LastPass and BitWarden
When the first computers were built, the initial thoughts were not on administration or putting locks and keys on things, instead the idea was that if you were sitting at a computer someone who used the computer yesterday could not control what you did today. Unfortunately that age of thinking has came and went, now account security is paramount to surviving online.
As of 3/20/19, The Collection credential lists (accounting for more than 845 gigabytes of data and millions of unique usernames, passwords, and email addresses) showed the world that simply coming up with a memorable password was not enough to keep hackers out.
One of the most useful tools you can use to help organize the chaos is called a password manager. These tools are designed to save your passwords in a central location (lets call it a vault) that can be protected by multiple layers of security. Depending on what software you go with, its important that you choose one that not only fits your use case but also has a proven track record and has completed a security audit.
Keep in mind, Password managers are not silver bullets ether. Vulnerabilities discovered in the software can allow unauthorized parties access to your passwords so it’s just as important to keep your password manager software updated. Besides malware, its also important to remember to lock your vault back up once you’re done using it. Leaving your vault unlocked may seem like a good idea if you find yourself constantly switching back and forth to retrieve passwords but it also leaves the door open for software running on the device to access your vault.
LastPass is an online password vault developed by the good people at LogMeIn on a freemium model. Anyone may create an account for free and begin storing their passwords through it. To access features like hardware keys (Yubikey) you will have to subscribe to the $36 a year plan. LastPass sets itself apart from other services is the vast number of software that provide hooks to it. Secondly, LastPass has been audited by top security professionals who have verified that LastPass has implemented things correctly so you can be sure that your passwords are safe from harm.
LastPass is very easy to get started using and handles all the heavy lifting of keeping your password database synced across all your devices via Apps on iOS and Android as well as through an extension in your browser. LastPass also provides free password security checkups that will check to see if your password has been leaked in any of the known database dumps.
Another tool that I will mention ( Full disclosure, I use to use LastPass before switching to this one ) is BitWarden. Like LastPass BitWarden is also a password manager that has been properly vetted by security professionals but is 100% open source. Everything about the system is open to review on the project’s GitHub page as well as source code for their Apps, Browser Extensions, and Desktop clients. BitWarden unfortunately also puts hardware keys as a premium membership option but at a far cheaper cost of $10 a year.
One of the features that made me switch out of LastPass for my password management was the ability to run your own BitWarden instance on your own, ether on premise or in the cloud. This is not limited to their premium membership and can be used without a subscription. If you are someone who doesn’t trust third parties with their data this is an excellent choice. If you choose to use BitWarden’s free hosting keep in mind that they are running on top of the Azure Cloud which is run by Microsoft.
If you still aren’t 100% on board with ether password managers there are plenty of others to choose from. The best way to get started is to try them out and give them a fair shot.