Article
Friday, April 16, 2021

Password managers: everything you need to know

Everything you need to consider when implementing a password manager for your organisation

What is a password manager?

If passwords are keys, a password manager is the keyring that helps you to manage all your keys to ensure your accounts are kept safe. It helps you to organise them and label them to make sure they are in one place, easy to find and that you are in control of them.

Above all, it alleviates the need to remember all of them, remembering one master password to access the password manager is all you need to keep your passwords safe and at hand.


What password manager should you use?

The right password manager is the one that works for you, whether it’s as a person, or as an organisation. You need to trust it, and it needs to work with your setup.

You may already have a free basic password manager available on your device or browser, for example Google’s Password manager or Apple’s KeyChain. Or you may prefer to install a password manager with cloud features for Businesses such as Bitwarden, Lastpass or Dashlane.

You can narrow down options by asking yourself:

- Are you comfortable with your passwords being stored (encrypted) in the cloud or do you prefer to store them in your device?

N.B. Storing passwords in the cloud makes it easy to share across devices but relies on trusting the password manager to secure your data when in transit and when stored in the cloud.

- Does the password manager work across all of the devices you use?

- Do you need business features?

E.g. user management, single sign-on...etc.

- Do you want to use an open source or proprietary solution?

N.B. With open source, you have the means to know exactly how your data is stored, secured and processed (and you can rely on the community to have scrutinised it and fixed any issues). In contrast, with a proprietary solution, you have to rely on that company's word on how they secure and manage the data - but one could equally argue that protecting your code makes it harder for adversaries to find bugs!

The below table summarises the key password managers available in the market and their features:

Name For an Individual
(per month)
For a Business (per user per month) Password stored in Works on License
Bitwarden From $0/m From $0/m
(2 users)
Cloud
(on premise option)
Android, iOS, Linux, macOS, Windows OpenSource
Lastpass From $0/m
(1 device type)
From $2.6/m Cloud Android, iOS, Linux, macOS, Windows Proprietary
Dashlane From $0/m
(1 device)
From $5/m Cloud Android, iOS, macOS, Windows Proprietary
PasswordSafe Free Device Android, iOS, Windows OpenSource
Enpass From £1.62/m Device
(Cloud option)
Android, iOS, Linux, macOS, Windows Proprietary
MyKi Free From $3.99/m
(min 5 users)
Device
(devices can sync)
Android, iOS, Linux, macOS, Windows Proprietary
1Password From $2.99/m From $3.99/m Cloud Android, iOS, Linux, macOS, Windows Proprietary
Keeper From £2.49/m From £3.33/m Cloud Android, iOS, Linux, macOS, Windows Proprietary
NordPass From £0/m
(1 device at a time)
From £3.59/m Cloud Android, iOS, Linux, macOS, Windows Proprietary
RoboForm From $0/m
(without 2FA)
From £3.33/m Cloud Android, iOS, Linux, macOS, Windows Proprietary
Google Password manager Free Cloud Android, Chrome Proprietary
KeyChain Free Device
(Cloud option)
iOS, macOS OpenSource

Data valid as of 16 April 2021

Can I trust a password manager?

Password managers will store your passwords in a secure way - so that if your device or cloud data were to be compromised, your password would still be protected. This is because of the way they have been built. Firstly, most password managers use an algorithm that uses your master password to decrypt each individual password. Furthermore, in many cases, a second form of authentication is required to access the password manager, adding an additional layer of security. Finally, most  password managers will also help generate safe and secure passwords that are hard to crack. Sharing your password with a third party application is a matter of trust, but it is arguably safer to trust a renown password manager than to write down your passwords, saving them in a file in your computer or reuse the same one (or variations of it).


We suggest that you  compare the individual features of each password manager to determine what suits you or your organisation best. However, on top of this we would also highly recommend you that you activate and enforce 2FA (Two Factor Authentication, also referred to as Multi-Factor-Authentication (MFA)) on your emails and key accounts. 2FA gives you an additional layer of protection by requiring two distinct forms of identification in order to access any of your accounts. For example, being able to log-in to your emails by typing in your password as well as entering a code that is sent to your phone via text. One strong master password linked to a password manager is a good protection measure but given that you typically grant password managers  access to a lot of  your confidential data, we suggest you enforce 2FA on your key accounts on top of this as well in order to maximise protection.

Should my organisation choose a single password manager for everyone?


Some of the password managers listed in our table have business features. By using the same password manager across your organisation you can benefit from functionalities dedicated to businesses such as:

- Centrally manage access to the password manager

- Share securely passwords and secrets that are associated to shared accounts


Jean-Martin Zarate
CTO