I Tested 7 Password Managers: the BEST of 2024 is…
Вставка
- Опубліковано 7 чер 2024
- Which is the best password manager? I spent the last month purchasing, downloading and using multiple software options to store passwords and I'm comparing all the features, including pros and cons. See the full feature comparison here: www.allthingssecured.com/pass...
🔹Links to Password Managers (affiliate)🔹
✅ 1Password: www.allthingssecured.com/yt/1...
✅ Proton Pass: www.allthingssecured.com/try/...
✅ Bitwarden: www.allthingssecured.com/try/...
✅ NordPass: www.allthingssecured.com/yt/n...
✅ Dashlane: www.allthingssecured.com/yt/d...
✅ RoboForm: www.allthingssecured.com/try/... (get 50% off using this link)
If you care about your personal security and privacy online, download my free security checklist here:
✅ Security Checklist: www.allthingssecured.com/secu...
🔹🔹Learn More about Password Managers🔹🔹
We've got a lot of great privacy- and security-related content here on the All Things Secured UA-cam channel (although we admit we're a bit biased). If you're wanting to learn more about how to use the best password managers to increase your security, check out these videos next:
✅ ULTIMATE Password Manager setup tutorial: • ULTIMATE Password Mana...
✅ 6 Password Manager Hacks you NEED to Use! • 6 hacks to secure ANY ...
✅ What are "Passkeys"? • Google Passkeys Have A...
🔹🔹Support All Things Secured (Recommended)🔹🔹
If you enjoy this kind of practical security and privacy content, one of the best ways you can help support this channel is by using these affiliate links to our favorite products and services. When purchasing through these links, you not only get the best available deal, the companies will also pay us a small commission. Thank you for your support!
✅ Recommended Password Manager: www.allthingssecured.com/yt/1...
✅ Recommended Identity Monitoring: www.allthingssecured.com/try/...
✅ Recommended 2FA Security Key: www.allthingssecured.com/yt/y...
✅ Recommended Secure Email: www.allthingssecured.com/try/...
✅ Recommended VPN: www.allthingssecured.com/try/...
*********************
Video Timestamps
*********************
0:00 - Testing 7 Password Managers
0:39 - Password Manager Comparison Criteria
0:57 - Open Source vs Closed Source
1:26 - Password Manager Longevity
1:48 - Password Manager Feature Comparison
3:04 - Unique Features of Each Password Manager
4:36 - Recommended Password Manager
*********************
A password manager is one of the easiest ways to build better security online, but there are so many to choose from. In this video, Josh breaks down what's important to consider and compares the best password managers based on features, trust and pricing.
#cybersecurity #cybersecuritytools #passwordmanager - Наука та технологія
There are a lot of great options to choose from, so the worst thing you can do is just NOT use one! (unless you're using LastPass, of course...in which case please stop using it). Which one have you chosen to use and why? Leave a comment.
I've been using BitWarden, which evolved from whatever it's name use to be - Edward Snowden recommended it. I'm a "Premium" subscriber because I can use my YubiKey for my 2FA when logging into BitWarden. I also like that all three of their Data centers are all in Germany which, in my mind, make the info in Bitwarden password manager beyond the reach of any & all Federal Governments. They also have their Data Centers inspected by 3rd party Hacker groups who make every effort to hack into their Data Centers & BitWarden then transmit their Final Report to all Bitwarden Account holders.
Took your advice some time ago and ditched Nordpass for 1Password. Thanks! It's vastly superior!
Last year, I found a Google extension for Bitwarden Free Password Manager, so I installed it.
I haven't yet got around to fully setting it up, but it seems to be very good so far.
Happy new year to you and yours, and many thanks for all of your excellent advice. Stay well.
I use KeepassXC on my PC, and KeepassDX on my Android phone. I also have a Bitwarden subscription for the browser. Bitwarden's browser autofill isn't perfect, though. If I want to fill in secret questions, I will need to do some manual copy/paste. Zoho Vault does a better job in this area, so since it's free, I use that in the browser, too. Each vault has its own unique (very long -- 44 characters for Bitwarden, 43 characters for Zoho, and 37 characters for KeepassXC) password, and I have backups and redundancy.
I'm very happy with the trio.
Vaultwarden, the selfhosted version of bitwarden.
Bitwarden for years 🏆💯
Awesome!
Bitwarden is awesome. 💪
I jumped ship to Bitwarden after the LastPass debacle. Been great ever since!
Bitwarden is phenomenal - introduced to them professionally and liked it so much I signed up with them for personal use. Been a happy customer for years, and not a single price increase to speak of. I am also in the Proton ecosystem (I had BItwarden before I bought into Proton) and proton pass is cool but not feature-rich enough to pull me away from Bitwarden.
I just opened my BW after transferring from Last Pass. To anyone else reading this who wants to do the same it took me less than 5 mins to do the whole thing. Just select the Export function from LP which spits out an Excel file with your data. Point BW to that file and it sucks it up. Delete your LP account and secure delete that Excel file. All done.
how awesome are you!! I was looking for an unbiased review which is, apparently, a difficult task. Thanks for this overview :)
thank you for doing valuable, hard work for us Josh!
My pleasure, Steve!
Hear hear!
Thanks for an awesome breakdown but a plain english approach to them. I have used different PW managers over the years and was good to hear you talk about just the simple things that an end user wants rather than just the technical backend elements.
I appreciate that. Thanks!🙏
Bitwarden can be interfaced with some email alias services. You just need an API code.
Correct. And you need to pay for those additional services as well. With Proton Pass, it's part of the package. That's my point.
@@AllThingsSecured Ah, I thought you had to pay at Protion Pass for that.
@@AllThingsSecured Not necessarily. I am using anondaddy integration without making any payment.
Love your vids Josh
Thanks so much! I really appreciate that.
Thankyou for the unbiased, straight to the point review!
My pleasure👍🏻
Thanks for the useful review.
Glad it was helpful!
Another excellent video Josh. i really enjoyed this one!
Glad you enjoyed it!
One question I have after this video, which may be able to be a video on it's own, is to investigate the differences in actual security afforded by each of these password managers. Do they all use the same encryption or is there a clear winner in security?
Yea, that’s actually a hard one to answer because in some cases it’s closed source software. Still - it’s a good conversation to have and I’d love to learn more myself.
Thoughts on keeper?
Great tips, thanks
Glad it was helpful!
Thanks for the great videos. My question is when you go from Lastpass to 1password and do the export of your passwords from Lastpass, are they in fact downloaded in an unsecured way to your desktop or is that done locally? What is the safest way to download the csv file of your passwords to import them. The csv file is not encrypted in any way when it downloads. This is something no one seems to cover off in their videos.
Any password manager export is going to be unsecured, so it’s best to import it as soon as you can and make sure the csv file is properly deleted.
@@AllThingsSecured Thanks for answering- Yes I realize that , but my question is , is it downloaded from the web unsecured or is it locally created. .
Thank you for the video. I would have loved to hear you about the country of data storage. It seems to me that there are more risks in some countries where the law allows the state to have an eye on your data.
In Bitwarden you can choose between US and EU
I'll be interested in ProtonPass when it ca be self hosted. Good effort in the right direction though :)
Thanks for the vídeo!
About 12 yrs ago , Apple associates were recommending One Password and it hasn’t failed me yet. I’d like to pay to have it on my Mac as well , unfortunately I can’t figure out how to do it and their CS via email is w a robot. Which I could not understand. Your channel helps a lot. Thank you
I'm glad it's helpful! So you're not able to use 1Password on Mac? They have a dedicated app to download on the app store.
CS from 1PW is terrible. I've been using it since about 2008 but sure wish I could find something else. Too big, too bloated for me. I looked at Minimalist Password Manager (Apple only) and like it but the company is so new, I wonder if it can survive
This doesn’t make any sense. There has been a desktop app available for Mac for years now.
Do any of them allow to authenticate from a different device?
Example I’m working on my Laptop 💻 that doesn’t have biometrics but can easily authenticate if it prompted my iPhone
Bitwarden does.
Hi Josh. Have you made a video yet about self-hosting Bitwarden? Benefits and detriments? I have the time (and am willing) to learn the process - but only if it’s worth it.
Hey Caleb, I haven't. Honestly, I'm happy with my password manager setup and don't have the desire to self-host at this point. Perhaps there's another creator who has a tutorial about this?
Sounds good, thank you Josh. @@AllThingsSecured
I have been self-hosting vaultwarden (a Rust implementation of the Bitwarden server) for years. If you have a Linux device like a NAS or a mini PC that you can setup Docker on, it's extremely easy to setup either the official Bitwarden server (which uses 2 GB of RAM because it uses Microsoft SQL Server for its database) or vaultwarden (which uses less than 500 MB of RAM because it uses SQL Lite, or optionally mariadb for its database like I'm doing). Vaultwarden is not fully featured, but it's not really missing anything I miss.
No subscription fee necessary, but I'm not having it plug in 2FA codes for me as I would consider that a security vulnerability anyway, I just use Authy to keep track of my tokens and put them in manually.
thanks for this video and others, you are truly a proffesional
[binged your channel for some time]
Awesome! Thank you!
Thank you.
Que opinas de enpass password y awallet cloud?
Love your video’s, You forgot an important one: Keeper
Thanks. I forgot a lot of them. Too many to fit in one video!
I have used Keeper for years and nobody talks about it! That may be a good thing!
Super overview! Enjoyed the video! What password manager is your second choice.? Would have been good to also mention Bitwarden's org plan capability to share passwords with those in your group. Not sure if the others had that capability.
Thanks! My second choice is Proton Pass because of the email alias solituon.
The org plan is only for the paid product (annual subscription). I highly recommend it because of the 2-factor (one time codes, aka "authenticator" code) support. They are working on passkey portability. It also supports an email alias service.
@@mike80808Agree. Well worth the costs.
1Password has that ability.
Not telling a bunch of strangers on the internet which manager I use, but as a real cheapskate in general I'm more than happy to subscribe to their premium service even though they have a great free option. Using a password manager has literally been life changing and the few dollars a month is honestly nothing compared to the value I get.
Hi Josh! I would like you test Kaspersky Password Manager (that include 2FA suport).
hey great - what about KEEPASS - a self hosted password DB. Using it since 2005.
Yea, it's definitely a good option. I couldn't include all of them in one video.
Great video! What are your thoughts on Express VPN Keys as a password manager?
I didn't even know they offered a password manager, if that says anything ;)
What about Kapersky password Manager?@@AllThingsSecured
Can one import entries from Lastpass into Bitwarden rather than do that manually and one by one?
Yeah bitwarden has a dedicated import option
I use iOS devices and a windows PC. The icloud password functionality works great for me, even on windows 11 with the relatively new browser extension for edge and chrome. Why would I need anything else?
I agree iCloud works well, with 2FA and PassKey support, plus it includes Hide My Email, similar to what NordPass offers. The only time it doesn't work is if you use Android. I would definitely recommend iCloud to iPhone and iPad users who are not willing to pay extra for a third party service.
because icloud had security breachs aswell already
@@SweatyFeetGirl really
Great data
Thanks so much!
I used *Myki* Password Manager before the swine sold out and closed down. As a 68 year old who has issues remembering new things it was dead easy to use. Ended up with NordPass which was the best of the worst but still don't like them storing the Vault in the Cloud. I had Myki make scheduled backups every 7 days. No idea what I'm supposed to do with NordPass and likely wouldn't remember even if I read about backups.
Hey, thank you for a great content!
What about C2 pw manager?
Never heard of it.
I thought I had one too many beers at 5:04 seeing Bitwawarden :)
I have a question: Isn't it better to use Proton Pass with Microsoft Authenticator. That is, generate passwords with Proton Pass but use Microsoft Authenticator for 2FA? I know I can do this with Proton Pass, but isn't it more secure to separate the process of generating passwords and 2FA? I hope you understand my question
Thanks
If you want an inexpensive family plan, Synology C2 password is a great choice. $5 per year for six accounts is ridiculously good.
Interesting. I've never used them before.
I'd love to see what you think about Cloaked
I've been using a lot of Cloaked features, but not the password manager yet.
GREAT! 👍
👍🏻👍🏻
Thanks so much! ❤ My question is what happens if
1) I need to access a site from a computer/browser that's not mine, and where the password manager is not downloaded?
2) the password manager company becomes unavailable?
😬🤔🙏
It's a good security habbit to NOT store your 2FA / TOTP on the same device as your password manager, ie it's NOT advised to let your password manager generate your 2FA.
For some accounts, sure. For others, I honestly don’t care. Here’s my strategy for how I treat 2FA and password managers: ua-cam.com/video/XOvapxmgPjc/v-deo.htmlsi=fjtzjoLEr-239g3R
What about Keeper?
which is better for Linux?
I own an iPhone but use linux in PC, I need a password manager to syncronization between iOS and Linux
I've always used BitWarden. It integrates flawlessly with iOS, they have a Linux app, and browser extensions. The browser extension is a lot more useful tbh, since most of the time you'll be auto filling in the browser, but I digress.
Would probably guess Bitwarden, works good on most platforms👍🏻
Keep up 🆙 👍 😅
Very happy with Bitwarden 😃
Great!
Why pay all of these while you can use foss stuff like keepass or keepassxc even?
Because while FOSS works well for a certain type of person, you have to understand that the average internet user finds the websites uninviting and would prefer to have a native mobile app.
I'm not saying KeePass isn't good, I'm just saying that people pay for a great user experience and convenience. And honestly...$1-$2/mo is worth it if I'm trying to get my mom to use a password manager.
Keepass is an awesome project, but then you have to either self host your database or trust someone else. With how prices are for electricity, the cost of running even a rpi for 365 days a year cuts pretty close to the sub price.
Also, the mobile apps suck so bad.
same thoughts. I'm running it with syncthing (p2p alternative for dropbox/g drive etc) so there is no need for a
server (with some limitations due to p2p nature) but one can use any file sharing platform already used. KeepassDX on android works great, plugins for chrome/ff are also great. And no passwords on 3-rd party machine is a plus for me.
@@flaminbutt The KeePass DB is encrypted, so it doesn't matter which cloud storage you use. The apps like keepassdx for android are perfectly fine
Why no heylogin?
How about Keeper password manager?
What about KeePass XC?
It’s another option, yes.
it would be cool if you mentioned how easy it is to export passwords out of the manager, not just into the manager
Honestly, they're all pretty much the same. They all easily export to a CSV file without any issue.
Do you think storing 2fas and passwords in a single area is a good idea?
I share a full answer to that here: ua-cam.com/video/XOvapxmgPjc/v-deo.htmlsi=b_brt9vKhqIfBMSe
All of them seem cloud-based. What about local password managers such as Keepass? I'm trying to see if Buttercup is the same. Local
You can self-host Bitwarden.
@@Eternal_Mission316 Buttercup by default isn't very secure. Copied passwords are still saved in the clipboard even after the program is closed!
What do you think about Enpass?
I have a good friend who uses and highly recommends them, I’ve just never tested it.
@@AllThingsSecuredDo give it a shot. I’ve been using it for a few years now, and I love that *I* get to decide where my vault lives. There is no central vector for attack.
What do you think of True Key
Never heard of it
Keeper!!
Be nice to see your thoughts Apple keychain.
Cool shirt!
Thanks 🙏
Keypass for me, been using it for years and it is portable so you can put it on a flash drive and Portapp software
👍🏻👍🏻
Josh: "I'm just gonna remove Last Pass from this list"
Me: Staring at the Last Pass browser extension in my Firefox 😭
Bitwarden, here I come.
Great channel and presentation I subbed!
Thanks!
How about Keeper Security?
Lots missing on this list, I’m sure. They just didn’t make the cut.
@@AllThingsSecured been using them for 15 months, no troubles so far. Plus, their security model makes a lot of sense
@AllThingsSecured i did an evaluation and Keeper was the best solution in my case (enterprise) i also switched to them from 1password. The documentation and functionalitys are insane
Thks but ??How does YubiKeys compare to them??
Two different parts of your online security.
@@AllThingsSecured
Hmmmm .... Wellllll going-online & getting another damned password kinda defeats the whole purpose (& I would like to KISS ;)
1. ??How many good-old-fashioned PASS words/phrasescodes/PINs/tokerns/etcs can I put on a YubiKey??
2. ??Can a YubiKey do both Time & Hash OTP stuff instead of using a phone/computer app to run-it??
3. ??What can I do with a YubiKey that I can't do with a Password Manager??
4. Computer authenication terminology is driving-me-crazy. ??Is there a divine/sacred website for dummies that lists/explain the terminology in Occam's Razor terms??
1Password fan boy. Best of the best.
Absolutely!
Keeper Security?
Proton pass has so far been my favorite.
What makes that one your favorite? Which others did you compare to?
1Password is all I need
👍
Why does no one talk about Enpass they allow you to store your vault with whom you choose.
I wonder the same thing. I've been using Enpass for many years & like it. Just don't ever forget your password vault's password or you're shit out of luck!
@@The_Dark_Knight_Forever lol Right!
You’re right. It’s like 1Password before they switched to the subscription model.
Honestly? Because I’ve never heard of them or used them. There are plenty others.
@@AllThingsSecured Thank you for the Reply and Honesty! Check them Out I think they seem pretty secure I have been using them for a few years now.
Great job. Another one you can include in your reviews is the Apple password manager, though it's limited to Apple devices.
Seems to me that Apples password manger is just a secure as these and you don’t have to pay for it? Why did you not mention it?
I jumped into 1password some time ago and I'll never go back.
Had no trouble at all! Next step would be to transfer 2fa from authy to 1password
Great!
Is it a good idea to keep passwords and 2FA in the same app? Serious question.
@@lonewolf-T-good question. I think so, but because I really trust in the security of my password manager - also I change my master pw periodically. I may be putting some level of risk here, but honestly I don’t think it’s that big deal, comparing with the convenience of having pw and 2FA in the same app.
@@mr.octopus-plag thanks 👍
@@lonewolf-T- I’d say no, it’s not. I use Authy with PIN and FaceID to unlock the app. I feel safer having my 2FA store seperate from my password vault.
what about mSecure?
I’ve never used them so I don’t know.
What about the Norton Password Manager?
I'm sure it's a good piece of software, but I've never been a huge Norton fan so I've never used their password manager. Sorry.
@@AllThingsSecured it is perfectly fine, would you mind testing and making a video on it one day?
What about passbolt??
Never heard of them, so I’d be wary.
If you only want to use the password manager to access Web apps, the ones mentioned are good. However, if you want to include passwords for Windows apps they are not so good. If you can get them to work at all, you cannot use autofill and will have to cut and paste passwords.
What about Sticky Password? I have lifetime license =)
If it works for you, that's great! I have no experience with them.
I've been a loyal Sticky Password user for years without any issues. Additionally, it offers affordable dark web scans and a lifetime license.
@@AllThingsSecured I have used Sticky Password for several years with Lifetime license as well, and its been solid. Only issue I have now is it does not support the new hardware keys for 2FA so I am considering switching to 1password as I want that extra layer of security now that I am getting into using these keys.
Keepass?
Bitwarden FTW
Those who use it love it, that's for sure.
Proton pass needs native app support on mac & windows
2FAS ?
I was waiting to hear security as a measure also but it wasn't there.
Is it really safe and secured? Kind of strange and risky to put all your passwords and even credit cards numbers on the web. At the same time I had to spend time looking at my password list for various sites and accounts.
i trust online password managers like bitwarden more than i trust myself to manage, but if you are okay with tinkering you can host a password vault yourself on your machine. bitwarden lets you do that
If you choose one of these options and use a strong master password with 2FA, then you should not have to worry about it being hosted “on the web”.
While it can be a pain in the butt to gather all your passwords if you have to look for them, that is where the ultimate beauty of the password manager comes in. Set it up and have it remember them every time you enter one. You will build the list without much extra effort and then it becomes ridiculously easy to no longer be one of the “low hanging fruit” going forward.
When it comes to storing documents, as long as the password manager provider does not hold the key to your vault and have your 2FA token they can’t read it no matter what happens. You documents are as safe there as they are in your house or in your wallet. Unless, of course, you live in Fort Knox and you leave your wallet locked up at home when you go out.
I’ll upvote Bitwarden. At $10 a year it is ridiculously cheap for the immense value and peace of mind it gives.
You don't have to put your credit cards if you don't want to. And if you go with the right software, I do believe that it is incredibly safe and secure.
They're encrypted in such a way that even the hosting company can't access the unencrypted data.
if my phone is stolen and hacked, what is the point of a password manager?
Keepass all the way!
Reason I like Josh's video, straight to the point 🙂 Great content once again !
Thanks!
why not mozila?
Using pen and paper and a.small vault box!😇done. Hack through that!😂
👍🏻
🙏
Passbolt?!!! I’d love to see reviewed
Never heard of it 🤷♂️
I kinda liked it but bitwarden is my go to. I cannot remember if it has attachments tho...
Zoho Vault please
Bitwarden #1 😎
👍🏻
keepass is not as versatile as some other other password managers.
But it is open source, easy to use, and feature rich.
I have noticed, however, that when you store too many documents in keepass (or to put it another way, when your encrypted database gets to a certain size), then saving changes to your keepass database takes a few seconds. I am using an old i7 CPU. So maybe a more modern CPU would not have that issue?
It is a minor issue, as most folks (including me) probably do not make changes too often.
But I wonder if you had a gigabyte of data in your keepass database, and saved a simple change, if it needs to process the entire gigabyte of data to save it in your keepass database?
I do not know if the above performance issue is unique to keepass?
But if you do not store too many documents in your keepass database, it will save your changes very quickly.
Your entire password vault is saved into a single file. That makes it simple to copy it to other locations, as a backup.
No subscriptions. No fees. It just works.
I am very pleased with keepass.
Glad to hear it. I know many people who enjoy Keepass.
Maybe worrh mentioning now, around 2 weeks ago proton pass halved their price for the 1 year plan
Very true. How often does THAT happen??
please do this for authenticators as well
2024 i start use proton pass is awesome but need some upgrade cause it is new launch one issue the free plan doesn't support 2FA 😕
Yea, all the free plans for each of these companies has some kind of limitation.
Proton is Swiss based. So no sneaking from USA and EU… That’s the extra security…
👍🏻
You missed a lot of things and services. Maybe next time mention the offline ones that can sync with cloud, attachment, sharing, vault upload to cloud, etc.
Thanks for the feedback.
Maybe a top 10 next time and mention specific features.
👍
He actually got Very Specific when it comes to features.
5:06 BitWaWarden
The one criteria you forgot (and which I'd consider one of the most important) is EXPORT. The possibility of the company going down and taking all my passwords with them is what keeps me from using ANY password manager. That, and putting all your passwords in one basket being an obviously stupid idea in the first place. Perfect target to attack.
they all have a csv export option.
Bitwarden is the best as you can even host the server yourself.