Password Managers: Why You Should Trust All Your Eggs In One Basket
By Gabe Garbowit
By Gabe Garbowit
Passwords could be called our Achilles Heel—we need to have them, but if they're not strong enough, they make us vulnerable to hacks. Too strong and complicated—and we never remember them.
It doesn't have to be like this though. Over the past few years, new technology has arrived to make sense of our modern password dystopia: the online password manager.
Gone is the era where jumbles of gibberish must be created, remembered and written down. These types of services now promise that they can store your personal passwords and data, securely, allowing you to access both from anywhere in the world. All you need? Just one single password.
A number of password managers exist. We took a look at three: LastPass, Dash Space, and 1Password. While their methods of keeping data safe are virtually identical, there are some key differentiators.
LastPass is the clear market leader in this segment and with good reason. No other company offers as many features, supports as many platforms, and offers as low a price as LastPass. The service is free for those who want to stick to password management on either desktop or mobile but for those that want both, a premium subscription is required.
This might elicit groans from those who already subscribe to Spotify, Netflix, Youtube Red and other apps that syphon funds from your account. But I can almost guarantee LastPass will be the cheapest of the bunch. At $12 a year for a premium membership, you can skip a few lattes at Starbucks and your wallet will not even notice.
DashLane is extremely similar to LastPass with two notable exceptions. The first is unfortunately, the sticker price. Like LastPass, there is a free version of DashLane but anything other than desktop support is going to cost $40 a year.
The good news however is that the folks of DashLane have used those extra funds to make an interface that is far slicker than anything else we've seen. All passwords are laid out in an intuitive manner and it really is just a breeze to scroll through. The high price point is going to be a deal breaker for many. But for those that value a solid user interface, and great design above all, DashLane is the service to use.
1Password is a bit different than the other companies on this list because its origins are rooted in non-online password management for Macs—and it's widely considered the market leader in that category. Only recently has 1Password been fully converted to an online business model, charging roughly $34 for access.
The company differentiates itself in its high compatibility with all Apple products, integrating seamlessly with iOS and Macs in a way the others on this list cannot match. For those whose life revolves Apple, this might just be the manager for you.
How they work
When you initially sign up for a password manager, you are told to enter your email and a strong master password. You will most likely be explicitly warned that this password can never be recovered. This is very very important to note: when it comes to password managers if you forget the master password, you will not get your data back.
This is because the master password is not stored anywhere but with you, functioning as a key that unlocks the door to your information. As a matter of fact, none of the online Password Manager we mentioned, actually knows the password you're using.
So what happens to this information? After you enter your email and password, they are put through a digital meat grinder of sorts on your own computer. That is to say, they are ground up and spat out in a way that it would be an impossible task to put them back together again. Those are called algorithms.
So this is where things get really interesting. That unhackable number blob that you just created is the key that opens your password manager. When an account is first created, your password manager is locked in a way so that only your unique blob can be the key to open it.
There is one small problem though: How do these services know to send the locked vault back to you when you request it if they don't know anything about you? You could send your blob key to get back your password manager, but then the service actually has that key. Technically, it could store the key and use it to unlock your password manager on its own. That defeats the whole purpose of all this security.
But fortunately, this is not how things are done. Just as your password never leaves your computer, the key blob generated from your username and password never leaves your computer either.
Instead, on your computer, a second meat grinder is brought into play. This meat grinder takes your key blob, adds your password to it yet again, and grinds both up to make a completely separate identification blob.
It is this blob that you send over the internet to LastPass. It is still unhackable like the first blob, but it also cannot unlock your password manager. LastPass keeps a derivative of this blob on file* so whenever you send them that blob, they know to send you and only you your (still locked) password manager. Once the vault arrives on your computer, viola! Your key blob opens the vault and you can access all your passwords.
In a world where there are quite literally millions of entities and individuals who would love nothing more than to steal all your personal info and drain your bank account, securing your data is absolutely paramount. No system is ever going to be totally foolproof. At the end of the day, even with secure services like these, you have to know your own password and therefore it is still possible that a malevolent individual can coerce it out of you. Furthermore, it is possible that one day someone is going to figure out the prime number problem and therefore break all of the world's cyber security.
But it is something of a technological marvel how within reach a nearly perfect security system is for the average person nowadays. So go ahead: put all your eggs in one basket. Get an online password manager.
*Interestingly enough, in 2015, LastPass's servers were in fact hacked and all information on them was exposed so this is not just conjecture. As could be predicted, nothing particularly useful was exposed.
If you need help installing any software, feel free to contact HomeAdvisor.com.
GearBrain Compatibility Find Engine
A pioneering recommendation platform where you can research, discover, buy, and learn how to connect and optimize smart devices.
Join our community! Ask and answer questions about smart devices and save yours in My Gear.