What are Password Managers?

A password manager or vault is a software that you can use to securely store your sensitive information such as usernames, passwords, credit cards numbers... etc. It will encrypt and store all the information you save in a database and you only need to remember the password to uncloak this database, often known as the master password. Once you provide the master password, it will be used to decrypt the information, allowing you to then access the rest of your passwords and other information. The master password must therefore be very strong, as it grants access to all the information stored in the vault or database.
Why Should I Use a Password Manager?

Since it is always advisable to use different passwords for each website or service, this could become very difficult to manage and there is a high chance that you will forget some login information. On the other hand, if you reuse the same password for more than one service or for all your accounts, then you risk being vulnerable to password leaks, which now occur more and more every year.  A password breach in one website will now allow that password to be used in all other websites that share that same password. Password managers have the advantage of allowing you to generate strong unique passwords for every site, which you do not need to remember. They allow you to store these different passwords, eliminating the need to reuse or remember the passwords, and only requiring you to remember one single master password.
What are Good Password Managers that I Can Use?

There are a number of good solutions that you can use. Some of these are free, and some you have to pay for. While we generally can't endorse any specific software, the list below includes some known good ones:

  • ​LastPass: 
    • Works with iOS, Android, Linux, Mac, and Windows.
    • Notifications appear in browser toolbar to save new usernames and passwords.
    • Unlimited stored logins.
    • Available as a cloud-based service only.
    • Can be found at https://lastpass.com
  • 1Password:
    • Works with iOS, Android, Linux, Mac, and Windows.
    • Syncs with Dropbox.
    • Integration with mobile applications.
    • Easy import of passwords.
    • Available as a cloud-based service or can be locally installed on PC.
    • Can be found at https://1password.com
  • PasswordSafe:
    • Works on Windows only.
    • Password strength reports.
    • Available only for local installation on a PC.
    • Can be found at https://pwsafe.org
  • KeePass:
    • Works on Windows and Mac.
    • Available only for local installation on a PC. 
    • Can be found at http://keepass.info

If you are interested in reading more about password managers, check out this issue of the OUCH! Security Awareness Newsletter published by the SANS Institute.