If you rely on your memory to store your passwords, your passwords likely aren’t very secure. Sure, you probably use a mixture of letters and numbers, which is better than nothing, I suppose. But you’ve been conditioned by crappy password strength gauges to believe that all you need for a secure password is a mixture of upper and lowercase letters, some numbers, and a symbol. Unfortunately, that’s not close to true. User-generated passwords follow distressingly similar patterns: when they’re not just “password,” they’re a dictionary word with two to four numbers afterward and maybe some “clever” substitutions like the $ for S. This does virtually nothing to increase the security of the password over pure lowercase text alone. If someone wants to crack your password, this will barely even slow them down.
What Makes a Secure Password?
If you really want secure passwords, you should be thinking about length. The longer a password gets, the harder it becomes to brute-force crack. Of course, brute-force cracking is the least sophisticated type of password attack. The other attack is a dictionary attack, in which former password collections or English dictionaries and used as the basis for cracking passwords. To best those, you’ll need to also use random passwords.
This means you want a long string of random letters, numbers, and symbols. And that’s virtually impossible to remember. Fortunately, you don’t have to! Password managers are here to rescue us from our own inadequacy.
Password Managers To The Rescue
A password manager generates and saves your account passwords securely. A good password manager syncs with all your devices and auto-fills your account information when needed. Most can also save payment information and contact info, simplifying the form-filling process online. With a password manager, you can use 16-character, purely random passwords and never need to worry about remembering them. Perhaps more importantly, you can also use unique passwords for every service, meaning that your LinkedIn password won’t provide access to your bank account or Amazon.
Does this mean you’re now “unhackable?” Unfortunately, no: password attacks are actually pretty rare in the scheme of things. Hackers are more likely to pursue a social engineering attack instead. But it does protect you from the kind of random, faceless leaks that happen every day.
So, what password manager should you be using? Apple products have a couple of truly top-notch offerings to choose from.
Dashlane is our favorite password manager. While it’s not flawless, it is very, very good. Apps are available for macOS, iOS, and watchOS, as well as Android, Windows, and Linux. Dashlane generates secure passwords and saves them across all your devices. It can also save personal information, payment details, and secure notes.
In-browser autofill is especially effective. There’s an extension for Chrome, Firefox and Safari that automatically detects the website your on and the data you need. It can fill it everything from username and password to name and address to social security number and payment information.
Dashlane’s iOS implementation is also extremely effective. If you’re logging into an account from within Safari, just share the page to Dashlane, which with authenticate you with Touch ID or Face ID and provide the necessary credentials. It also works in apps that offer Keychain support. With unsupported apps, Dashlane makes it extremely simple to quickly copy and paste the necessary password.
Dashlane does misfire sometimes, and some web-based apps like Freshbooks confuse it mightily. But overall, its an extremely functional and effective choice. Dashlane’s free version is also extremely functional: you can save as many credentials as you want on one device, but you won’t have access to sync between devices. You can manually sync your password store between desktops, but that doesn’t work with iOS devices. To unlock sync, you’ll pay $40 per year.
1Password is the most Apple-Friendly of all the password managers available. It integrates seamlessly with Apple products, with the same look and feel you’ve come to expect from Apple software. It’s available on every platform and syncs smoothly with them all. The design is extremely appealing as well, with a friendly, cheerful aesthetic that’s a pleasure to interact with.
The password generation tools are great, and the in-browser support is robust. It does operate a little differently from Dashlane: instead of clicking in the password field, you’ll need to right click on the page and choose the 1Password extension, then select the password you want to log in with.
You can also set up multiple “vaults,” or collections of credentials. With the family plan, you can then control user access to these vaults. This makes it easy to share family accounts in a “Family” vault while keeping your personal information separate.
As far as downsides go, there aren’t many. In testing, I found the 1Password autofill to be approximately on par with Dashlane, though slightly more reliable than Safari. 1Password also has basic feature parity with Dashlane. It’s extremely attractive, functional and reliable. One user will cost $36 per year, and the whole family can join for $60 per year.
You may not know this, but Apple has its very own password manager, built right into its operating systems. iOS, macOS, and watchOS all have access to Keychain, which is the secure storage Apple devices use to save and remember passwords, as well as certificate data and other secure information. Keychain is a critical part of the functionality of your device, and it’s designed to use that mission-critical security hardware to store your passwords as well. It’s also free and immediately available. Sync works over iCloud, and integration is present in every default Apple application.
So what’s wrong with it? Mostly, third-party support. Keychain doesn’t integrate with Chrome or Firefox, meaning you’ll have to use Keychain Access to copy and paste your passwords. You could also do your best to remember all your passwords, but you’ll have a hard time with that if you use properly secure and randomly-generated passwords. Keychain Access is not made for daily in-and-out copying, especially on iOS. It’s not even directly accessible on watchOS. So if you need to log into an app that doesn’t support Keychain integration (or Keychain is being buggy) you might have a hard time getting accredited.
That’s the other thing about Keychain: the sync can be incredibly buggy. And when Keychain doesn’t sync properly, it often corrupts itself. So what should be a seamless cloud-based integration becomes a nightmare of troubleshooting a feature without an interface or any diagnostic capability. Basically, you have to nuke your Keychain and hope it re-syncs properly from iCloud this time, and that’s just not something you should have to do regularly.
It’s hard to pick just one favorite password manager. But Dashlane and 1Password and neck and neck. Dashlane does offer a robust free option, so it’s great for folks trying to get buy with minimum financial investment. However, you won’t get access to the mobile version of Dashlane, which is one of the best features. If you’re going to pay for a password manager, 1Password is the most Apple-centric service out there. But regardless what choice you make, you absolutely need to start using a password manager as soon as possible.
You might also like the following posts: