What is a password manager?

This is a recommendation that you may have already heard, when talking about computer security with a loved one: “ You should use a password manager “. Rightly so, especially if you’re the type who has the annoying habit of always using the same password for all your online accounts. Because this tool can help you improve your security.

A manager is a safe where all saved passwords are located

If we had to choose an image that was easy to grasp, we would of course take the one of the safe. This is what a password manager is: software offering a dedicated space for your access codes. You are the only person who knows the combination to open this safe. Once you have taken the password you need, simply close it again.

Of course, the world of atoms is not that of bits: in digital, there is no steel to protect your data. No wall really exists: protection is achieved through mathematical processes which hide the contents. We call this the encryption. If this process is carried out well, then the information is secure and locked.

To open this digital safe, you need a special “key”. This is called the master password. It is this password which is very important and which must be memorized well. If you forget it, you will no longer be able to open your password manager. For greater security, this password must be unique and fairly strong.

The manager can operate in different formats: it can be a program to install on your computer (or smartphone). This could be a web browser extension or even a feature within it. This can also be a remote service, in a service provider’s cloud. Sometimes this can be a mix between local installation and cloud synchronization.

Why use a manager to manage your passwords?

The main benefit of the password manager is to act as a foolproof memory, for you. It is very difficult, if not impossible, to remember all of your passwords. It’s even more complicated when you want to create a unique and complex one per service (which is the best practice to have).

The password manager is therefore a kind of remote memory, which you can consult on demand. Every time you need to log into an account, unlock your password manager and retrieve your login information. You can compose very strong passwords without worrying about remembering them.

Depending on the solution chosen, a manager can include additional options: a location to store payment data (a bank card), a section to create confidential notes (the Wi-Fi code of the box), etc. Some services also provide password analysis and give you improvement tips.

Password managers have evolved greatly over the years to be as convenient to use as possible. They offer to save the new password created when creating an account; they automatically fill out forms; they interface with browsers; they sync between multiple devices, and so on.

Are there free managers to keep passwords saved?

Yes. The two apps that stand out in this segment are Bitwarden (read our Bitwarden review) and KeePass (read our KeePass review). We can also mention the managers integrated into web browsers, which are also free: Google Chrome, Mozilla Firefox, Safari, Microsoft Edge, etc.

Other software also provides free plans, but they are generally summary and limited. These offers serve to get your foot in the door, to then convince you to take out a paid subscription. In this category, we find the Proton Pass, LastPass, Dashlane and NordPass applications.

Among the main software in the sector, only 1Password does not provide a free plan.

Are password managers safe?

Password managers are sometimes viewed with suspicion, for a variety of reasons. Among the common criticisms, we find the accusation of not offering a 100% secure solution, that of grouping all passwords in one place, or even of entrusting the “keys” to one’s accounts to third parties, including tools are not necessarily open source (the code is searchable).

However, these password managers are recommended by IT security specialists. This is the case of the National Information Systems Security Agency, which manages the state’s cybersecurity of its vital structures. Ditto for the Electronic Frontier Foundation, a powerful American organization dedicated to the defense of digital freedoms.

Of course, zero risk in IT does not exist. But we must keep a lucid look at the reality of the danger and, above all, evaluate one strategy in relation to the others and ask ourselves which is the best. What best strengthens the overall level of security? What best reduces risk and errors? In short, we must balance the benefit and risk.

It may happen that a security vulnerability is detected in one of this software. It has happened before, and it will happen again. But this does not always imply a vulnerability in the passwords themselves. In addition, we must compare this incident, which is quite rare, in relation to other, more frequent, threats to passwords.

If you rule out the password manager, what’s left? The option of writing them down in a notebook? We’re not going to lie: it’s worse. Do you have to memorize them yourself? Good luck, because on average each person is registered on dozens of online accounts. And if you think you’re using a single password to make your life easier, have you really gained security, then?

Should you prefer Chrome (and your Google account) for password management?

Managers integrated into browsers have the advantage of being free and being immediately available, without the need to subscribe to an offer or install anything. Browsers provide everything you need to remember your passwords and provide you with common features.

This is the case for automatic filling of registration or connection forms. There are other elements, such as the suggestion of complicated passwords, or alerts in the event of a data leak. It is also necessary to present a high level of security, starting with the encryption of stored information.

However, specialized managers provide additional functionalities, which can gain support, and above all justify the purchase of a subscription. This may be specific to passwords or confidentiality needs. Dashlane, for example, offers a built-in VPN, while Proton Pass generates aliases to hide your email address.

What is the best password manager?

This question is probably insoluble, because the importance we give to this or that aspect of a manager varies from one Internet user to another. What we can point out is that the main software in the sector all offer approximately the same services and functionalities. There are differences, but they are rather marginal.

We invite you to consult our selection of the best password managers. We have reviewed the main applications of the sector, in order to identify the essential particularities, that is to say those which concern common use. Some managers have specific functions, not necessarily central to the general public.

It is in this direction that we wanted to offer these different opinions on managers, with the aim of addressing a less expert readership. This is to spare it from metrics that could be obscure or too numerous, as well as considerations that are sometimes complex and undoubtedly too far removed from daily use.

What we generally expect from such a tool is:

• to have a clear interface;
• sufficient ease of use for the general public;
• to have a dashboard to have a general overview of your situation;
• work on Android or iOS devices;
• manage documents such as a credit card;
• to take care of means of payment;
• to warn in the event of a leak of personal data;
• to support double authentication;
• to include a password generator;
• encourage people to choose a strong master password;

The best password managers

Subscribe for free to Artificielles, our newsletter on AI, designed by AIs, verified by Numerama!