Why you need it
Repeated passwords
Even if you think its new and clever, you might very well have used the password you just âinventedâ for a long forgotten account (which may or may not have leaked).
Repeating passwords is nearly as bad as setting them to âadminâ or âpassword1â.
Plain text
If you donât use a password manager and donât repeat passwords, chances are you are storing them in an unencrypted, plain text file.
We all manage a huge amount of accounts, no way you can remember all those passwords.
Anybody with (even remote) access to your machine can read an unencrypted file.
Plus you need to be in that specific machine to access your passwords or copy that file around.
TOTP
Nowadays, itâs often required to have some sort of MFA set up.
One Time Passwords are by far the mos convenient and secure way to achieve this.
Plain and simple, this is not possible without a password manager.
Work passwords
You might not care about your personal stuff, but please do care about your work related accounts and credentials.
You put your whole company, coworkers and clients/users at risk when you neglect your online security at work.
One of the main ways attackers get access to userâs sensitive information is by taking advantage of bad practices used by the people who are supposed to be trusted with that information.
Why you want it
Itâs more comfy than your solution
I can bet that the way you currently manage your passwords is either uncomfortable or insecure.
You either have them written in plain text in a file you have to fetch every time you log in (or even worse, written in a physical paper like a caveman), or you let your browser manage them for you (good luck using a different browser or needing any kind of advanced management).
Good password managers, especially if they have a companion browser extension, are literally a one click solution to both creating good passwords and filling them into the login forms.
Good passwords are hard
Just look at the requirements for any account password and be honest: Can you really come up with a good one without using personal information like name or DOB?
Yeah, me neither.
Typing huge passwords sucks
And you always get something wrong.
Lost the file? Lost all passwords
If store them in a file, your passwords are gone forever as soon as that file gets deleted.
Thatâs just a bummer.
What to use
Well⌠a password manager đ. Here is what to avoid and a personal suggestion.
Avoid non FOS software. Here is why
- Nobody knows what the code actually does or how secure it is. You are 100% just trusting the company offering the service.
- FOSS is always more secure. It can be publicly audited and people will pick it apart and patch it.
- If the company decides to make you pay for features that where once free you might have no choice, except maybe to export a JSON or CSV file and move away.
- If the company goes six feet under, youâre on a ticking time bomb to find an alternative.
- You are in charge. You donât have to, but often can go and host the service yourself.
The dynamic duo
BitWarden
The more user friendly alternative.
They are widely used and known, are repeatedly audited by third parties, have a free and a paid business service, and have pretty much anything you might need:
- Desktop GUI
- Desktop CLI
- Mobile GUI
- Browser Plugin
- Web Vault
You have the option to make an account with them and host your passwords in their servers (just like with any other password manager) or you can host your own instance on your own server.
If you plan to go that route, check out VaultWarden for a super lightweight alternative!
KeePassXC
Minimal solution (although not as minimalist as just using pass).
Itâs a cross-platform implementation of the KeePass standard with added plugin support.
You have a local encrypted vault which you connect to the plugin and thatâs it.
You are in charge of backups and security and can access the vault only locally, but there is literally no one else involved.
Not even a connection the web.
Conclusion
Personally I have used a lot of different password managers.
Nowadays, I run a VaultWarden instance on a VPS but still have a local copy available from KeePassXC, just in case.
No solution is perfect for everyone and each have valid use cases.
Except for not using one.
Thatâs just silly đ.