Photo by Matthew Henry on Unsplash

The Password Insanity

Or, How to Stop the Madness

Let’s just admit it: Passwords are a pain.
Nearly every week we hear about another security breach or virus or phishing scam that threatens to steal or broadcast our account credentials. Using the same, simple password over and over just isn’t acceptable in today’s connected world.

By now everyone has got that memo– but it’s a lot easier said than done! Modern browsers make it convenient, even offering to generate complex passwords (aka gibberish). But what if you share accounts with friends or family? What about smartphone apps? What if you need additional details beyond username and password? What if you want encryption? Thus the need for a password manager.

For years I stored passwords in Chrome. It’s easy, convenient, and available across all your devices. Since I use Chrome pretty much everywhere, it simplified the process of logging in from various screens. But there are some issues with this basic approach.

First, the passwords are stored on your device in clear text. So if someone gains access to my PC’s password, they have access to all my passwords. Another issue is the passwords in Chrome are not easily shared with other users. And finally, if you do not use 2-step authentication (and you should!) then all your passwords are just one ********* away from being stolen! Phishing emails hoping to trick you into entering your credentials on a bogus page are rampant, and some are mighty convincing.

Don’t get me wrong… if you set Chrome to generate complex passwords, and enable 2-step authentication on your Google account and keep tabs on who has access to your device, you will be doing better than most people.

Unfortunately, that isn’t really saying much.

Being the digital overachiever that I am, I decided to try a password manager. Or three. Too many of my accounts used the same password, or something simple that I was too damn lazy to change. Plus, there are accounts I want my wife to have access to, but want to avoid sending passwords back and forth whenever an account is updated. Another appealing feature of most password managers is the encryption of all stored data. Breaching their cloud storage is way more complicated than hacking my laptop’s login.

So if you still aren’t convinced of the need for a password manager, you can stop now. Otherwise you can continue reading about my trials and tribulations as I set about testing various software. Hoping to help others avoid my pitfalls, I have shared my findings below.

The Candidates:
BitWarden, LastPass and Dashlane

My test included three different offerings, all offer free options and one is open-source. All of them worked– some better than others. Your mileage may vary.

I didn’t really start down this path to create a comparison review. It was more a matter of trial and error. Typically caused by me playing the discouraged consumer muttering, “there has to be a better way.” The fact my first choice ended up being the final choice might indicate… well, there might not be a better way.

The three I tried all of these offer encrypted storage of your credentials behind a “master password.” They can also store other info to help autofill forms with data such as addresses, credit cards, identities, etc. Sharing is also possible– though each offering varies in their method (and cost).

One last item I’ll mention that applies to any password manager: importing your passwords. All of these packages support bulk importing of your passwords from a file, some are better than others. But first you’ll need to export your passwords (unless you’re on a strict a post-it note system). It’s typically pretty simple to do, though Chrome did make it a wee bit confusing for me! Before you begin refer to this managing your passwords article.

And now, in no particular order…

Since 2015 LastPass has been a product of LogMeIn, the company best known for the GoTo line for webinars, remote access, etc. Many reviews rate LastPass as the best free password manager because it offers storage of unlimited passwords across multiple devices. It supports two-factor (though limited on the free version), as well as other authenticators like Microsoft, Google Authenticator and their own LastPass app.

Their browser extensions supports Chrome, Firefox, Microsoft Edge, Safari, Opera and Maxthon (Maxthon???). A desktop app is also available for Windows and Mac that provides access to the online vault and manages password for your desktop applications.

Tip: New entries often don’t show up on another device immediately. To “sync” look on the extension under Account Options > Advanced.

Dashlane is probably the most highly rated password manager. Never forget another password, is their motto. Hopefully you remember your master password! Like most of these products, Dashlane uses the master password model. One distinct difference between Dashlane and the others mentioned here, is the ability to store your data locally. That doesn’t do much for me, but some people find that option attractive. Dashlane also supports two-factor authentication, biometrics and a slew of third-party authenticators. Overall this is probably the most professional looking of the three I tested.

One of the features they tout is the ability to bulk update your accounts en masse. Unfortunately there were only a handful of sites it was able to actually update. The most common downside mentioned in reviews was the cost. And it is pricey. The free version of Dashlane will store up to 50 passwords on one device. That makes Dashlane a hard no for the freebie crowd. But if you’re willing to pay, it delivers some valuable extras, like VPN surfing and account monitoring.

Tip: Read the terms of service, the Inbox Scan and Mirror features are not popular with privacy experts.

My offbeat choice is BitWarden. This is an open-source offering, meaning it’s created by a collaboration of developers. It’s a good product and offers some solid competition to the commercial packages. Like the others you can access your account on the web, via a browser extension or from their desktops apps for Windows, Mac or Linux. BitWarden supports more browsers on more platforms, including Chrome and Linux. Sharing is even free between two accounts. And for the uber-geeky among us: you can even host your own install instead of using their cloud!

I was thoroughly impressed with BitWarden in day-to-day use. The extension was stable and I can’t recall it ever locking up or going MIA. Their user interface could use a little tidying up though. It doesn’t offer the auto-update feature of its commercial counterparts, but I found that to be a hit or miss operation anyway. For a measly $10 a year they will add password scanning and sharing amongst more than two.

Being open-source it is maintained (and tested) by an army of nerds. The idea is that whenever issues arise they can respond much more quickly than their corporate competitors. A glance through the user forum offers proof they do listen to user critiques, and even act upon them. Sometimes surprisingly quickly!

Tip: If you use the Family feature and decide to export your accounts, check the resulting file includes those shared accounts.

And in conclusion…
If you’re hoping for a happy wrap-up… well, there isn’t going to be one.
I have to admit we didn’t really love any of these. The package we are currently using is the one we liked best, and is serving our needs— for now. Share your experiences in the comments below.

Photo by Matthew Henry on Unsplash

Four Years Later

January 3, 2023— My weapon of choice in 2019 for battling the password madness was Bitwarden. And more than 4 years on, it still is. They all have their inherent foibles, but overall Bitwarden offers the features, support and security I was looking for.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.