There are a lot of great options to choose from, so the worst thing you can do is just NOT use one! (unless you're using LastPass, of course...in which case please stop using it). Which one have you chosen to use and why? Leave a comment.
I've been using BitWarden, which evolved from whatever it's name use to be - Edward Snowden recommended it. I'm a "Premium" subscriber because I can use my YubiKey for my 2FA when logging into BitWarden. I also like that all three of their Data centers are all in Germany which, in my mind, make the info in Bitwarden password manager beyond the reach of any & all Federal Governments. They also have their Data Centers inspected by 3rd party Hacker groups who make every effort to hack into their Data Centers & BitWarden then transmit their Final Report to all Bitwarden Account holders.
Last year, I found a Google extension for Bitwarden Free Password Manager, so I installed it. I haven't yet got around to fully setting it up, but it seems to be very good so far. Happy new year to you and yours, and many thanks for all of your excellent advice. Stay well.
I use KeepassXC on my PC, and KeepassDX on my Android phone. I also have a Bitwarden subscription for the browser. Bitwarden's browser autofill isn't perfect, though. If I want to fill in secret questions, I will need to do some manual copy/paste. Zoho Vault does a better job in this area, so since it's free, I use that in the browser, too. Each vault has its own unique (very long -- 44 characters for Bitwarden, 43 characters for Zoho, and 37 characters for KeepassXC) password, and I have backups and redundancy. I'm very happy with the trio.
Bitwarden is phenomenal - introduced to them professionally and liked it so much I signed up with them for personal use. Been a happy customer for years, and not a single price increase to speak of. I am also in the Proton ecosystem (I had BItwarden before I bought into Proton) and proton pass is cool but not feature-rich enough to pull me away from Bitwarden.
I just opened my BW after transferring from Last Pass. To anyone else reading this who wants to do the same it took me less than 5 mins to do the whole thing. Just select the Export function from LP which spits out an Excel file with your data. Point BW to that file and it sucks it up. Delete your LP account and secure delete that Excel file. All done.
Something that seems to be overlook in SO MANY reviews like this is support. There are a stunning number of companies that create software/services and then put them out in the world with zero support. When the stuff hits the fan, you want to be able to get help/support. When shopping for new software/services, I put more value on support than just about any other "feature". I wish more reviews would focus on support. Maybe if they did, companies developing products might put more value on it and actually do support well.
Josh: "I'm just gonna remove Last Pass from this list" Me: Staring at the Last Pass browser extension in my Firefox 😭 Bitwarden, here I come. Great channel and presentation I subbed!
lmaooo bro i literally just did the same thing. Like paused the video at the end to signup for bitwarden and then export and move my lastpass stuff over, super easy. Then came here to make basically this same comment.
@@JayReevesCLT The transfer really went seamlessly didnt it! its the only thing ill give LastPass props for - very easy to suck out the database and zap it into BitWarden!
It's a good security habbit to NOT store your 2FA / TOTP on the same device as your password manager, ie it's NOT advised to let your password manager generate your 2FA.
For some accounts, sure. For others, I honestly don’t care. Here’s my strategy for how I treat 2FA and password managers: ua-cam.com/video/XOvapxmgPjc/v-deo.htmlsi=fjtzjoLEr-239g3R
Not telling a bunch of strangers on the internet which manager I use, but as a real cheapskate in general I'm more than happy to subscribe to their premium service even though they have a great free option. Using a password manager has literally been life changing and the few dollars a month is honestly nothing compared to the value I get.
About 12 yrs ago , Apple associates were recommending One Password and it hasn’t failed me yet. I’d like to pay to have it on my Mac as well , unfortunately I can’t figure out how to do it and their CS via email is w a robot. Which I could not understand. Your channel helps a lot. Thank you
CS from 1PW is terrible. I've been using it since about 2008 but sure wish I could find something else. Too big, too bloated for me. I looked at Minimalist Password Manager (Apple only) and like it but the company is so new, I wonder if it can survive
Thanks for the great videos. My question is when you go from Lastpass to 1password and do the export of your passwords from Lastpass, are they in fact downloaded in an unsecured way to your desktop or is that done locally? What is the safest way to download the csv file of your passwords to import them. The csv file is not encrypted in any way when it downloads. This is something no one seems to cover off in their videos.
Thanks for an awesome breakdown but a plain english approach to them. I have used different PW managers over the years and was good to hear you talk about just the simple things that an end user wants rather than just the technical backend elements.
@@lonewolf-T-good question. I think so, but because I really trust in the security of my password manager - also I change my master pw periodically. I may be putting some level of risk here, but honestly I don’t think it’s that big deal, comparing with the convenience of having pw and 2FA in the same app.
@@lonewolf-T- I’d say no, it’s not. I use Authy with PIN and FaceID to unlock the app. I feel safer having my 2FA store seperate from my password vault.
I used *Myki* Password Manager before the swine sold out and closed down. As a 68 year old who has issues remembering new things it was dead easy to use. Ended up with NordPass which was the best of the worst but still don't like them storing the Vault in the Cloud. I had Myki make scheduled backups every 7 days. No idea what I'm supposed to do with NordPass and likely wouldn't remember even if I read about backups.
Because while FOSS works well for a certain type of person, you have to understand that the average internet user finds the websites uninviting and would prefer to have a native mobile app. I'm not saying KeePass isn't good, I'm just saying that people pay for a great user experience and convenience. And honestly...$1-$2/mo is worth it if I'm trying to get my mom to use a password manager.
Keepass is an awesome project, but then you have to either self host your database or trust someone else. With how prices are for electricity, the cost of running even a rpi for 365 days a year cuts pretty close to the sub price. Also, the mobile apps suck so bad.
same thoughts. I'm running it with syncthing (p2p alternative for dropbox/g drive etc) so there is no need for a server (with some limitations due to p2p nature) but one can use any file sharing platform already used. KeepassDX on android works great, plugins for chrome/ff are also great. And no passwords on 3-rd party machine is a plus for me.
@@bobloblaw3191Assuming that the average person that doesn't really know about security doesn't use simple passwords to protect that database. I've been using keepass for over 10 years. Linux is my primary operating system, so I know what I'm doing. But I can't imagine my mother or my father using it for the life of me. Let alone maintain it.
What are your thoughts on the fact that Proton Pass does not allow you to have a separate password from your other proton services, such as email? They have added a secondary password that you have to enter along with the main password that is for their other services. I'm not sure how secure that would be.
Hi Josh. Have you made a video yet about self-hosting Bitwarden? Benefits and detriments? I have the time (and am willing) to learn the process - but only if it’s worth it.
Hey Caleb, I haven't. Honestly, I'm happy with my password manager setup and don't have the desire to self-host at this point. Perhaps there's another creator who has a tutorial about this?
I have been self-hosting vaultwarden (a Rust implementation of the Bitwarden server) for years. If you have a Linux device like a NAS or a mini PC that you can setup Docker on, it's extremely easy to setup either the official Bitwarden server (which uses 2 GB of RAM because it uses Microsoft SQL Server for its database) or vaultwarden (which uses less than 500 MB of RAM because it uses SQL Lite, or optionally mariadb for its database like I'm doing). Vaultwarden is not fully featured, but it's not really missing anything I miss. No subscription fee necessary, but I'm not having it plug in 2FA codes for me as I would consider that a security vulnerability anyway, I just use Authy to keep track of my tokens and put them in manually.
Do any of them allow to authenticate from a different device? Example I’m working on my Laptop 💻 that doesn’t have biometrics but can easily authenticate if it prompted my iPhone
I use Chromebook and Android primarily. I also use Windows and iPhone, but much less frequently. Currently I use an encrypted database Memento, however Memento does not work with encrypted databases on iPhone. Is it worth upgrading? To which?
I wonder the same thing. I've been using Enpass for many years & like it. Just don't ever forget your password vault's password or you're shit out of luck!
Super overview! Enjoyed the video! What password manager is your second choice.? Would have been good to also mention Bitwarden's org plan capability to share passwords with those in your group. Not sure if the others had that capability.
The org plan is only for the paid product (annual subscription). I highly recommend it because of the 2-factor (one time codes, aka "authenticator" code) support. They are working on passkey portability. It also supports an email alias service.
Bitwarden Free enables you to create shared vaults between two users. This is a killer feature for couples who like to share some of their logins like Netflix and don't want to pay ekstra for a family license 👍
I have a question: Isn't it better to use Proton Pass with Microsoft Authenticator. That is, generate passwords with Proton Pass but use Microsoft Authenticator for 2FA? I know I can do this with Proton Pass, but isn't it more secure to separate the process of generating passwords and 2FA? I hope you understand my question
I've thought of that too. If someone gains access to your proton pass account they'll have both the password and the 2FA code to enter your accounts, so it kinda defeats the whole point of having 2FA enabled, doesnt' it? or am I missing something here?
@@AllThingsSecuredDo give it a shot. I’ve been using it for a few years now, and I love that *I* get to decide where my vault lives. There is no central vector for attack.
I use iOS devices and a windows PC. The icloud password functionality works great for me, even on windows 11 with the relatively new browser extension for edge and chrome. Why would I need anything else?
I agree iCloud works well, with 2FA and PassKey support, plus it includes Hide My Email, similar to what NordPass offers. The only time it doesn't work is if you use Android. I would definitely recommend iCloud to iPhone and iPad users who are not willing to pay extra for a third party service.
Which of these has integration with (1) FIDO security keys (NOT non FIDO compliant Yubikey) (2) Passkeys? In theory, on the Browser, only true built-in Browser password management is truly secure, not any that use extensions, which is everything in your list.
@AllThingsSecured i did an evaluation and Keeper was the best solution in my case (enterprise) i also switched to them from 1password. The documentation and functionalitys are insane
One question I have after this video, which may be able to be a video on it's own, is to investigate the differences in actual security afforded by each of these password managers. Do they all use the same encryption or is there a clear winner in security?
Yea, that’s actually a hard one to answer because in some cases it’s closed source software. Still - it’s a good conversation to have and I’d love to learn more myself.
With the closed source application very hard to know what type of encryption or what is being encrypted and what is not being encrypted since you can't see the source code. But there is a very good trade off in having your application open souce. You can argue the opposite but a case in point is if LastPass had been open source someone would have caught their vulnerabilties early on and could have possibly prevented their software being compromised. As it stands today LastPass has lost all trust and credibility in securely hosting a password management website. This to me is why 1Password and Bitwarden stand above the closed sourced systems.
Hey!!! I appreciate your video, very informative. Would've liked that you include keeper as its largely used in corporate environments and has this family protection plan for family of rmployees where you can use premium license without a premium subscription as long as your company pays it for you.
@@AllThingsSecured I have used Sticky Password for several years with Lifetime license as well, and its been solid. Only issue I have now is it does not support the new hardware keys for 2FA so I am considering switching to 1password as I want that extra layer of security now that I am getting into using these keys.
Lastpass has been hacked several times and provide jack shit in terms of support that the other alternatives provide for free, don't use them. I used to use LastPass years ago but switched to Bitwarden in 2019 and haven't looked back.
I have 1password, I wanted to share a login but don’t want the recipient to be able to view the password? Is that an option or is there an option to automatically change passwords?
Are there any password managers that allow you to automatically change all / most / some passwords in your vault? We all have many or hundreds of passwords. And, all of us have breaches. Would be nice to be able to update those passwords quickly instead of logging into each site one by one and updating.
Thank you for the video. I would have loved to hear you about the country of data storage. It seems to me that there are more risks in some countries where the law allows the state to have an eye on your data.
I think Keepass is another kind of password manager, like Password Safe, designed to be just local in a device with optional cloud sync (under user's responsability)
Thanks so much! ❤ My question is what happens if 1) I need to access a site from a computer/browser that's not mine, and where the password manager is not downloaded? 2) the password manager company becomes unavailable? 😬🤔🙏
@@AllThingsSecured Hmmmm .... Wellllll going-online & getting another damned password kinda defeats the whole purpose (& I would like to KISS ;) 1. ??How many good-old-fashioned PASS words/phrasescodes/PINs/tokerns/etcs can I put on a YubiKey?? 2. ??Can a YubiKey do both Time & Hash OTP stuff instead of using a phone/computer app to run-it?? 3. ??What can I do with a YubiKey that I can't do with a Password Manager?? 4. Computer authenication terminology is driving-me-crazy. ??Is there a divine/sacred website for dummies that lists/explain the terminology in Occam's Razor terms??
@AllThingsSecured Isn't there an issue with open source when it comes to security, that you don't know that the source that was published is the code you are using?
The one criteria you forgot (and which I'd consider one of the most important) is EXPORT. The possibility of the company going down and taking all my passwords with them is what keeps me from using ANY password manager. That, and putting all your passwords in one basket being an obviously stupid idea in the first place. Perfect target to attack.
Newbie here. Landed here cuz all my Google passwords are gone (already tried all retrieval options.) So ...must i really visit hundreds of my regular websites (where my passwords were stored) - and major hassle of having to go thru retrieval of usernames/and/or lost password? Or is there some solution I don't know of? Is there a Maginal password manager that can batch help with a problem like this?
If you only want to use the password manager to access Web apps, the ones mentioned are good. However, if you want to include passwords for Windows apps they are not so good. If you can get them to work at all, you cannot use autofill and will have to cut and paste passwords.
i still feel some skepticism towards storing my passwords digitally for some reason, feels better to store them physically. is there anything i can do to get over that thought?
@@iwillrock777 i feel like that is very secure, but for someone inexperienced in server hosting, it could end up going wrong right? in any case, bitwarden itself should be safe
There are a lot of great options to choose from, so the worst thing you can do is just NOT use one! (unless you're using LastPass, of course...in which case please stop using it). Which one have you chosen to use and why? Leave a comment.
I've been using BitWarden, which evolved from whatever it's name use to be - Edward Snowden recommended it. I'm a "Premium" subscriber because I can use my YubiKey for my 2FA when logging into BitWarden. I also like that all three of their Data centers are all in Germany which, in my mind, make the info in Bitwarden password manager beyond the reach of any & all Federal Governments. They also have their Data Centers inspected by 3rd party Hacker groups who make every effort to hack into their Data Centers & BitWarden then transmit their Final Report to all Bitwarden Account holders.
Took your advice some time ago and ditched Nordpass for 1Password. Thanks! It's vastly superior!
Last year, I found a Google extension for Bitwarden Free Password Manager, so I installed it.
I haven't yet got around to fully setting it up, but it seems to be very good so far.
Happy new year to you and yours, and many thanks for all of your excellent advice. Stay well.
I use KeepassXC on my PC, and KeepassDX on my Android phone. I also have a Bitwarden subscription for the browser. Bitwarden's browser autofill isn't perfect, though. If I want to fill in secret questions, I will need to do some manual copy/paste. Zoho Vault does a better job in this area, so since it's free, I use that in the browser, too. Each vault has its own unique (very long -- 44 characters for Bitwarden, 43 characters for Zoho, and 37 characters for KeepassXC) password, and I have backups and redundancy.
I'm very happy with the trio.
Why do you hate lastpass? What does it do wrong?
Bitwarden for years 🏆💯
Awesome!
Bitwarden is awesome. 💪
I jumped ship to Bitwarden after the LastPass debacle. Been great ever since!
Bitwarden is phenomenal - introduced to them professionally and liked it so much I signed up with them for personal use. Been a happy customer for years, and not a single price increase to speak of. I am also in the Proton ecosystem (I had BItwarden before I bought into Proton) and proton pass is cool but not feature-rich enough to pull me away from Bitwarden.
I just opened my BW after transferring from Last Pass. To anyone else reading this who wants to do the same it took me less than 5 mins to do the whole thing. Just select the Export function from LP which spits out an Excel file with your data. Point BW to that file and it sucks it up. Delete your LP account and secure delete that Excel file. All done.
Something that seems to be overlook in SO MANY reviews like this is support. There are a stunning number of companies that create software/services and then put them out in the world with zero support. When the stuff hits the fan, you want to be able to get help/support. When shopping for new software/services, I put more value on support than just about any other "feature". I wish more reviews would focus on support. Maybe if they did, companies developing products might put more value on it and actually do support well.
Useful comment!
Which of these have the sufficient support ?
From what I saw from user feedback on Reddit, 1Password has good support. I haven't used them yet though.
Josh: "I'm just gonna remove Last Pass from this list"
Me: Staring at the Last Pass browser extension in my Firefox 😭
Bitwarden, here I come.
Great channel and presentation I subbed!
Thanks!
lmaooo bro i literally just did the same thing. Like paused the video at the end to signup for bitwarden and then export and move my lastpass stuff over, super easy. Then came here to make basically this same comment.
@@JayReevesCLT The transfer really went seamlessly didnt it! its the only thing ill give LastPass props for - very easy to suck out the database and zap it into BitWarden!
how awesome are you!! I was looking for an unbiased review which is, apparently, a difficult task. Thanks for this overview :)
Bitwarden can be interfaced with some email alias services. You just need an API code.
Correct. And you need to pay for those additional services as well. With Proton Pass, it's part of the package. That's my point.
@@AllThingsSecured Ah, I thought you had to pay at Protion Pass for that.
@@AllThingsSecured Not necessarily. I am using anondaddy integration without making any payment.
Is this possible with Bitwarden free plan?
@@itrrmp Yes possible on free plan. Yoj just need api of the email forwarder
It's a good security habbit to NOT store your 2FA / TOTP on the same device as your password manager, ie it's NOT advised to let your password manager generate your 2FA.
For some accounts, sure. For others, I honestly don’t care. Here’s my strategy for how I treat 2FA and password managers: ua-cam.com/video/XOvapxmgPjc/v-deo.htmlsi=fjtzjoLEr-239g3R
thank you for doing valuable, hard work for us Josh!
My pleasure, Steve!
Hear hear!
Not telling a bunch of strangers on the internet which manager I use, but as a real cheapskate in general I'm more than happy to subscribe to their premium service even though they have a great free option. Using a password manager has literally been life changing and the few dollars a month is honestly nothing compared to the value I get.
1Password fan boy. Best of the best.
Absolutely!
hey great - what about KEEPASS - a self hosted password DB. Using it since 2005.
Yea, it's definitely a good option. I couldn't include all of them in one video.
KeePass (Windows) / KeePassXC (Linux etc) are *free* secure, and open source, and yes: self-hosted so total control. Easily the best option for me.
About 12 yrs ago , Apple associates were recommending One Password and it hasn’t failed me yet. I’d like to pay to have it on my Mac as well , unfortunately I can’t figure out how to do it and their CS via email is w a robot. Which I could not understand. Your channel helps a lot. Thank you
I'm glad it's helpful! So you're not able to use 1Password on Mac? They have a dedicated app to download on the app store.
CS from 1PW is terrible. I've been using it since about 2008 but sure wish I could find something else. Too big, too bloated for me. I looked at Minimalist Password Manager (Apple only) and like it but the company is so new, I wonder if it can survive
This doesn’t make any sense. There has been a desktop app available for Mac for years now.
Thankyou for the unbiased, straight to the point review!
My pleasure👍🏻
Thanks for the great videos. My question is when you go from Lastpass to 1password and do the export of your passwords from Lastpass, are they in fact downloaded in an unsecured way to your desktop or is that done locally? What is the safest way to download the csv file of your passwords to import them. The csv file is not encrypted in any way when it downloads. This is something no one seems to cover off in their videos.
Any password manager export is going to be unsecured, so it’s best to import it as soon as you can and make sure the csv file is properly deleted.
@@AllThingsSecured Thanks for answering- Yes I realize that , but my question is , is it downloaded from the web unsecured or is it locally created. .
Proton pass has so far been my favorite.
What makes that one your favorite? Which others did you compare to?
Love your video’s, You forgot an important one: Keeper
Thanks. I forgot a lot of them. Too many to fit in one video!
I have used Keeper for years and nobody talks about it! That may be a good thing!
If you want an inexpensive family plan, Synology C2 password is a great choice. $5 per year for six accounts is ridiculously good.
Interesting. I've never used them before.
Awesome video thanks!
I'll be interested in ProtonPass when it ca be self hosted. Good effort in the right direction though :)
Thoughts on keeper?
It's a keeper....buh dum tsss
Thanks for an awesome breakdown but a plain english approach to them. I have used different PW managers over the years and was good to hear you talk about just the simple things that an end user wants rather than just the technical backend elements.
I appreciate that. Thanks!🙏
I jumped into 1password some time ago and I'll never go back.
Had no trouble at all! Next step would be to transfer 2fa from authy to 1password
Great!
Is it a good idea to keep passwords and 2FA in the same app? Serious question.
@@lonewolf-T-good question. I think so, but because I really trust in the security of my password manager - also I change my master pw periodically. I may be putting some level of risk here, but honestly I don’t think it’s that big deal, comparing with the convenience of having pw and 2FA in the same app.
@@mr.octopus-plag thanks 👍
@@lonewolf-T- I’d say no, it’s not. I use Authy with PIN and FaceID to unlock the app. I feel safer having my 2FA store seperate from my password vault.
Seems to me that Apples password manger is just a secure as these and you don’t have to pay for it? Why did you not mention it?
Any of these allow you to sync between devices without using cloud?
I used *Myki* Password Manager before the swine sold out and closed down. As a 68 year old who has issues remembering new things it was dead easy to use. Ended up with NordPass which was the best of the worst but still don't like them storing the Vault in the Cloud. I had Myki make scheduled backups every 7 days. No idea what I'm supposed to do with NordPass and likely wouldn't remember even if I read about backups.
Very helpful video for a huge tech dummy like me. Thanks!
Why pay all of these while you can use foss stuff like keepass or keepassxc even?
Because while FOSS works well for a certain type of person, you have to understand that the average internet user finds the websites uninviting and would prefer to have a native mobile app.
I'm not saying KeePass isn't good, I'm just saying that people pay for a great user experience and convenience. And honestly...$1-$2/mo is worth it if I'm trying to get my mom to use a password manager.
Keepass is an awesome project, but then you have to either self host your database or trust someone else. With how prices are for electricity, the cost of running even a rpi for 365 days a year cuts pretty close to the sub price.
Also, the mobile apps suck so bad.
same thoughts. I'm running it with syncthing (p2p alternative for dropbox/g drive etc) so there is no need for a
server (with some limitations due to p2p nature) but one can use any file sharing platform already used. KeepassDX on android works great, plugins for chrome/ff are also great. And no passwords on 3-rd party machine is a plus for me.
@@flaminbutt The KeePass DB is encrypted, so it doesn't matter which cloud storage you use. The apps like keepassdx for android are perfectly fine
@@bobloblaw3191Assuming that the average person that doesn't really know about security doesn't use simple passwords to protect that database. I've been using keepass for over 10 years. Linux is my primary operating system, so I know what I'm doing. But I can't imagine my mother or my father using it for the life of me. Let alone maintain it.
Love your vids Josh
Thanks so much! I really appreciate that.
What are your thoughts on the fact that Proton Pass does not allow you to have a separate password from your other proton services, such as email? They have added a secondary password that you have to enter along with the main password that is for their other services. I'm not sure how secure that would be.
How about Keeper password manager?
Hi Josh. Have you made a video yet about self-hosting Bitwarden? Benefits and detriments? I have the time (and am willing) to learn the process - but only if it’s worth it.
Hey Caleb, I haven't. Honestly, I'm happy with my password manager setup and don't have the desire to self-host at this point. Perhaps there's another creator who has a tutorial about this?
Sounds good, thank you Josh. @@AllThingsSecured
I have been self-hosting vaultwarden (a Rust implementation of the Bitwarden server) for years. If you have a Linux device like a NAS or a mini PC that you can setup Docker on, it's extremely easy to setup either the official Bitwarden server (which uses 2 GB of RAM because it uses Microsoft SQL Server for its database) or vaultwarden (which uses less than 500 MB of RAM because it uses SQL Lite, or optionally mariadb for its database like I'm doing). Vaultwarden is not fully featured, but it's not really missing anything I miss.
No subscription fee necessary, but I'm not having it plug in 2FA codes for me as I would consider that a security vulnerability anyway, I just use Authy to keep track of my tokens and put them in manually.
What about keeper? Consumer reports rates them high.
Suggest you needed to talk specifically about 'security' and the architecture of each solution; and how/when/if it is audited ?
1Password is all I need
👍
Do any of them allow to authenticate from a different device?
Example I’m working on my Laptop 💻 that doesn’t have biometrics but can easily authenticate if it prompted my iPhone
Bitwarden does.
Is Sticky Password a good option? I have a lifetime subscription for it.
I use Chromebook and Android primarily. I also use Windows and iPhone, but much less frequently. Currently I use an encrypted database Memento, however Memento does not work with encrypted databases on iPhone.
Is it worth upgrading? To which?
Why does no one talk about Enpass they allow you to store your vault with whom you choose.
I wonder the same thing. I've been using Enpass for many years & like it. Just don't ever forget your password vault's password or you're shit out of luck!
@@The_Dark_Knight_Forever lol Right!
You’re right. It’s like 1Password before they switched to the subscription model.
Honestly? Because I’ve never heard of them or used them. There are plenty others.
@@AllThingsSecured Thank you for the Reply and Honesty! Check them Out I think they seem pretty secure I have been using them for a few years now.
Hi Josh! I would like you test Kaspersky Password Manager (that include 2FA suport).
Super overview! Enjoyed the video! What password manager is your second choice.? Would have been good to also mention Bitwarden's org plan capability to share passwords with those in your group. Not sure if the others had that capability.
Thanks! My second choice is Proton Pass because of the email alias solituon.
The org plan is only for the paid product (annual subscription). I highly recommend it because of the 2-factor (one time codes, aka "authenticator" code) support. They are working on passkey portability. It also supports an email alias service.
@@mike80808Agree. Well worth the costs.
1Password has that ability.
Bitwarden Free enables you to create shared vaults between two users.
This is a killer feature for couples who like to share some of their logins like Netflix and don't want to pay ekstra for a family license 👍
icloud keychain also has 2fa built into its password manager if youre using ios, which can also be accessed through windows icloud app
Keypass for me, been using it for years and it is portable so you can put it on a flash drive and Portapp software
👍🏻👍🏻
Another excellent video Josh. i really enjoyed this one!
Glad you enjoyed it!
I have a question: Isn't it better to use Proton Pass with Microsoft Authenticator. That is, generate passwords with Proton Pass but use Microsoft Authenticator for 2FA? I know I can do this with Proton Pass, but isn't it more secure to separate the process of generating passwords and 2FA? I hope you understand my question
I've thought of that too. If someone gains access to your proton pass account they'll have both the password and the 2FA code to enter your accounts, so it kinda defeats the whole point of having 2FA enabled, doesnt' it? or am I missing something here?
Very happy with Bitwarden 😃
Great!
What do you think about Enpass?
I have a good friend who uses and highly recommends them, I’ve just never tested it.
@@AllThingsSecuredDo give it a shot. I’ve been using it for a few years now, and I love that *I* get to decide where my vault lives. There is no central vector for attack.
What about encryption? Which one uses the hardest algorithms to break and has the overall smallest chance of your data getting leaked?
I use iOS devices and a windows PC. The icloud password functionality works great for me, even on windows 11 with the relatively new browser extension for edge and chrome. Why would I need anything else?
I agree iCloud works well, with 2FA and PassKey support, plus it includes Hide My Email, similar to what NordPass offers. The only time it doesn't work is if you use Android. I would definitely recommend iCloud to iPhone and iPad users who are not willing to pay extra for a third party service.
because icloud had security breachs aswell already
@@SweatyFeetGirl really
Which of these has integration with (1) FIDO security keys (NOT non FIDO compliant Yubikey) (2) Passkeys?
In theory, on the Browser, only true built-in Browser password management is truly secure, not any that use extensions, which is everything in your list.
How about Keeper Security?
Lots missing on this list, I’m sure. They just didn’t make the cut.
@@AllThingsSecured been using them for 15 months, no troubles so far. Plus, their security model makes a lot of sense
@AllThingsSecured i did an evaluation and Keeper was the best solution in my case (enterprise) i also switched to them from 1password. The documentation and functionalitys are insane
All of them seem cloud-based. What about local password managers such as Keepass? I'm trying to see if Buttercup is the same. Local
You can self-host Bitwarden.
@@Eternal_Mission316 Buttercup by default isn't very secure. Copied passwords are still saved in the clipboard even after the program is closed!
Is nordPass good?
Thoughts on Norton password manager?
Is there a password manage that allows you to avoid the internet and all networks when syncing with your mobile devise; that is using a cable?
Reason I like Josh's video, straight to the point 🙂 Great content once again !
Thanks!
Thanks for the useful review.
Glad it was helpful!
One question I have after this video, which may be able to be a video on it's own, is to investigate the differences in actual security afforded by each of these password managers. Do they all use the same encryption or is there a clear winner in security?
Yea, that’s actually a hard one to answer because in some cases it’s closed source software. Still - it’s a good conversation to have and I’d love to learn more myself.
With the closed source application very hard to know what type of encryption or what is being encrypted and what is not being encrypted since you can't see the source code. But there is a very good trade off in having your application open souce. You can argue the opposite but a case in point is if LastPass had been open source someone would have caught their vulnerabilties early on and could have possibly prevented their software being compromised. As it stands today LastPass has lost all trust and credibility in securely hosting a password management website. This to me is why 1Password and Bitwarden stand above the closed sourced systems.
Great job. Another one you can include in your reviews is the Apple password manager, though it's limited to Apple devices.
What about Keeper?
Hey!!! I appreciate your video, very informative. Would've liked that you include keeper as its largely used in corporate environments and has this family protection plan for family of rmployees where you can use premium license without a premium subscription as long as your company pays it for you.
Keeper!!
What about Sticky Password? I have lifetime license =)
If it works for you, that's great! I have no experience with them.
I've been a loyal Sticky Password user for years without any issues. Additionally, it offers affordable dark web scans and a lifetime license.
@@AllThingsSecured I have used Sticky Password for several years with Lifetime license as well, and its been solid. Only issue I have now is it does not support the new hardware keys for 2FA so I am considering switching to 1password as I want that extra layer of security now that I am getting into using these keys.
Nord??
Great tips, thanks
Glad it was helpful!
I see you put LastPass on the thumbnail, but I don’t think you mentioned them. Are they considered an absolute no-go?
Lastpass has been hacked several times and provide jack shit in terms of support that the other alternatives provide for free, don't use them. I used to use LastPass years ago but switched to Bitwarden in 2019 and haven't looked back.
I have 1password, I wanted to share a login but don’t want the recipient to be able to view the password? Is that an option or is there an option to automatically change passwords?
Are there any password managers that allow you to automatically change all / most / some passwords in your vault? We all have many or hundreds of passwords. And, all of us have breaches. Would be nice to be able to update those passwords quickly instead of logging into each site one by one and updating.
THANK YOU VERY HELPFUL....
Thank you for the video. I would have loved to hear you about the country of data storage. It seems to me that there are more risks in some countries where the law allows the state to have an eye on your data.
In Bitwarden you can choose between US and EU
Can one import entries from Lastpass into Bitwarden rather than do that manually and one by one?
Yeah bitwarden has a dedicated import option
Keepassxc ?
Yea, I'm sure they're good, but I ended up not testing them (along with plenty of others).
I would also appreciate keepassxc being tested 😊
@@AllThingsSecured Please test KeePassXC
I think keepass is the only one where the setup = hard, but wins at other categories: open source, self hosted, free, mobile app
I think Keepass is another kind of password manager, like Password Safe, designed to be just local in a device with optional cloud sync (under user's responsability)
Hey, thank you for a great content!
What about C2 pw manager?
Never heard of it.
Keeper Security?
Thanks so much! ❤ My question is what happens if
1) I need to access a site from a computer/browser that's not mine, and where the password manager is not downloaded?
2) the password manager company becomes unavailable?
😬🤔🙏
Thks but ??How does YubiKeys compare to them??
Two different parts of your online security.
@@AllThingsSecured
Hmmmm .... Wellllll going-online & getting another damned password kinda defeats the whole purpose (& I would like to KISS ;)
1. ??How many good-old-fashioned PASS words/phrasescodes/PINs/tokerns/etcs can I put on a YubiKey??
2. ??Can a YubiKey do both Time & Hash OTP stuff instead of using a phone/computer app to run-it??
3. ??What can I do with a YubiKey that I can't do with a Password Manager??
4. Computer authenication terminology is driving-me-crazy. ??Is there a divine/sacred website for dummies that lists/explain the terminology in Occam's Razor terms??
Do you think storing 2fas and passwords in a single area is a good idea?
I share a full answer to that here: ua-cam.com/video/XOvapxmgPjc/v-deo.htmlsi=b_brt9vKhqIfBMSe
Great video! What are your thoughts on Express VPN Keys as a password manager?
I didn't even know they offered a password manager, if that says anything ;)
What about Kapersky password Manager?@@AllThingsSecured
@AllThingsSecured Isn't there an issue with open source when it comes to security, that you don't know that the source that was published is the code you are using?
thanks for this video and others, you are truly a proffesional
[binged your channel for some time]
Awesome! Thank you!
Nordpass is not available on some Android phones, including the a23 ultra.
it would be cool if you mentioned how easy it is to export passwords out of the manager, not just into the manager
Honestly, they're all pretty much the same. They all easily export to a CSV file without any issue.
Keepass all the way!
Great data
Thanks so much!
Thank you.
Be nice to see your thoughts Apple keychain.
I'd love to see what you think about Cloaked
I've been using a lot of Cloaked features, but not the password manager yet.
The one criteria you forgot (and which I'd consider one of the most important) is EXPORT. The possibility of the company going down and taking all my passwords with them is what keeps me from using ANY password manager. That, and putting all your passwords in one basket being an obviously stupid idea in the first place. Perfect target to attack.
they all have a csv export option.
Newbie here. Landed here cuz all my Google passwords are gone (already tried all retrieval options.) So ...must i really visit hundreds of my regular websites (where my passwords were stored) - and major hassle of having to go thru retrieval of usernames/and/or lost password? Or is there some solution I don't know of? Is there a Maginal password manager that can batch help with a problem like this?
Thanks!
🙏🙏
Thanks for the vídeo!
What about KeePass XC?
It’s another option, yes.
What about the password managers being built into browsers? Is this the death of third party ones eventually?
Definitely not. Browsers are meant to browse the internet, they are not security companies.
If you only want to use the password manager to access Web apps, the ones mentioned are good. However, if you want to include passwords for Windows apps they are not so good. If you can get them to work at all, you cannot use autofill and will have to cut and paste passwords.
No 1
Bitwarden #1 😎
👍🏻
I don't think saving password and 2fA on the same app is safe.
What do you think of True Key
Never heard of it
2FAS ?
i still feel some skepticism towards storing my passwords digitally for some reason, feels better to store them physically. is there anything i can do to get over that thought?
Selfhosted bitwarden is there. Saving it in usb too is possible with encryption. But do make backups.
@@iwillrock777 i feel like that is very secure, but for someone inexperienced in server hosting, it could end up going wrong right? in any case, bitwarden itself should be safe