What criteria might you use to select a good password manager? The post “It’s a Jungle Out There” provides relevant overarching criteria: prefer products from companies based in good privacy jurisdictions, verify their claims through a reputable third-party audit, choose products that maintain little or no logs of your usage, and most importantly, choose products with strong encryption.
Some additional criteria to consider include:
- Encryption algorithms must not only be strong, but implement end-to-end zero knowledge encryption. Encryption and decryption of your password database must take place only on your devices (end-to-end), and the product provider must not have access to your encryption keys or data (zero knowledge).
- It must be available for common devices and operating systems.
- It must synchronize your passwords across your devices and in the cloud.
- It must provide browser extensions for common browsers and support auto-filling of your user id and password on websites that you designate.
- It must generate strong, random passwords and passphrases upon request.
- It should be able to import passwords from other password managers and files.
- It should offer the option to export a backup copy of the password database.
- It should offer a password strength checker, and password breach checking and notification.
- It should support 2FA to access the password manager when passwords are being added or edited.
- It should offer the option to securely store other important information such as credit cards, insurance cards, and personal IDs.
- It should have an excellent reputation in the marketplace with responsive customer support.
I recommend the following two password managers: Bitwarden and NordPass.
The link to Bitwarden is: https://bitwarden.com/
The link to NordPass is: https://nordpass.com/
Bitwarden is an excellent open-source product. It meets all the criteria above except for being U.S. based. I don’t view this as an issue given its implementation of end-to-end zero knowledge encryption. While there’s a free version, the Premium version is only $10 a year and I recommend it.
NordPass, by Nord Security, is a superior commercial password manager. Nord Security also offers an industry leading virtual private network (VPN) which I will recommend in a later post. NordPass meets all the criteria above and is also reasonably priced. The Premium version is $1.49 per month. The free version is limited and I recommend the Premium version.
In the next post, I will discuss two factor authentication (2FA).
Information provided in this post is subject to the disclaimer in the first post of this series.