![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/01\/password-managers.png\")
<\/p>\n<\/p>\n
Companies and websites are hacked all the time, and data they hold about users can be leaked. These leaks often contain usernames and passwords, and can also include other sensitive data, such as credit card numbers or personal information. You don’t always hear about these hacks; only breaches of the biggest companies makes headlines. Wikipedia has a partial list of notable data breaches<\/a>, listing the largest hacks. Just in the past year, major organizations such as T-Mobile, the Red Cross, and IKEA were compromised. Was your data stored on their servers?<\/p>\n A password manager is software that allows you to create and store strong and very complex passwords so you won’t have to memorize them. All you need to do is memorize one really strong password to get access to all the others. There are quite a few password managers on the market today, so which one is right for you?<\/p>\n We discuss four trusted password managers in this article; each is cross-platform, available for Mac, Windows, and iPhone (and the first three are available for Android). While not a complete comparison of all major password managers out there, this article will teach you what to look for in a good password manager, and will provide a few options.<\/p>\n In this article:<\/em><\/p>\n You might wonder why it isn’t good enough to simply memorize one seemingly strong (but memorable) password and use it for every site.<\/p>\n One reason is credential stuffing attacks<\/a>. If one company’s password database is breached, your password may get exposed. This may be the result of a site storing passwords in a less-secure (or completely insecure) manner, or a determined attacker cracking your password. Either way, once your password is out there, attackers will try “credential stuffing” attacks: checking to see if anyone with the same username or e-mail address has reused that same password on other sites.<\/p>\n Imagine a scenario where a forum gets hacked, your password is leaked, and then an attacker uses that database of leaked usernames and passwords to break into your bank account or your e-mail account. If they can access your e-mail, all the rest of your accounts are one reset-password request away from being compromised, too. So even using a couple of different seemingly strong but memorable passwords isn’t a great idea.<\/a><\/p>\n If proper procedures are followed, sites should store your account details (including your password and credit card info) both “hashed” and “salted” using a strong cryptographic cipher. Here’s what those terms mean:<\/p>\n Hashing is technically a one-way function, meaning that if the only thing a site’s administrator (or an attacker) knows is the hash, they cannot somehow reverse it and extract the original password. However, if the original password is weak \u2014 or if an attacker has enough processing power and time \u2014 the password may eventually be guessed, which would result in the same hash. If the hashes match, then the attacker has successfully guessed the password.<\/p>\n This is one reason why you often see stolen data from a hack surface weeks or months later. Cracking password hashes takes time, but a large percentage of passwords can be cracked very quickly as they are commonly used. If your password is It’s safe to assume that once a company has been hacked and your account details are stolen, your password will be exposed at some point. Before that happens, you want to make sure there is enough time to react and change your password. In the event of a data breach, the company must first discover the hack, investigate it, and report it. This can take weeks or months, during which time you have no idea that hackers have been trying to crack your password. In some cases, sites may never discover \u2014 or never disclose \u2014 the fact that they were compromised.<\/p>\n Ideally, your password is strong enough that by the time you learn of a hack, the chances of it being cracked are slim. This brings me back to the previously mentioned, much more secure password example: Below are four password managers that meet all of the above criteria.<\/a><\/p>\n <\/p>\n Cost:<\/em> Pricing starts at $2.99\/month billed annually ($36\/year) for an individual, and $4.99\/month ($60\/year) for a family of 5 users. This includes access to 1Password for all available platforms, on as many devices as you use.<\/p>\n Platforms:<\/em> Mac, Windows, Linux, iOS, iPadOS, watchOS, visionOS, Android, and browser plugins for Chrome, Safari, Firefox, and Brave. You can also access your 1Password database through a web browser.<\/p>\n 1Password<\/a> is one of the most popular password managers. It has a great reputation, offers strong encryption, and syncs through 1Password’s servers. Your passwords and password generator are quickly accessible from your Mac’s menu bar or browser plug-in. and 1Password’s Watchtower feature warns you if your credentials have shown up in data breaches. More pricing details and a full list of features are available on their website<\/a>.<\/a><\/p>\n <\/p>\n Cost:<\/em> Free for personal use; a $10\/year premium plan offers advanced features; a $40\/year family plan offers premium features for up to 6 users<\/p>\n Platforms:<\/em> macOS, Windows, Linux, iOS, iPadOS, watchOS, visionOS, Android, and browser plug-ins for Chrome, Firefox, Edge, Safari, Opera, Vivaldi, Brave, and Tor Browser. Bitwarden also offers a command-line interface for a variety of platforms, and you can access your Bitwarden database from the company’s website.<\/p>\n Bitwarden<\/a> is an open source password manager that has a plan for individuals that claims to be “free forever.” Like other password managers, it handles passwords and other types of data, along with two-factor authentication codes, and offers a “username data breach report,” as part of its free plan. The $10\/year plan offers a full range of features, and family and enterprise plans are also available. A full list of its security features are available on their website.<\/a><\/a><\/p>\n <\/p>\n Cost:<\/em> Dashlane has a free plan, which provides basic password manager features for a single device, a Premium plan at $4.99\/month (i.e. $60\/year) and a Family plan at $7.49\/month (i.e. $90\/year) billed annually. The Premium plan includes access to a VPN and Dark Web Monitoring, while the Family plan includes one Premium account and 9 other users that get all Premium features except for the VPN. There is also a range of business plans.<\/p>\n Platforms:<\/em> Web app, Android app, and App Store apps for iPhone and Apple Watch, iPad, Mac (including a Safari extension), and Apple Vision Pro.<\/p>\n Dashlane<\/a> is another popular password manager. It’s available as a web app for all major browsers on Mac, Windows, and Linux, and apps are available for Android and Apple operating systems; the iOS app also includes an app for the Apple Watch. The company got rid of its desktop app early in 2022 to focus on its web app, but later resurrected its macOS app. The web app version can be practical because it allows you to access your passwords on any device.<\/p>\n Passwords are encrypted and stored on the Dashlane server, and you can protect access with two-factor authentication. This is important with Dashlane because of the web access; other password managers with desktop apps store their passwords locally, so someone would need access both to your device and to your master password to access your passwords. Dashlane emergency access allows you to nominate someone who can unlock your account if you have lost or forgotten your master password. Dashlane’s Dark Web Monitoring (available with the Premium plan) checks to see if your personal information has been compromised. More pricing details and a full list of features are available on their website<\/a>.<\/a><\/p>\n <\/p>\n Cost:<\/em> Free; included with all Apple ID accounts<\/p>\n Platforms:<\/em> macOS, iOS, iPadOS, visionOS, Windows, Safari (note: doesn’t support non-Safari desktop browsers, Android, ChromeOS, or Linux)<\/p>\n If you mainly use Apple products, another option that might work for you is Apple Passwords (formerly known as iCloud Keychain). With syncing across all your Apple devices, the latest version of Apple Passwords includes support for credit cards and two-factor authentication codes, bringing its feature set up to par with (at least the free features of) many other password managers. You can use it natively on macOS, iOS, iPadOS, and visionOS. You can even get iCloud Passwords on Windows PCs using iCloud for Windows<\/a>. However, there is no web access, so you won’t be able to directly access your passwords on other devices such as Chromebooks or Android phones or tablets.<\/p>\n Check out our comprehensive review of how iCloud Keychain works<\/a> for macOS and iOS.<\/a><\/p>\n How to use Apple’s Passwords app on iPhone, iPad, and Mac<\/a><\/p><\/blockquote>\n\n
\n
\n
Why Password Managers are necessary<\/h3>\n
How sites are supposed to store passwords<\/strong><\/h4>\n
\n
Password1<\/span><\/code>, it will be cracked in under a second, but if your password is something similar to ZK}8xR%YtrvVAk4nuad#Y9g}X<\/span><\/code> (don’t use this exact password)<\/em>, it can take so much time it’s not worth the effort for those attempting to crack it (unless they’re specifically targeting you).<\/a><\/p>\nWhat could happen if a site’s password database gets breached<\/strong><\/h4>\n
ZK}8xR%YtrvVAk4nuad#Y9g}X<\/span><\/code>. A password similar to that one will likely be among the last that is cracked, but as a user, it would be very difficult to remember it. (Again, don’t use that exact password, just in case attackers add it to a password dictionary.) If you have a hard time remembering one password like that, imagine trying to use unique, strong passwords on dozens of websites. There’s no way you can remember them all, and this is exactly where a password manager comes in.<\/a><\/p>\nWhat to look for in a Password Manager<\/h3>\n
\n
4 Password Managers that meet the above criteria<\/h3>\n
1Password<\/strong><\/h4>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/09\/1password.png\")
<\/p>\nBitwarden<\/strong><\/h4>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/09\/bitwarden.png\")
<\/p>\nDashlane<\/strong><\/h4>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/01\/dashlane.png\")
<\/p>\nApple Passwords (iCloud Keychain)<\/strong><\/h4>\n