Password managers for the harried

I’d add SplashID to this list. It offers a lifetime license rather than a subscription, it’s remarkably easy to read, and I’ve found it to be very reliable.

It’s important not only to record your passwords but also to make sure they’re secure. Use https://ww.security.org/how-secure-is-my-password/ to check the password you intend to use to see if it’ll provide protection against hackers.

Finally, pay attention to the warnings you receive from your browser (if you use Chrome or Safari anyway). Those browsers will warn you if one or more of your current passwords has already been hacked. They’ll also remind you to change passwords if you’ve inadvertently used the same password for more than one website.

I don’t like using passwords suggested by the browser as I use multiple browsers and multiple machines. I prefer to use a string of randomly capitalized words interspersed with a few numbers and symbols. Makes it easier to move my eyes from my password manager to the place where I’m typing the password into the secured website.

https://mashable.com/article/password-manager/

I’m my wife’s password manager, and it has to stop

BY LINDSEY DANIS JAN 01, 2021

My wife’s memory is so terrible, I’ve become her memory-keeper, faithfully logging her favorite burgers on my iPhone and remembering every variation of her usual password. “The usual” (not her actual password) has been my wife’s password for at least 10 years, although there’s now a second “usual” for the accounts we share, plus a handful of variations to reflect password requirements like capitalization, numbers, or special characters. 

According to LastPass’s Psychology of Passwords report, 44 percent of survey respondents recycle identical or similar passwords across sites despite knowing this is unsafe. And 53 percent of survey respondents said they haven’t changed a password in 12 months despite hearing of a data breach. 

But relying on a master password with variations to meet specifications isn’t just lazy, it’s unsafe. The Verizon Business 2020 Data Breach Investigations Report indicates that 37 percent of data breaches involve credential theft of weak credentials (aka, crap passwords easily guessed by hackers). A full 80 percent of web app breaches involve stolen credentials — a worrying trend given the uptick in web apps among WFH life. 

While there’s no harm in logging my wife’s preferred burger toppings, I know I’m doing her no favors by cataloging her passwords. The problem isn’t so much ill intent, although 41 percent of Americans do commit “financial infidelity” on a partner, reports the National Endowment for Financial Education. Instead, it’s access control: If something were to happen to me (say in 2021 I do get to go to that Greek island writing retreat where there’s no WiFi, and I’m not available to help my wife get into an account), she’d need to guess, and we all know how that goes. Then she’d reset the password to something she’d easily remember — which would be a password that’s easily hacked.  

I’ve shifted toward using Safari’s built-in password manager to generate and autofill strong passwords for me, skirting the issue. Since I use only Apple products and work for myself, my passwords autofill across all my devices. But my wife has personal and work computers, and can’t have access control tethered to a specific device, platform, or browser. 

Before a data breach turns into something way worse, like identity theft, we should probably use a password manager. However 2021 plays out, I want to avoid preventable missteps and control the things I can. With a password manager, I’ll only need to remember one password for my wife. 

While price is important, ease of use is my main criteria.

While price is important, ease of use is my main criteria. For a password manager to work in our multi-device, cross-platform, memory-challenged lives, it needs to be simple to set up. Seems like a low bar but, tbh, it isn’t. 

Here are the top three I’m considering.

Dashlane 

Dashlane first caught my eye because its free plan allows you to store up to 50 passwords across one device and share up to five passwords with other Dashlane users. Shared passwords are encrypted using both a unique public key, which is associated with each user’s account and used when sharing, and a private key, known only to the user.

Paid plans for individuals and families cost $59.99 and $89.99 per year respectively. Both paid plans include unlimited passwords, devices, and a free VPN, which is nice to have for the rare instances I’m on public WiFi. Family plans give you up to five private accounts and a centralized family dashboard. A Site Breach Alerts feature lets you know if your personal information is compromised. 

I actually tried Dashlane in 2019 when I tested out a virtual assistant, basically, outsourced admin help for self-employed folks like me. I got the password manager set up in minutes. My virtual assistant? Not so much. She spent a billable hour trying and failing to get her Dashlane account to work, at which point I actually troubleshot the app on her behalf via chatbot. When the virtual assistant still couldn’t activate her account to use my shared passwords, I gave up: on her, on hiring a virtual assistant, and on Dashlane. 

Was she bad at her job or does Dashlane suck at sharing passwords? There’s no way for me to know unless I try it again, and I might: I liked its features, found it easy to use, and there’s literally no cost to test out the free plan. The family account is appealing, and it seems a good choice for entrepreneurs who need to share a handful of passwords with freelancers or contractors. But if I ran into similar problems, I’d move on to another app. 

LastPass

While LastPass’s free plan comes highly recommended by PCMag, it doesn’t accommodate password sharing. Paid plans begin at $36 per year for an individual or $48 for a family plan (and there are scalable business plans, too). While its paid plans are cheaper than Dashlane’s, LastPass has had some pretty blatant security flaws, most notably in 2019, when Google Project Zero found a bug that allowed hackers to see users’ credentials. Yikes.

When I dug into LastPass to evaluate my options, I got confused. Could I share passwords with an individual plan or would I need a family plan? It wasn’t clear, and that suggested usability problems that ultimately killed this one for me. If I couldn’t understand their front-facing marketing pages — copy designed to get me to opt in — how could I explain the service to my wife, never mind play tech support if we forgot the master password? Not very well, other users have found. 

SEE ALSO: All the privacy apps you should have downloaded in 202000:00 of 00:59Volume 0%00:0000:59More VideosWhat you need to know about the COVID-19 vaccineCristina Mittermeier’s Instagram chronicles a natural world on the brink. But she’s got a plan to help save it.How Keyboard Cat hit the viral jackpotHow influencers are ruining OnlyFans for sex workersStacey Abrams on how American democracy hinges on the right to voteiPhone 12 and iPhone 12 Pro reviewClose

LastPass seems like an easy solution for individuals who want a set-it-and-forget-it password solution, so long as they remember their master password. But the decidedly poor UX tells me my money’s better spent elsewhere. 

1Password

1Password seems refreshingly simple. There’s a two-week free trial, after which time the password manager costs $3.99 per user per month ($47.88 per year) or $4.99 per month ($59.88 per year) for the family plan, which covers five users and includes 1GB of secure document storage. 1Password relies on both a master password and a secret key, which gives it a slight edge against unauthorized access. 

More so than Dashlane, 1Password seems family-friendly: There’s group password sharing for safe online access with personal vaults for times when information needs to stay private. With the option to create guest accounts for sharing smart home passwords or WiFi, 1Password also seems like a top pick for short-term rental hosts. While LastPass and Dashlane let you share individual logins, 1Password operates on vault sharing. That’s ideal for a home-sharing host who wants guests to have access to a set of passwords, but unfun for the user who primarily shares access one site at a time with independent contractors. 

Like Dashlane, 1Password seems to be oriented toward users who may not be tech savvy, but who understand the risks of poor password management and want to stay safe. My memory-challenged wife is a perfect user persona! Users can install across multiple platforms and devices, making it a compelling solution for our cross-platform, multi-device family. There’s even a Travel Mode that deletes sensitive data before you cross borders, then lets you restore once you’re settled, protecting your data from prying border officials. And at under $60, it’s appealingly affordable. The biggest drawback: Unlike with the other password managers, if you forget your password, there’s no way to reset it. 

Password managers aren’t perfect, but ultimately they’re the best solution to both faulty memories and access control headaches caused by weak credentials. I can’t expect companies to adequately protect my private data — since 2005, over 10 billion records have been exposed, and companies don’t always notify consumers — but I can avoid preventable missteps and control the variables in my power. 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.