top of page

Passwords Managers

a password manager icon, use colors of the blue, white and light purple spectrum.jpg

Introduction

In this page we are going to talk about Password Managers as a tool to increase your cyber security and protect your data from third parties.
Every day you access tens of different services and websites and on each of them you carry a portion of your identity.


In order to protect it from criminals and data breaches you have to create a different password for every application, the password has also to be complex and secure.
All this work can easily scare people away from implementing the right protections, here is where password’s managers come in aid.


These tools are purposely made to store all the user’s credentials, passwords and doing the authentication at our place. You have a single app with all your passwords, that will create secure ones, store and use them.
The days when you had to remember all the passphrases are ended, you will only need to remember 1, the password’s manager vault key.

 

List of contents:

​

​

​

Are They Safe to Use?
Before reaching my suggestions section I want to take a moment to answer a common question: but if I store all my passwords together isn’t it riskier?
The quick answer is not really, as soon as you follow some good practices and you carefully chose the right application.


The reason is also quite simple, a “well made” password manager has purposely been created and is maintained with security in mind:

​

  • All the secrets in your vault are encrypted with a strong cypher, this means that even if the server gets hacked they won’t be able to access your personal data;

  • You can enable multi factor authentication and combine it with a strong unique password to protect the access;

  • The application undergoes a constant scrutiny and external audits/penetration tests to guarantee it’s all around safety;

  • The app is correctly maintained, problem are fixed, new solutions and protections are constantly applied to protect the users and the data centres.

  • There are even options that let’s you save your vault fully on your local machine, so you have 100% of control of your data.


 


What to Look For

Now let’s say I have convinced you to upgrade your digital security, how can you choose the right application without falling in some common traps?


Here is a list of things to pay attention at:

​

  1. Don’t choose unknown services, check the brand’s reputation, are they known or is it a sketchy app?
     

  2. Is it open source and audited? This means that the code is public and everyone can check if the app is doing something in the shadow, also an external audit provide a kind of certified accountability (check who did the audit as well).
     

  3. Check where the data is stored, is it on the cloud? In which nation are the servers? Or is it on your local device?
     

  4. Read the privacy policy, I know this is something that usually nobody does, but is here that the company have to say which of your data are collected, and how it handles them.
     

  5. Does it support a safe 2 factor authentication like hardware keys or at least authenticator apps and recovery methods?  The last thing you want is losing the access to your vault.
     

  6. Portability and Functionalities: be sure to chose an application that lets you import/export credentials and that have all the functionalities that you need for your workflow.

 


For advanced users there are other things you can give a look at as:

  • What encryption algorithm is the app using to protect your data at rest, which one is it using to handle the transmission of the data.

  • Which filed are encrypted, sometimes not all of them are.

  • How is your master key being protected, the hashing algorithm used, do they apply good practices as salting? How is it implemented?

  • Is it possible to save only passwords or also other types of secrets?


Bonus:
Passkeys support: it is still a technology on the rise, so keep a look at it if you are interested in using it, different services may have already implemented it or are going to in the future. The advantage of this functionality built-in a password manager is the ability to make the passkey “portable” and being safe in the situation you lose access to the main device.

​

​

​

My Recommendations

With all the information above everyone should be able to vet the market’s offers and chose what are the best options for their needs, but I have decided to share my top picks to simplify your work.


The following are some of my personal preferences, some I have personally tested and that in my opinion best comply with the guidelines I have shared.

Best Overall Option: Bitwarden
Is one of the most known and downloaded password managers, the app is free and open source and available for every system and as a browser extension.
It is community driven and has been audited multiple times, supports high standards of encryption and security measures.
It also offers multiple functionalities other than storing logins, encrypted notes, credit cards and identity data, the chance to create different folders, display image icons, generate passwords and more.
As it is a community driven project most of the functionalities are available for free, but if you want to choose the pro plan at 10$ at year (at the moment of writing) you will be able also to share data with other users and use it as an authenticator app.
Another key thing is that all the data is also available offline and will get then automatically uploaded and sync across your devices when you are connected to the internet.
Bonus: you have the chance to choose to save your vault either on US or EU servers.
 


Best On-Device: KeepassXC
It is another free and open source application, the difference from the others is that it stores all the data directly on your device, so no data will be transmitted on the internet.
There is also the possibility to access synchronization by using a third-party cloud service after you have encrypted your vault.
The app is currently available on Windows, Linux ad MacOS, the mobile version is under development and they said it will be available in the future.
It offers the main functionalities as storing passwords, creating folders, choosing different icons, passwords generation and password check.
The only downside here is that, since it is on your device, you will have to take care in first hand of the backups, and synchronization.
I also have to say that it does not have the most user-friendly interface.
 


Great NON-Free Option: 1Password
Another commonly suggested password manager if you don’t mind paying for it.
Unfortunately this app is only available with a subscription plan that starts at 2.99$/month (at time of writing).
It offers many functionalities as the apps listed above, the main difference is that is has multiple different versions ranging from personal to business use.
It is available for all the devices mobiles and desktop and as an extension for the main browsers.
Offers a nice and easy graphical interface.
The code is not open source but they have bug bounties programs and independent audits.
 


Honourable Mentions:
Proton Pass: it is a passwords manager from the Proton company, the app is free and open source but to access multiple features, creation of multiple folders, authenticator, and offline access you have to chose the pro plan starting at 1.99$/month (at time of writing).
One of the best thing is the super easy and modern interface and is available on all the systems.
Another key point is that all fields are encrypted E2E and the date and company are based in Switzerland that has a good history for privacy regulations.
Even though the app is new (about 1 year), it is already been audited and employs high standards of security measures.
The only “downside” is that is a new player in the market and many functionalities are still being rolled out.
Bonus: if you have an android 14+ device it supports passkeys.

Another application that seems rising in popularity is Nord Pass, from the Nord VPN company.
They offer a free version with very limited functionalities and than a subscription starting from 1.79$/month (at time of writing).
The app has been audited but unfortunately the code is proprietary so we can’t actually see the source code and we have only to trust the company about the implementations and the different security measures being used.

 

​


What To Do After
Once you have decided the application to use as your companion you will need to enable the autofill and the password suggestion option if you want it to automatically complete and save new login credentials while you navigate.


On mobile devices you might need to allow the permission also in the accessibility settings depending on which OS version you are using.


If you are on mobile or you have face/fingerprint reader on your desktop you can also enable them to quickly access your vault without the need to insert the password every time.


Now you can finally create and use unique, long and complex passwords for every service you want to access, staying safe without the need to remember all the passwords.
 

​

​

Warning/Side Note

Another commonly downloaded password manager is LastPass, if you have it or you plan to use it I highly suggest to view this sources before taking the risk, considering the multiple breaches and some “shady” behaviours.

​

​

Conclusuion

Thanks for following along, I hope you will take this little step to enhance your cyber security, I encourage everyone to not only follow online recommendations but also do your own researches for every software you use.

Next steps: Authenticator App for 2FA

 

Safe?
wtlf
reccom
wtd after
warning
conclusion
bottom of page