A good password manager can help you stay safe online by enabling you to use a different, randomized password of sufficient length for each of your user accounts. According to a study by Dashlane (opens in new tab), the average internet user has over 150 online accounts, so a password manager is the only way that most people can hope to avoid reusing passwords.
There’s no shortage of great paid password managers out there, which may make you wonder which one is right for you. In this article, we’ll have a look at the five most important things to consider before buying a password manager.
1. Do I want my vault stored in the cloud or on my device?
Your password “vault” is where all your passwords are stored. There are two approaches to storing your vault: on-device or on a cloud server.
You might think that you would prefer on-device storage, and there are definite advantages of that. When your passwords are stored on your device, you don’t have to worry about data breaches affecting the provider’s cloud, nor whether your information is being transmitted and stored properly.
RoboForm is one of the few password managers that allows you to store your passwords on-device only, without any cloud intervention, while Sticky Password enables you to sync devices over local Wi-Fi.
On the other hand, if your device is lost or stolen, you’ll lose all your passwords too, with no way to recover them. It can also make it more difficult to sync passwords across devices or to move all your information to a new device.
With cloud storage, the reverse is true: your passwords can be easily recovered if you lose access to your device(s), but there are additional security concerns. Most password managers boast heavy-duty encryption in their cloud servers, and the best ones will encrypt your data on-device, before it’s even transmitted to their servers. Dashlane is one such password manager.
2. How important is zero-knowledge storage to me?
Zero-knowledge refers to policies and architecture that eliminate the possibility for a password manager to access your password. Remember, just because your data is encrypted on a providers’ server doesn’t mean that they can’t access it—only that they don’t.
This is why some password providers employ zero-knowledge architecture, which by virtue of design eliminates this possibility. Keeper is an example of a robust password manager that obeys this principle. “The plaintext version of the data is never available to Keeper Security employees nor any outside party,” explains their website. “In the unlikely event Keeper was hacked, the attackers could only possibly access the worthless ciphertext.”
However, the technology is not without its limitations. First, it’s incredibly difficult to build such architecture, which means that companies don’t always get it 100% right. More than one provider has admitted that they overlooked an unlikely but possible scenario in which their zero-knowledge policy could be compromised.
Second, it makes some of the most convenient features of password managers, like inheritance and automatic password updating, difficult or impossible to have. Keeper, for example, refused to implement inheritance until they could do so within a zero-knowledge framework, and nobody has yet to manage automatic password updating in this context.
3. What kind of recovery options do I want?
The main disadvantage of using a password manager is that if you forget your master password, your data may be irrecoverable. Different password managers have approached this in different ways.
LastPass, for example, allows you to generate a one-time password to access your vault and reset the password, though you’ll need access to the email address that you used to make your account. However, that convenience means looser security, as anybody with access to your email address can gain access to all your user accounts.
Alternatively, 1Password allows for account recovery by a team administrator (for businesses) or family organizer. These individuals need only start the recovery process from the admin dashboard, and an email will be sent to the user to reset their password. Dashlane has a similar recovery process.
For single users, however, it’s more complicated. If you have biometric access on a device, you may be OK, but oftentimes, losing a master password means starting over. You’ll need to check out what kind of recovery options each manager offers and which gives you the right balance of convenience and security for your situation.
4. What about device compatibility and browser plugins?
Device compatibility is another important factor when choosing a password manager. Not all managers are compatible with all devices.
This is especially important if you’re purchasing a device manager for a business setting, especially if multiple users will be using different devices and if you’re supporting remote workers and Bring Your Own Device practices. In this situation, you may need a Linux-compatible manager, like NordPass.
Also, make sure that whichever password manager you opt for includes a browser plugin for your preferred browser. Nowadays, this isn’t too much of a problem, as most password managers have a robust plugin for major browsers. If you use a less popular one like Opera, though, your choices will be more limited. If you’re purchasing for a multi-user business setting, take into account that team members may use different browsers.
5. Is this for my personal or business use?
Again, your decision may vary based on which setting you’re intending to use the password manager: personal or business.
If it’s for a business setting with multiple users, it’s essential to find software with good user management features, like user groups and secure password sharing. Dashlane and Keeper, for example, have robust multi-user features, including a centralized administrative dashboard for creating user groups, assigning permissions and passwords per group or role, and supporting unlimited devices.
IT managers will want to ensure secure practices among employees, which is something the right password manager can help with. Additional security features, like a strong password generator, password auditor, and dark web scanning, can all help keep enterprises safe. These features may cost more, but considering that 80% of hacker-related breache (opens in new tab)s (opens in new tab) result from poor employee password practices, they’re worth it.
The security of your user accounts and online information can be greatly improved by investing in a good password manager. No two services are alike, so be sure to do your research and consider these five important questions before making any decisions. All the password managers mentioned in this article have different features and are considered to be among the best on the market.
- We've featured the best password management software for business (opens in new tab).