Thanks to a continuous barrage of high-profile computer security scares and reports of cloud-scale government snooping, more of us Internet users are wising up about the security of our information. One of the smarter moves we can make to protect ourselves is to use a password manager. It's one of the easiest too.
A password manager won't shield you against Heartbleed or the NSA, but it's an excellent first step in securing your identity, helping you increase the strength of the passwords that protect your online accounts because it will remember those passwords for you. A password manager will even randomly generate strong passwords, without requiring you to memorize or write down these random strings of characters. These strong passwords help shield against traditional password attacks such as dictionary, rainbow tables, or brute-force attacks.
Many password managers allow you to automatically populate your password vault by capturing your Web logins using a browser plug-in and allowing you to store these credentials. Other options for populating your password database include importing an Excel spreadsheet or manually entering your login information. Further, using these stored credentials is typically automated using a browser plug-in, which recognizes the website's username and password fields, then populates these fields with the appropriate login information.
Although several browsers offer similar functionality out of the box, many password managers offer several benefits over the built-in browser functionality -- including encryption, cross-platform and cross-browser synchronization, mobile device support, secure sharing of credentials, and support for multifactor authentication. In some cases, usernames and passwords must be copied from the password manager into the browser, reducing the ease of use but increasing the level of security by requiring entry of the master password before accessing stored login information.
Some password managers store your credentials locally, others rely on cloud services for storage and synchronization, and still others take a hybrid approach. Some of the options using local storage (such as KeePass and 1Password) still support synchronization through Dropbox or other storage services. Deciding which password manager is best for you will come down to features and ease of use, as well as to whether you're comfortable storing your passwords on the Internet.
If having your critical data stored in a cloud service worries you, then KeePass, 1Password, or SplashID Safe (sans SplashID's cloud service) offer the top options. If you trust cloud-based services with your passwords and believe they will protect your data using good security practices and encryption, then LastPass, Dashlane, or PasswordBox are your best bets.
In my judgment, KeePass is the best of the options using local storage. The fact that it's open source, free, and complemented by countless plug-ins adds up to a very flexible option. With the right combination of plug-ins, KeePass can be made to do almost anything you could require of a password manager. My favorite cloud option is LastPass, primarily due to its low cost and the consistent implementation of features across all of the clients. Each LastPass client I tested was easy to work with, stable, and remarkably uniform from a usability perspective. Additionally, the fact that a LastPass Premium account is all of $1 per month makes it an extremely compelling option.
Sign up for CIO Asia eNewsletters.