Creating and remembering strong (long) passwords is a chore, and leads to poor security practices such as shorter passwords, reuse of passwords, and writing down passwords in a password list or book that could be stolen. The best way to create strong passwords and store them for use is a password manager.
The easiest password managers are found in popular web browsers such as Chrome, Firefox, and Edge. Safari uses the Apple keychain. Using a browser-based password storage tool is not your most secure option, but it is better than nothing. So if that is the way you roll, just understand that the storage and encryption used by browser-based systems is not necessarily attack-proof.
Google recently announced that the password manager built into Chrome will now search for and report on any of your passwords that were involved in a data breach. This new feature allows users to easily identify and change passwords that may no longer be secret, and avoid using insecure passwords when creating new ones.
Back in March 2019, Mozilla introduced Firefox Lockbox phone app. While it is not as fully developed as most other password managers, we can expect that to change over time. This app does couple your browser with a phone app, and can be secured with a PIN, fingerprint, or facial recognition. At this time it does not detect if a password of yours has been breached.
Many other password managers also provide breached password alerts. Most of this functionality is tied into Troy Hunt’s Have I Been Pwned website and database through APIs. You can sign up on the HIBP website directly to be alerted when passwords of yours have been breached on a website. The list of sites that have breached passwords of mine has grown over the years from six the first time I checked to over twenty currently.
If this is a feature you are looking for, here are some popular password managers that provide it.
- Cloud-based services
- LastPass
- Dashlane
- 1Password
- Open source and local storage
- BitWarden
- KeePass
- Smartphone apps
- Firefox Lockbox
- Myki
If you are using a password manager that we did not cover in this article, please tell us about your experience by leaving a comment.
Share
OCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com