Avoid The Hack: 4 Best Password Manager Picks For Security (and Privacy)
Password management is essential to the security of your passwords and thus the security of your online accounts.
You probably know not to reuse passwords or to use weak passwords. You also probably know that you should use a password manager (or currently use one)... Ideally, you'd use a password manager that has a good security history and is open source, such as those found here.
As a note, it's highly suggested that you read avoidthehack's guide to the world of password managers first to get acquainted with password managers and how using one will benefit you if you're not using one already. For those looking for some solid alternative to the popular closed-source password managers out there, this post should also help.
All password management solutions listed here are free (or follow an ethical freemium model) and open source!
Bitwarden
Highlights
- Open source and self-hostable
- Cloud version available for easy syncing between your devices, widespread support for devices
- Free version is generous in features (not just a trial!)
- Conducts regular security audits, complying with Privacy Shield, HIPAA, and GDPR standards
Bitwarden is an open source password manager. Bitwarden can either be self-hosted on your own hardware/instance or you can use the Bitwarden cloud in a software as a service (SaaS) set up. Many people may choose to use the Bitwarden cloud over self-hosting their own instance - and that's perfectly okay.
Bitwarden's code base regularly undergoes security audits and publishes the results on its official website. It's compliant with various security and privacy standards to include Privacy Shield, HIPAA, and GDPR. Overall, it's well-developed and maintained with new features in the works and bugs consistently being fixed.
Bitwarden is the ideal drop-in replacement for other cloud/syncing password managers such as 1Password, LastPass and Dashlane as it's open source and has a stellar security history. Additionally, Bitwarden uses zero-knowledge encryption and has a favorable, easy-to-understand privacy policy that allows Bitwarden (cloud) users substantial control over their data.
The paid version of Bitwarden comes in tiers, first broken down into Personal and Business. Under the personal plans, the paid version of Bitwarden gives access to premium features such as Advanced Two-factor authentication (2FA), Emergency Access, and Bitwarden Authenticator.
Bitwarden is compatible with most operating systems and devices, featuring availability for Windows, macOS, and Linux devices; on mobile, both iOS and Android are supported.
Vaultwarden
Highlights
- Less resource intensive than vanilla Bitwarden
- Runs on ARM devices (ex: the Raspberry Pi)
- Open source and self-hostable
Vaultwarden is a community-run fork of Bitwarden that is compatible with Bitwarden's upstream; meaning that Bitwarden's core features work while implementing Vaultwarden.
Vaultwarden is intended for people interested in self-hosting their own Bitwarden instance.
The main difference between the main Bitwarden server and is Vaultwarden is far less resource intensive than the official Bitwarden source code, allowing it to be hosted on older or slower hardware. Vaultwarden also supports ARM-devices, thus allowing users to host their own instances on smaller devices like single board computers such as the popular Raspberry Pi.
While many features from the official Bitwarden server source remains available in Vaultwarden, please note that not all features may work. This primarily applies to the Enterprise features that Bitwarden offers; users looking to utilize Bitwarden's Enterprise features via Vaultwarden may find doing so difficult.
KeePassXC
Highlights
- Open source and self-hostable
- Widespread support for many platforms
- Works offline (doesn't require an internet connection)
- Flexible database storage options
KeePassXC is a community-run fork of the outdated KeePassX password manager.
KeePassXC aims to provide a comprehensive local password management experience. In other words, KeePassXC doesn't have native cloud/sync support across devices.
The biggest upside to this is you don't need an internet connection to access/use your password manager as is necessary for cloud-based password managers.
Also, it's important to understand that the lack of cloud-based support doesn't mean there is a lack of features or support. KeePassXC has easy-to-use import and export features, storing of TOTP codes, and password database management. KeePassXC has support for many operating systems out there, to include Linux and its different flavors.
The cloud is convenient in many ways, so this one tidbit may turn average users off. However, an easy way to get around this and enable very similar cloud-based password manager functionality is to upload your KeePassXC database to a cloud file hosting service of your choice. This way, you have one less tie to one less provider should you decide to change password managers.
KeePassDX
Highlights
- Open source
- Designed specifically for Android
- Works offline (doesn't require an internet connection)
KeePassDX is another community-run and open source password manager available only for Android devices. It's compatible with other KeePass products, such as KeePassXC, which allows for easier interoperability between the two.
KeePassDX is focused on being lightweight and secure, providing easy and secure password management and form filling tools on Android devices. Your data is stored in a single encrypted file completely under your control.
Like KeePassXC, KeePassDX does not have in-built cloud functionality into the app itself. However, you can store your database at a trusted cloud storage provider to achieve similar results.
While the bulk of KeePassDX features are free, users can upgrade to KeePassDX Pro which unlocks cosmetic content and non-standard protocol features. An upgrade to KeePassDX Pro contributes to KeePassDX's future development.
Criteria for password manager recommendations
At a minimum, to be listed as a recommendation on avoidthehack, password managers must:
Provide zero-access encryption for vault data
Data contained in user vaults should be encrypted with strong, reputable cryptography solutions and blind to the any servers involved in rendering the service. The platform itself should not have any copies of keys for accessing user data; private keys should only be stored on the user’s chosen devices.
Be open-source
Open-source solutions allow users to self-host the password software. It also promotes transparency which is especially important in a software handling and storing sensitive information such as account credentials.
Have no tracking in software
Password managers listed here should not have trackers embedded in the software.
Nice-to-haves
Support for multiple platforms
Support for multiple platforms helps include a wider demographic of users to try out various password management solutions and improve adoption rates.
Final thoughts
In today's world, password managers are a must-have if you want to secure your online accounts; they generate truly strong passwords, prevent password reuse, and provide highly secure storage for passwords and other sensitive information alike.
The password managers listed here are designed with security, transparency, and user trust in mind.
Password managers should not be thought of as a "single point of failure" if you opt to use one. Just be sure to use a super strong master password when using any of the password managers recommended here you should be fine.
Long story very short: you're better off using a password manager than not - and ideally you'd pick one from this list as the password managers listed here respect your privacy and have stellar security track records. The password managers here also offer supreme flexibility over many of their commercial and closed-source counterparts.