Skip to content
Inherent Privacy Logo Inherent Privacy

Password Managers

Introduction

Password managers emerged in the late 1990s as a solution to the growing challenge of managing multiple complex passwords. As our digital lives expanded, these tools evolved from simple encrypted databases to sophisticated cloud-synced services. While they offer essential protection against weak and reused passwords, the centralization of all passwords in one place creates both security benefits and potential risks.

Providers

LastPass

One of the largest password managers faced a major breach in 2022, exposing encrypted password vaults and user data. The incident revealed that the company stored more user data than necessary and highlighted the risks of cloud-based password storage. LastPass had previously experienced security incidents in 2015 and 2021.

1Password

Known for strong security practices and local-first encryption. However, in 2023, the company faced criticism for requiring cloud sync in version 8, though all data remains end-to-end encrypted. The service has never reported a significant security breach.

Bitwarden

An open-source alternative that allows self-hosting. In 2020, security researchers identified potential vulnerabilities in browser extensions, which were quickly patched. The platform’s open-source nature enables independent security audits and community oversight.

KeePass

A locally-stored, open-source password manager with no cloud integration. While highly secure, some third-party mobile ports have had security issues. In 2023, researchers found potential vulnerabilities in certain KeePass forks, though the main application remained secure.

Recommendations

  1. Choose a password manager with a strong security track record
  2. Use a long, unique master password
  3. Enable two-factor authentication
  4. Regularly backup your password database
  5. Be cautious with browser integration features
  6. Consider offline or self-hosted solutions for critical passwords

Actions

  • Set up a password manager if you haven’t already
  • Enable two-factor authentication on your password manager
  • Create a strong, unique master password
  • Generate new random passwords for important accounts
  • Export and securely store a backup of your passwords
  • Review and remove any unnecessary stored passwords
  • Set up emergency access for trusted contacts