The Best Password Managers and Security Tips: How to Solve Your Login Problems

You’ve probably heard of password managers. This may sound complicated, but setting up your password investment does not have to be painful. These services remember all your passwords and can generate secure new ones. If you go to a login page in a web browser and even in many applications, the driver will automatically fill in what you need to access your account. Some even comb the internet to warn you if any of your information appears in a security breach.

An important change to one of the most popular drivers, LastPass, is why I have passwords on my brain again. On March 16, LastPass Free users will have to upgrade to the service’s premium plan – typically $ 36 per year, but currently offered $ 27 per year – if they want to continue syncing passwords on their devices. Although I’m a fan of LastPass, the free plan is no longer a good choice.

The best password managers work on as many platforms as possible, so we recommend independent services over the password savers built into browsers and operating systems. I tested the most popular, looking for high security, broad options and ease of use. This is what I found:

• Easiest to use:1Password ($ 35.88 per year for individuals, $ 59.88 for families up to five) has a user-friendly design and several layers of security are baked in for a good price. 1Password does not have a free level – security is something we believe is worth paying for. “Free software almost always involves compromises,” a 1Password spokesman said. “We can focus our efforts on developing new ways to defend your data instead of collecting or exploiting it.”

Like other password managers, you can organize passwords into different collections: one for personal accounts, one for work, one for shared family logins. Travel mode is unique to the service – it’s for people who need to hide sensitive information when traveling to countries where they’re afraid their cell phone will be searched.

Dashlane ($ 59.99 per year for individuals, $ 89.99 for families up to five) is also easy to use, and is a good choice if you are interested in additional features such as a built-in VPN (also known as virtual private network) to access the Internet more securely, and a dark internet monitoring service for hackers who may have your own.

I finally opted for 1Password because of the price. (I also thought Dashlane’s Mac Safari browser extension, now in beta, was buggy. A Dashlane spokesman said the team was working on a solution.)

• Best service with emergency access: This is a tie between Dashlane and LastPass Premium ($ 36 per year for individuals, $ 48 for families up to six). Both give you reliable contact access to your safe if you are dead or disabled. Features like these are important because our lives are so trapped in our digital accounts, as my colleague Joanna recently discussed. If something happens to you, your delegate can request access to your safe. You can set a specified delay period between three hours and 30 days, during which you can deny access if you can.

LastPass Premium is not as sleek as Dashlane, but it is a very capable password manager, also with dark web monitoring, plus a gigabyte of encrypted file storage (and a good Safari browser extension). If you use Safari and do not need the VPN, go with LastPass.

1Password considers this type of emergency access a security threat. In a forum post, an employee of the company explained that a domestic abuser, in order to get into a password safe, could hold a victim against his or her will. He suggests that you keep a copy of your secret key code and your master password in a safe or at your lawyer’s.

• Best free option:Bitwarden has a complete free plan for individuals and dual businesses that synchronizes an unlimited number of passwords on different devices. The service has many key principles: end-to-end encryption, secure password generator, two-factor login and applications for every desktop platform, browser and mobile operating system, plus internet access.

A premium membership ($ 10 per year for individuals, $ 40 for families up to six years) is required for bells and whistles, such as a password report and enhanced login protection.

“We are a profitable company, but we find it completely harmonious and compatible to offer a basic manager for free,” said Michael Crandell, CEO of Bitwarden. Many users who start with the free plan eventually decide to upgrade, he added.

After selecting a password manager, you can manually add all your old passwords. If you store passwords in the Chrome browser on your computer, you can export them and then import them into your new password manager. (Apple does not have a similar password output option.) If you switch from one password manager to another, password output is usually an option as well.

Password managers will enhance your digital life. Whether you get one or not, there are four simple password protection rules you need to know.

Rule # 1 – Do not rely on passwords alone.

Where possible, use two-factor authentication, also known as 2FA. This requires additional code or validation to be sent to another device.

In general, it is better to turn on 2FA than not to have it at all. But if you have the choice, use an app processor (I like Authy) over a plain text message. It works if you have no cell phone reception and is not susceptible to SIM hijacking – where a hacker, who is targeting someone with a valuable account, is harming the person’s phone number against the wireless service provider. You can call your service provider and add a password to your wireless account for added security.

Rule # 2 – create long passwords.

The term “password” must be revoked. The new heat is password phrase. “Password length is a more important factor than complexity because it’s harder to decrypt a longer password,” said Jameeka Green Aaron, chief information security officer at Auth0.

The password phrase “Raccoon Doorknob Spacecraft”, for example, will take centuries to break, according to Bitwarden’s free password strength testing tool. Meanwhile, a 12-character string, with uppercase and lowercase letters, symbols and numbers, can take just three years to crack an attacker, according to the controller. With most password managers, you can set the length of automatically generated passwords.

Rule # 3 – Make it unique.

Whatever you do, do not reuse passwords. This is the most common way accounts are hacked, Aaron said. If hackers discover your password in one place, try it in other places. This is where password managers come in. Use it to create strong unique passwords and save them for all your accounts.

Rule # 4 – Keep a backup plan for your backup plan.

The key to your password manager is a master password, along with a device to verify your login. A good password manager does not know what your master password is – and can not help you recover your account.

So to be a good password parent, you have to think of the worst case scenario: what if you lose the device to which your two-factor verification codes are sent? What if you forget your master password?

Authy syncs verification codes on different devices (for example your phone and your iPad), which helps if you lose one. Setting up a physical security key, such as YubiKey, as an additional verifier is another protective measure. As for remembering your master password: the best solution is low technology: write it on a piece of paper and store it with the rest of your most important documents. It is safer in the physical world than in the digital world.

For more WSJ technology analyzes, reviews, advice and headlines, sign up for your weekly newsletter.

Write to Nicole Nguyen by [email protected]