key. However, if you work in a team—for example, if you’re using a password manager at work—then the ability to share passwords easily can be a key feature to look for. Some password managers enhance security by enabling you to send your encryption key separately from your encrypted password, preferably through a secure messenger.
Business users may also want to consider whether a password manager offers user access management features. Some business password managers like Dashlane enable administrators to set up user groups and assign user permissions for different passwords.
5. Is it compatible with your devices and browser?
Ideally, a password manager will work across all your devices. Most popular password managers support Windows and Mac computers as well as Android and iOS mobile devices. If you have any Linux devices to connect, make sure that your password manager supports this operating system.
It’s also worth considering whether there are browser extensions available. These are particularly helpful since extensions enable you to autofill login information as you access different sites. In that case, all you need is your single master password to log into all your online accounts.
Note that not all password managers offer support for all browsers. Some only have Chrome and Firefox extensions, while others, such as Bitwarden, support less common browsers like Opera and Tor. If you’re using password management software in a team, keep in mind that different individuals may use different web browsers.
Any well-built password manager will keep your account safe. But your password manager also has to be convenient enough for you to want to use it rather than go back to using a single password for everything. With these five tips, you can ensure that you’re choosing the best password manager for your needs.
Further reading on password managers
Take a look at our other guides to the best free password managers and the best password managers for business. It's also worth looking at our top five things to consider before buying a password manager. We also look at whether open-source password managers are safe to use, whether password managers are safe, and how you can test password strength via a series of free tools.
2022 State of the multi-cloud report
What are the biggest multi-cloud motivations for decision-makers, and what are the leading challengesFree Download
The Total Economic Impact™ of IBM robotic process automation
Cost savings and business benefits enabled by robotic process automationFree Download
Multi-cloud data integration for data leaders
A holistic data-fabric approach to multi-cloud integrationFree Download
MLOps and trustworthy AI for data leaders
A data fabric approach to MLOps and trustworthy AIFree Download