The best password managers and security tips: how to solve your login problems

You’ve probably heard of password managers. It may seem complicated, but setting up the fortress with the password does not have to be painful. These services remind you of all passwords and can safely generate new ones. When you access a login page in a web browser and even in many applications, the manager will automatically fill in what you need to access your account. Some even comb the web to warn you if your information appears to be in breach of security.

A significant change from one of the most popular managers, LastPass, is why I have passwords on my brain again. On March 16, LastPass Free users will need to upgrade to the service’s premium plan – usually $ 36 a year, but are currently offered $ 27 a year – if they want to continue syncing passwords on their devices. While I’m a fan of LastPass, his free plan is no longer a good choice.

The best password managers work on as many platforms as possible – which is why we generally recommend services independent of password savers built into browsers and operating systems. We tested the most popular, in a search for high security, wide options and ease of use. Here’s what I found:

• Easiest to use:1Password ($ 35.88 per year for individuals, $ 59.88 for families up to five years old) has an easy-to-use design and several layers of baked security at a good price. 1Password doesn’t have a free level – security is something we think is worth paying for. “Free software almost always involves compromises,” said a 1Password spokesman. “We can focus our efforts on developing new ways to protect your data instead of collecting or exploiting it.”

Like other password managers, you can organize your passwords into different collections: one for personal accounts, one for work, one for shared family connections. The mode of travel is unique to the service – it is intended for people who need to hide sensitive information when traveling to countries where they fear their phone might be searched.

Dashlane ($ 59.99 per year for individuals, $ 89.99 for families up to five years old) is also easy to use and is a good choice if you’re interested in additional features such as a VPN built-in (aka virtual private network) for internet access is safer and a dark-web monitoring service that keeps an eye on hackers who may have your credentials.

I finally opted for 1Password because of the price. (I also thought Dashlane’s Mac Safari browser extension, now in beta, was a buggy. A Dashlane spokeswoman said the team was working on a solution.)

• The best service with emergency access: There is a connection between Dashlane and LastPass Premium ($ 36 per year for individuals, $ 48 for families up to six years old). Both allow you to give a trusted contact access to your safe if you are dead or disabled. Functions like this are important because our lives are so tied to our digital accounts, as my colleague Joanna recently said. If something happens to you, your designee may request access to your safe. You can set a specified delay period of between three hours and 30 days, during which time you can refuse access if you can.

LastPass Premium is not as sleek as Dashlane, but it is a very capable password manager also with dark-web monitoring, plus a gigabyte of encrypted file storage (and a good Safari browser extension). If you’re using Safari and don’t need a VPN, go with LastPass.

1Password considers this type of emergency access to be a security threat. In a forum post, a company employee explained that a domestic abuser, in order to enter a password safe, could hold a victim against his will. He suggests storing a hard copy of your secret key code and master password in a safe or with your lawyer.

• The best free option:Bitwarden has a free full-featured plan for individuals and two-person companies that syncs an unlimited number of passwords across devices. The service has many key elements: end-to-end encryption, secure password generator, two-factor connection and applications for each desktop platform, browser and mobile operating system, plus web access.

A premium subscription ($ 10 per year for individuals, $ 40 for families up to six years old) is required for bells and whistles, such as a report with exposed passwords and improved login protection.

“We are a for-profit company, but we feel it is completely harmonious and compatible to offer a basic manager for free,” said Michael Crandell, CEO of Bitwarden. Many users who start with the free plan eventually decide to upgrade, he added.

Once you’ve chosen a password manager, you can manually add all old passwords. If you store passwords in your computer’s Chrome browser, you can export them and then import them into your new password manager. (Apple doesn’t have a similar password export option.) If you switch from one password manager to another, exporting passwords is usually an option as well.

Password managers will improve your digital life. But whether you receive one or not, you need to know four simple rules of password protection.

Rule no. 1 – Don’t just rely on passwords.

Use two-factor authentication, also known as 2FA, whenever possible. This requires additional code or validation sent to another device.

In general, activating 2FA is better than not having it at all. But if you have a choice, use an application authenticator (I like Authy) over a plain text message. It works when you do not have cellular reception and is not likely to hijack the SIM card – if a hacker, who is targeting someone with a valuable account, against the phone number of that person from the wireless operator. You can call your carrier and add a password to your wireless security account.

Rule no. 2 – Make long passwords.

The term “password” should be removed. The new hotness is the phrase of access. “Password length is a more important factor than complexity, because a longer password is harder to decrypt,” said Jameeka Green Aaron, head of information security at Auth0 client authentication.

For example, the access phrase “Raccoon Doorknob Spacecraft” would take centuries to crack, according to the free Bitwarden password testing tool. Meanwhile, according to the verifier, a 12-character string, with uppercase and lowercase letters, symbols and numbers, could take an attacker only three years to break. Most password managers allow you to set the length of automatically generated passwords.

Rule no. 3 – Make it unique.

Whatever you do, don’t reuse passwords. It’s the most common way accounts are hacked, said Ms. Aaron. If hackers discover the password used in one place, they try it in other places. This is where password managers come in. Use them to create strong unique passwords and store them for all your accounts.

Rule # 4 – You have a backup plan for your backup plan.

The password manager key is a master password, along with a device for authentication. A good password manager doesn’t know what your primary password is and can’t help you recover your account.

So, to be a good password parent, you need to think about the worst case scenario: What happens if you lose the device to which two-factor authentication codes are sent? What happens if you forget your password?

Authy syncs authentication codes across multiple devices (e.g., phone and iPad), which helps if you lose one. Setting up a physical security key, such as YubiKey, as an additional authenticator is another security measure. When it comes to remembering your primary password, the best solution is low-tech: write it on a piece of paper and keep it with the rest of the most important documents. It is more secure in the physical world than in the digital world.

—For more WSJ technology reviews, reviews, tips and headlines, sign up for our weekly newsletter.

Write to Nicole Nguyen at [email protected]