Passphrase Managers and how to select the right one for you

Passwords, passphrases, answers to security questions, and all the other random yet important small bits of data. They combine to stress us out and test our memory. Passphrase manager apps can help out, providing a safe and secure place to store all that stuff so you don’t have to try to remember it.

Choosing the right program for you is critical. Here are the three main criteria most commonly used to evaluate these apps, and a few thoughts on each:

  • Cost

Sure, you can find Free and Open Source Software (FOSS) options in this space, and good ones at that. However, this is the single most important software type that I am willing to pay for. Why? Because I want active development on the product I choose to ensure it stays updated and secure. So, similar to an in-app purchase for your favorite game, supporting the developers that build it makes sense to me.

If you should consider paying for one, is it affordable? On average, these apps cost $2-$5 per month, but they usually offer annual discounts. For about the cost of a cup of coffee per month, you could organize and secure your entire digital identity.

  • Security

It’s tempting to think of all candidates as being equal in terms of security, but there are two elements to consider before locking in your selection. First, how secure is the app? Does it encrypt all your data with AES-256 or greater? Does it require 2FA for local access, and can I use my face or fingerprint? Does it store my encrypted data in the cloud in case I lose my device? If yes to all, I’d consider the app relatively secure.

The second thing to explore is the security of the software company. This can be opaque to the general public unless an organization suffers an incident, such as the one LastPass did in 2015. FOSS offerings may have an advantage here because they can be verified by anyone. This may amount to a guess or a gut instinct, but is still important to consider and be aware of.

  • Convenience

These apps are inherently convenient, but what about how you intend to use them? Are you a Windows person with an Android mobile? Or do you stick with Apple? Does this product offer solutions for your favorite platform(s), and if you enjoy more than one, will it sync across all devices, no matter the operating system? Will it offer to insert passphrases from the app into login pages for you? Make sure the convenience lives up to the hype…check reviews from others users too.

As for products, everyone should find one that fits their intended usage. With that said, I’ll share that personally, I use (and have used for years) 1Password because I am mainly MacOS and IOS based. It’s not free, but the features they pack into it include a robust password generation capability and a known-breached alert, where if a password was used on two sites and one was compromised, the app will warn you about the risk to both. I’ve also used KeePass as a FOSS option, and it was the only sanctioned passphrase manager app at a Fortune 500 company I worked for. Check out a good comparison of several popular apps here.

Do remember your master passphrase for your passphrase app…it’s the only one you’ll need to commit to memory.

Do not store your passphrases in your browser…they are not encrypted and rarely protected by 2FA

Do not store your passphrases in a document or spreadsheet…it could be shared or lost and the file has no 2FA.

A passphrase manager app is a good solution to our modern problem of protecting and organizing this information. Please consider adopting one that looks right for you to #BeCyberSmart.

More Information