Archive

Best practices for password security

If you’re vigilant about online security, you no doubt have a different and complicated password for every account you use. All you need to do is be vigilant and remember these passwords or file them away in a document. Weak passwords will not withstand hackers’ security attacks.

Strong passwords are a defence against hackers who want access to your accounts at any cost. It’s worth the effort and time invested in finding the right password. Take password security seriously. Protect your website and customer data from theft. Hackers are everywhere and are constantly looking for your vulnerabilities.

What mistakes should you avoid when choosing a password?

– Consecutive keyboard combinations, e.g. “zxcvb” or “qwerty

– First name, surname or name of spouse or children

– Do not use personal information such as your birthday or age.

– Never reuse old passwords, use passwords only once.

– Avoid using the same password for every account you have.

– Don’t let anyone watch you enter your password. Never save or share passwords.

– Always log out of your account if you leave your computer around or are on a public network.

These are all useful pointers to keep you away from hackers, which very often lead to even worse turns of events, such as identity theft or data loss.

Here are best security practices for passwords:

Use different passwords for different accounts, so if one is compromised, the others won’t be. Never use the same password for more than one account.

Try using passphrases with words that don’t normally fit, but are familiar to you, instead of passwords with long forgettable characters. Words that are easier to remember are less likely to be broken. Also, change non-alphabetic characters and capital letters to strengthen the passphrase. You can easily strengthen your password by replacing numbers with letters. We recommend using at least twelve lower case, interchangeable characters, upper case, symbols and numbers in your password. The more the better.

Always check the strength of your password. Most websites allow a password analyzer to tell you how strong or weak your password may be. Definitely pay attention to the analysis and change your password accordingly. Also, the length of your password has a significant influence, the longer it is the harder it is to crack.

Change passwords regularly, at least every 90 days.

Use two-factor authentication (2FA), also known as multi-factor authentication. This is a text-based or application-based authentication method to verify your identity before access.

And finally, invest in a password manager. Password managers use several forms of encryption to make sure your passwords are even harder to crack and allow you to just need to remember a password.

When it comes to password security, being proactive is the best protection.

The Best Password Manager in 2021?

Password manager are a secure way to keep track of all of your online account logins. Usernames, passwords and other critical info can all be safely stored in a password manager. When you don’t have to stress over remembering passwords it allows you to use a randomly generated password for each site and this improves your online security a ton! If a hacker were to compromise one of your accounts now they only have access to that one account.

They can’t go using the same password to log into all of your other accounts and that’s exactly what they do if you aren’t using randomly generated passwords for each site and a password manager is a great way to keep track of this Over the past few weeks, I’ve tried seven of the most common password managers. I’ll be letting you know which ones are worth your time, which one is the best free one and which one I personally use.

I’ve got timestamps for each password manager as well as links in the description below so you can skip around to a particular password manager if you’d like. First we’re kicking things off with Keeper. My experience with Keeper was overall positive once I got past the initial setup process but the process to get started is underwhelming at best. First, when you visit the Keeper site, you’re greeted with a busy site that in my opinion has confusing messaging. While there is a clear sign up free button, the pricing pages extremely convoluted.

First, you have to select personal from the dropdown then what are all these plans? What is the free version offering comparison? Is there even a free version or is it just a trial? And what is KeeperChat? Yes, by the way, they do offer a free version but you only get access on one mobile device. You can’t sync between devices and you can’t use the desktop app or web app. When you first set up Keeper you’re forced to add a security question. This is another thing I’m not a fan of as I find security questions weak, outdated and hard to remember.

I would have liked to see Keeper generate an emergency access key like most password managers do but they clearly wanted to stand out from the rest and handle account lockouts differently. Once you do get past the initial clutter and confusion, Keeper is a decent password manager. The autofill prompt in Chrome is kind of in a strange spot but it does work smoothly. The browser extension doesn’t have a mini version of the vault displayed and it forces you to open a new tab for you to access the web Vault which I’m not a fan of, but the vault is one of the most powerful ones of any password manager I tested.

You can view password history, add custom fields, upload files and enable software or hardware two-factor authentication. I especially enjoyed the Security Audit and BreachWatch functions of Keeper. These functions present useful information in a way that’s easy to digest and they can really help you improve your online security. This lets you discover reused and weak passwords as well as login and fill that was found in breach lists across the internet so you can change that login and fill as soon as possible. Keeper lets you add two-factor authentication codes for websites so you could actually generate codes for sites like Google and Facebook directly in Keeper Instead of using an outside app like Google Authenticator.

I’ll go ahead and say that this particular feature doesn’t excite me as I use and recommend Authy for two-factor authentication codes but it’s there if you want it. Overall, Keeper is a solid password manager if you liked the interface. Personally, I find that it’s too cluttered and confusing for my preferences but the functionality is totally there. This is one of the better password managers I tested and at $30 a year, I think it’s a good value for the price. Next, let’s look at the new kiddo on the block with the NordPass.

We’re beginning to see a trend to VPN companies expand into the password manager market and Nord VPN recently stepped up with NordPass. To sum up NordPass quickly, I’ve got high hopes for its future and see great potential but it’s just not there yet for me to recommend it to anyone. Priced at $36 a year, NordPass offers a clean, simple, refreshing UI but lacks stability and basic features. The autofill buttons sometimes doesn’t work and there’s no other way to who initiate the autofill function from the extension or with a keyboard shortcut.

There’s also no web version available, no password history, no hardware two-factor authentication options and no kill switch style emergency access. No password history in particular is a huge oversight to me. I’ve had times where I accidentally overwrite the password field in my password manager and being able to look up the password history and just revert back to the correct password saves a lot of time. Without this feature, you have to reset your password on that particular site, since you no longer have access to it which kind of defeats the point of a password manager.

I mean, it’s supposed to manage your passwords so it should keep track of every single revision ever to your password on a website. Most of my problems with NordPass are bugs that can be fixed or simple design oversights. I have to say that I really see potential for NordPass. The UI is so refreshing in comparison to cluttered complex password managers that exist today.

I can’t recommend it yet in its current state but I’m excited to see Nord improve on the feature set and make it a comparable option. NordPass does offer a free version but you can only be signed in on one device at a time and due to the lack of password history, I would stick to the next password manager for the best free option. And the best free password manager is LastPass! LastPass holds a special place in my heart because it was the first password manager I ever used.

I used LastPass before got acquired by LogMeIn back when a premium account was $12 a year. Since then LogMeIn acquired them and raise the price of premium to the fairly standard $36 a year price point but I got to say, you really don’t need premium to have a good experience with LastPass. You can store as many passwords as you want, sync between devices and use two-factor authentication all for free. Premium gets you advanced sharing options, hardware two-factor authentication, the kill switch style emergency access feature, priority support, auto filling for desktop applications and one gigabyte of files storage. LastPass is a fantastic password manager whether you go with the free version or premium, you just can’t go wrong. You’ll enjoy a simple UI on any device and it’s got all the features you would need in a password manager.

I would absolutely recommend LastPass as the best free password manager, but I must say that the experience has gone downhill slightly since LogMeIn acquired them. In fairness to LogMeIn, they have kept LastPass in decent shape. They could have completely ruined it but for the most part, they’ve just cleaned up the interface a bit and kept it fairly nice. The main frustration I have with LastPass was the glitches with the auto filler and just the general bugs and quirks that seem to be getting worse. I’ve zero complaints about the functionality but that may be just because I used it for years and got to know it inside and out.

Again, I don’t think you can go wrong with LastPass and I think it’s a solid option. If you’re curious about what I switched to and what my recommended paid option is, stay tuned. Next is a fun one that I wanted to try for a while and that’s Dashlane. Now Dashlane is expensive coming in at $60 a year but it’s intriguing, it offers a simplistic and clean interface, similar to NordPass and they also include a VPN in the subscription price. The password manager portion is honestly a joy to use the auto filler works smoothly on all devices, the design is simple and allows you to easily locate and update sites and most features you’d expect in a password manager are present. You can do both software and hardware two-factor authentication, access password history, share sites and utilize the kill switch style emergency access system.

Dashlane is missing some of the advanced features like custom fields, file uploads and support for generating two factor authentication codes for other websites within the app but for the average user who isn’t looking to do literally all the things I think the simple UI will make it an easy decision to use. Similar to Keeper, Dashlane offers a password health and identity dashboard area to keep you updated on what passwords you may want to update and any known compromises to address. If we just stopped right here Dashlane would be an instant success to me.

Some users wouldn’t like it because it’s not as complex as Keeper, Bitwarden or 1Password but it’s simple and it has the features that really matter in a password manager but we have to address the elephant in the room, the price tag. If you’re gonna pay $60 a year, $24 more than the going annual rate for the competitors it really has to have standout features and for Dashlane, that standout feature is the included VPN or is it? I’ve tested a lot of VPNs on my channel and I was highly disappointed with the Dashlane VPN. It’s buried in the menus of the app and there’s effectively no controls or settings at all. You can switch geographic locations between countries but you can’t select individual servers. Streaming didn’t work in my testing and the speeds were atrocious! I was maximum out at about 50 megabits per second down on my wired connection that gets 900 megabits per second down without a VPN.

Since Dashlane is primarily a password manager it got me thinking, I bet they outsource their VPN to a common VPN provider. I looked on the Dashlane website and learned that they outsourced to AnchorFree, the company behind Hotspot Shield. I’ve talked about Hotspot Shield in the past but I’ll cut to the chase. I do not like Hotspot Shield or recommend them at all. Now just to be clear, this isn’t exactly Hotspot Shield it’s simply a private label VPN powered by the parent company of Hotspot Shield but with all of that being said, it’s basically a junk VPN in my mind and also if my testing. So if you take the VPN out of the picture you’re basically paying $60 a year just for a password manager.

And while it’s a clean and simple password manager that I really enjoy using, is it worth $24 a year extra just for that? Maybe for some, but not for me personally. I’ve gotta be honest, if they offered a $36 a year plan without the VPN, I really think I would switch. Speaking of VPNs, this is a good time to talk about today’s sponsor, ExpressVPN. If you’re looking for a blazing fast VPN that supports streaming and will keep your data protected, this is the VPN for you. My favorite thing about ExpressVPN is that for the most part, you just forget you’re connected to it.

It hides in the background and allows you to go about your life with fast speeds while connected. They’re trusted server technology means that their servers run exclusively on RAM and physically can’t store information on them and they have a strict no logging policy. You can use the link in the description below to get three months free with an annual subscription. ExpressVPN is my personal favorite VPN and I’m thrilled that they’re supporting the channel. So thank you to ExpressVPN for the support and now let’s get back to the comparison.

All right, next, let’s take a look at Bitwarden. Now this one really interested me because when I was doing research on password managers to include, everyone just kind of threw Bitwarden on their list at the end like, oh use LastPass for this and one 1Password for this and then there’s always Bitwarden, you can try that if you want. So I wanted to know, is it any good? Bitwarden is unique because it’s open source so if you’re a coding geek, you’ll love looking at the source code on GitHub and learning exactly how it works or who knows? Maybe it’ll even modify it and make it your own. Bitwarden is free to use, or you can get the premium version for just $10 a year. Unfortunately, the experience with Bitwarden is just bad. The setup process was difficult, there was no import feature on the Mac app and it seemed like a pattern where some features were only available on the web app. The Chrome extension doesn’t automatically autofill or give you an icon to click to initiate autofill. You can enable automatic autofill via an experimental feature but if you have multiple accounts on a website there’s no drop down to control which login it fills.

The UI is overall confusing and the core features are not designed well. Now they do support password history and some more advanced features but all of that is useless when autofill on Chrome isn’t even a smooth experience. The great thing about Bitwarden is that most of the features are totally free so there’s no harm in trying it if you’re interested but I wouldn’t waste your time. You’ll have a much better experience with LastPass if you need a free password manager. Next, we’re taking a look at another option from a VPN company. RememBear is the password manager by TunnelBear and just like TunnelBear, it’s decked out with fancy marketing and bear animations everywhere. RememBear has a great setup process and fun marketing but the design is goofy. After I imported my sites, it kept asking me if I wanted to update my login info each time I’d sign into a site.

I contacted RememBear Support about this and they basically said “yeah, that can happen sometimes with data migration.” “Just tell it not to ask you again each time you log into a site and eventually you won’t get bugged after you’ve signed into each site and told it not to ask you again.” Things really go downhill when you learn that there’s no password history, no kill switch style emergency access, no permanent sharing between users and no two-factor authentication.

Wait a minute, you can add two factor authentication codes to be generated for other websites but RememBear itself doesn’t offer two-factor authentication? Now look, I don’t claim to be a security expert but the lack of 2FA doesn’t seem quite right. This is a password manager. It cannot be compromised by anyone or you’re in big trouble, perhaps it’s because you scan a QR code to add a new device on top of entering your master password but other password managers use the same method and still offered two factor authentication for extra security. The only good thing about RememBear is the marketing it’s clever and fun, but it won’t be fun when you accidentally overwrite your password and can’t look at your password history or a trusted individual needs to gain emergency access to your account and can’t do so.

I wouldn’t recommend RememBear to anyone and if you’re going for a simple experience I’d lean towards Dashlane even though it’s more expensive, at least you can do two factor authentication there and it’s cut the basic features that you absolutely need in a password manager. Finally, we’re getting to my personal favorite paid password manager and what I switched to from LastPass and that’s 1Password.

Listen, 1Password does all the things. There’s no free version but the paid version is at the standard $36 per year price point. Basically everything is customizable on 1Password. You can add custom fields, upload files, add 2FA codes to be generated for any site and even add custom sections with headings where custom fields can be organized within a site. Naturally, when you have a password manager that can do all the things, it can be a bit of a confusing UI and 1Password is definitely cluttered. I’ve never understood that password versus a login.

This is my number one biggest annoyance with 1Password you generate a password for a new site and it creates it as a password record. You then have to go in and convert it to a login and add a username before it’s truly a website in the vault. This concept just doesn’t make sense to me and it’s definitely not the best design. You can’t see reused and compromised passwords like in Keeper and Dashlane, but there’s no added glance overview like the competitors. I do really like that 1Password shows you websites in your vault that support two-factor authentication.

This is so helpful if you wanna go through and enable to have 2FA on as many sites as possible and I haven’t seen this feature in other password managers. Autofill does have its glitches but I experienced autofill glitches and quirks on every single password manager I tested. I think it’s inevitable with browser extensions and just something you come to expect. I like the 1Password approach of using the shortcut key to initiate the autofill sequence in your browser, instead of forcibly filling the info or putting an invasive icon to click, you see nothing but when you do Command + Backslash on a Mac keyboard, it fills the fields or brings up an account selection window and fills the fields when you select the appropriate account.

1Password is hands down the most powerful and flexible password manager I’ve ever used and while I wish the UI was just a little bit cleaner, you can’t beat it when it comes to features. I think it’s absolutely worth $35 a year and if you’re looking for the password manager to beat with the most features and flexibility, look no further than 1Password. I’ve been using 1Password for around eight months now and love it. So to summarize, if you need it free password manager, I highly recommend LastPass. If you want the cleanest and simplest interface and prices in the factor, give Dashlane and try. And finally, if you want the best overall password manager definitely give 1Password a try.