2018-03-01

Best Password Manager (2018)

Some ideas as to how to best choose a password manager.

Encryption

Passwords should be encrypted using a NIST approved encryption algorithm such as AES.

Also, your master password (with which you unlock your password manager) should be stretched in a secure manner such as by the PBKDF2 algorithm. Password stretching is the practice of deriving a key from a password in an intentionally slow algorithm in order to fend off brute force attacks. For maximal security, the unlocking speed for the password stretching algorithm should be as slow as possible while not affecting usability.

Storage location

Where are your passwords stored? While online storage might seem convenient, this might also make the database where they are stored in an inviting target for hackers. If you do decide to use online storage, make sure your passwords are encrypted before they are uploaded, and that they are encrypted well! Or choose a password manager that stores your passwords locally on your device.

Will you need to pay a monthly fee? If your passwords are stored online - you might need to pay a monthly fee for that use.

Password use method

There are, generally, two types of password managers. Those which are embedded in your browser, and those which you use by copying your password from the password manager and into the browser. Again, while embedded managers seem convenient, they run the risk of leaking passwords to malicious websites.

Password Creation

A password manager should also contain a password generator. This generator should create a password with enough entropy to be impractical to brute-force. And also, preferably, with an option for creating random passphrases.

Cross-platform compatibility

Passwords should be transferable between operating systems so that you can use your passwords on different devices.




Penteract Password Manager

Penteract Password Manager uses AES-256 encryption, and PBKDF2 with HMACSHA512 for password stretching. Unlocking speed (-"iteration-count") is user-set so that you can choose the best speed depending on your hardware and its usage. All passwords are stored locally on your device, and are copy-pasted into your browser. It also has the advantage of being on big-name app stores (Microsoft's, Google's, and Apple's) for your peace of mind.

Its built-in password creator creates passwords with over 115 bits of theoretical entropy ("theoretical" because of the limitations of non-quantum-based password generators et al.). And creates passphrases from more than 4096 words for over 12 bits of entropy per word (e.g. 60 for a 5 word passphrase).

aka: How to choose a password manager.
Terms of Use