Password Managers
Posted on Dec 1 - 2020
Advice on how to manage passwords

By putting in order all the files that I’ve kept for years, and then subjecting them to a backup process, I found more than twenty copies of the same file that contains the database of the old passwords I used. This password management got me thinking that in 2020 there’re still people writing their passwords on paper or worse using the same password for everything.

It’s embarrassing as in 2020 the most used password is 123456.

 

 

Index

 

 

Password Managers

A password manager allows you to save all your credentials in one place, usually an encrypted database. In this way, instead of having to remember hundreds of passwords, you only need to remember one password, only one to access the entire database.

Simple, clean, and elegant.

Although the internet is overwhelmed by companies, specialized or not, to administer a password manager, I keep seeing people who are in trouble when they have to register for a site because they don’t know which password to use since they will then have to remember it. In most cases, as mentioned, you fall into the mistake of using the same password everywhere. If you’re in this category, start learning about password managers.

NB: password managers not only save your passwords but many of them allow you to save information like credit cards, notes, documents, and more.

 

 

Local or cloud

Everything is about how much you trust saving all our passwords and strictly personal information on a server somewhere in the world. For convenience, I’ve decided to summarize what for me are the pros and cons of choosing a local password manager (for example a file on your computer) or using the cloud.

 

 

Local


  • Pro

    • You have full control of your passwords, you and only you.

    • You are not subject to any rules, laws, or policies of a company or government.

    • Totally free, you don’t have to pay for any subscriptions.

    • You can save your most personal information and keep it safe wherever you want.


  • Con

    • You have full control of your passwords, you and only you.

    • The file containing your passwords can get corrupted, be encrypted, lose it due to a computer failure, and a thousand other problems.

    • You need to manage the backups of your passwords.

    • More unwieldy if you want to manage your passwords from multiple devices.

 

 

Cloud


  • Pro

    • More reliable than local copies.

    • You don’t have to think about anything, there’re specialized people to do it for you.

    • Cross-platform, you can access your passwords wherever you are or even share them with friends and family.

    • Simple and intuitive integration with other software, such as browsers.


  • Con

    • You don’t have control, or at least full control, of the service you use.

    • Subject to any data leak.

    • Your data is subject to the laws and rules of the company and/or the country in which it’s stored.

    • In the long-term view, the company can go bankrupt, change its policies or apply changes that you may not like.


I haven’t included “you have to pay a subscription” among the cons of the latter because in most cases to have a service oriented towards reliability and safety, those who work behind all this must eat.
With this, I am not saying that if you pay for a service you get something better than those who use free alternatives, absolutely NOT.
But in the vast majority of cases, totally free services are because you are the product.

There’s also a middle ground between the local and the cloud and it involves using a local password manager but saving the database in the cloud. In this case, the pros and cons of both parties come together. This method was one of the ones I used years ago.

 

 

Fuck browsers

Most browsers have a password manager built into them. Every time you register on a site, the browser asks you if you want to save the password. It’s certainly a convenient and fast feature but never entrusts passwords to the browser itself.

There’re tons of articles explaining how this method of managing your passwords only brings problems. They range from the ease with which anyone with access to your computer can view your passwords to remotely cloning your entire browser session and all your passwords.

Also, in my personal experience, I avoid password managers that are built into the system itself. In my case, I have been using Apple iCloud Keychain for over a year. It’s surprisingly minimal but it does what it is designed for quickly and reliably. The problem, however, is that although the Keychain is encrypted, super armored, etc; it’s unlocked, for example, when you log into your account on the Mac. This means that your account on the Mac and the database containing all your passwords share the same password. This is not very comforting.
Furthermore, Keychain is linked only to Apple devices and only to the Safari browser.

 

 

My experience

As a child, I kept the few passwords I had in a text file on my computer desktop. I was small, stupid, and ignorant of everything. Later, understanding the confidentiality of the passwords and I started saving them in a local database through KeePass.
However, this led me to be more obsessed with saving my database in more places (external hard drives, USB sticks, CDs) with the fear of losing everything at any moment, and in addition, I needed to access my passwords also from other devices. Then the cloud comes into play, but all the file management, backup copies, download, and install apps, and other messes led me to choose one of the many password managers, 1Password, as a solution.
I have evaluated, and partly used, also others such as Keeper, LastPass, Dashlane, Bitwarden, RoboForm, and others.

The main point of the whole discussion, however, is not which password manager to choose but to start being more aware of their need and usefulness.

Prev
Next