top of page

Why everyone and their momma needs THE RIGHT password manager, and which one to use

I will be quick in this post.


You need a password manager.


Yeah, yeah, the old adage anyone who works in the corporate and enterprise world has heard for years. But I cannot emphasize how critical this is for the society at large to learn about.


Given the recent cyber breaches of private equity owned Lastpass and the ensuing meltdown, it is critical to use the right solutions out there. At any given time, there are a few options everyone and their businesses can use.


But how would you, the average small business person or consumer exactly know which solution is the best for you or best overall given the fact that such a big brand as LastPass got completely owned for months in a row in a multistage cyber attack?


Well, that is what we are here for as your trusted local cybersecurity advisors.


Overwhelming number of choices


A simple google search shows just how many password managers there are. Wikipedia lists 27 as of this post, and G2 claims there are 32 password managers out there at this time. Time is the most previous and limited of resources to most busy professionals and people in general. Research and digging through articles and feature sets takes a long time and can be exhausting for some, we understand.


You are more than welcome to review and read the fine work of many bloggers and websites out there that do in-depth comparisons and recommendations among the bunch and pick one for yourself of course. But I would advise to read to the end of this article before spending that sort of time.


One to rule them all


That is why we have done the research for you and make a recommendation: Bitwarden.


But why?


Short and sweet:

  • Open-source solution: Bitwarden is open-source, it means their code is available for all to review and much more importantly to IMPROVE by those who can contribute to it, especially when it comes to security. Something that is nowhere nearly as transparently available when it comes to closed-source and commercial software such as LastPass or 1Password.

  • No breaches yet: Without trying to jinx it, in over 7 years of operations, Bitwarden has not yet been hacked or experienced any breaches, this probably speaks to their higher quality internal security practices and configurations and also goes back to the open-source nature of the solution that helps the public at large and other developers to spot weaknesses or shortcomings and act and communicate with the makers to offer fixes.

  • It's free! Yes, that's right, it is completely free for 2 users under personal use license. And the paid version costs cheaper than a whataburger meal per year and offers pretty solid features for what it unlocks at that price. Family version is cheaper than a single burger per month and covers up to 6 people, and the business editions are offered at $3 and $5 per user per month. You can see how the Bitwarden business editions compare.

  • Most secure MFA option when paid: With the paid version, you can use a YubiKey or FIDO2 hardware token to maximize access security of the account even if your credentials are stolen, smartphone and other devices hacked, and all seems lost. That is a key benefit in a world where there is no guarantee any online device can avoid being hacked.

  • Device and OS agnostic: Bitwarden is available on all major desktop and mobile operating systems and web browsers and integrates well with most devices. On both Android and iOS, you can set it to become your autofill provider and it works quite well per our testing in recognizing a majority if not virtually all of login fields and pages.


How a password manager improves your security


There are a few points to be said about this topic. Obviously, you can have long, complex, high entropy passwords for anything you use and enjoy strong encryption and MFA along with it. But interestingly enough, something that many people do not pay attention to is the fact that when you have autofill enabled, you likely will run into an anomaly of behavior from Bitwarden when you eventually end up clicking the wrong link on a phishing link and arrive at a lookalike login page designed to steal your credentials. It simply won't be tricked to autofill a phishing page that a human being can easily be tricked to login to with a look alike domain and page design. This will instantly raise a bit of a alarm for the users who pay attention to their routine on why it did not autofill and can help lower the chances of getting phished successfully for your credentials.


Add to these, the benefit of dark web breach monitoring that Bitwarden does for your credentials and notifies you if it finds your usernames in the piles of breached data out there on the dark web. Now it must be said, at the time of writing this article, this feature is not automate and you need to click things in your vault to initiate such scans. But, for this you can use other services such as have I been pwnd in the meantime. Better yet, combine that with breach monitoring as provided by some phone carriers, your credit cards, and even credit.com credit monitoring. You can simply never get enough of these helpful monitoring options and should layer as many of them as you find useful to you to protect your privacy and identity the best you can.


Remember, cybercriminals come in all sizes and shapes, with different specialties. There are large gangs, small gangs, solo operators and state-sponsored operations. However, as a whole, cybercriminals do not discriminate on how they operate, this is why we have the slogan we have. They target the rich, the poor, the young, children, the seniors, small business, and large business alike without any regard for damages and victimization. I recently heard from a friend who is an Uber driver and care hardly be considered a worthy target by the average person and conventional thinking who found a $500 line of credit opened in someone else's name on his credit report. Go figure. And think about volume, if the bad actor who did this can get a $500 line of credit on a daily basis, that is an easy cushy 6-figure income from fraud on a yearly basis, with a tested and tried rinse and repeat method relying on average people's negligence, laziness, or lack of knowledge on how to protect themselves and their loved ones.

6 views0 comments

コメント


bottom of page