3/7/2021 The Best Password Managers and Security Tips: How to Solve Your Login Problems - WSJ

This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers visit
https://www.djreprints.com.

https://www.wsj.com/articles/the-best-password-managers-and-security-tips-how-to-solve-your-login-problems-11615122001

PERSONAL TECHNOLOGY: NICOLE NGUYEN

The Best Password Managers and Security Tips: How to

Solve Your Login Problems
LastPass, Dashlane, 1Password and the free edition from Bitwarden all provide great ways to juggle
hundreds of safe, unique passwords. But which one is right for you?

By

Nicole Nguyen
March 7, 2021 8 00 am ET

Listen to this article

9 minutes

Dealing with passwords is about as pleasant as cleaning gutters or filing taxes. But it is
just as important.

I hate telling people to eat their vegetables—even virtual ones. Still, if you don’t have
strong, unique passwords for every online account, it’s time to dig in. Don’t wait until
someone’s stolen your identity or wiped your bank account.

You’ve probably heard of password managers. They might sound complicated, but setting
up your password fortress doesn’t have to be painful. These services remember all of your
passwords and can generate secure new ones. When you go to a login page on a web
browser and even in many apps, the manager will automatically fill in what you need to
access your account. Some even comb the web to alert you if any of your information
shows up in a security breach.

A significant change to one of the most popular managers, LastPass, is why I have
passwords on the brain again. On March 16, LastPass Free users will need to upgrade to
the service’s premium plan—typically $36 a year but currently offered to them for $27 a

https://www.wsj.com/articles/the-best-password-managers-and-security-tips-how-to-solve-your-login-problems-11615122001?mod=djemptech_t 1/7
3/7/2021 The Best Password Managers and Security Tips: How to Solve Your Login Problems - WSJ

year—if they want to continue syncing passwords across their devices. While I’m a fan of
LastPass, its free plan is no longer a good choice.

The best password managers work on as many platforms as possible—which is why we

generally recommend independent services over the password savers built into browsers
and operating systems. I tested the most popular ones, in a quest for high security, broad
options and ease of use. Here’s what I found:

1Password is a user-friendly manager with multiple levels of security baked in. Its iOS app can be
unlocked using Face ID and can auto- ill your login information in apps.
PHOTO: 1PASSWORD

• Easiest to use:1Password ($35.88 a year for individuals, $59.88 for families of up to five)
has a user-friendly design and multiple layers of security baked in for a good price.
1Password doesn’t have a free tier—security is something we believe is worth paying for.
“Free software almost always involves compromises,” a 1Password spokesman said. “We
can focus our efforts on developing new ways to defend your data instead of collecting or
exploiting it.”

Like other password managers, you can organize passwords into different collections: one
for personal accounts, one for work, one for shared family logins. Travel Mode is unique to
the service—it’s for people who need to hide sensitive information when traveling to
countries where they fear their phone might be searched.

https://www.wsj.com/articles/the-best-password-managers-and-security-tips-how-to-solve-your-login-problems-11615122001?mod=djemptech_t 2/7
3/7/2021 The Best Password Managers and Security Tips: How to Solve Your Login Problems - WSJ

Dashlane is a password manager that o ers additional features, like a virtual private network for
secure internet browsing.

Dashlane ($59.99 a year for individuals, $89.99 for families of up to five) is also easy to
use, and is a good choice if you’re interested in additional features such as a built-in VPN
(aka virtual private network) for accessing the internet more securely, and a dark-web
monitoring service that keeps an eye out for hackers who might have your credentials.

I ultimately opted for 1Password, because of the price. (I also thought Dashlane’s Mac
Safari browser extension, now in beta, was buggy. A Dashlane spokeswoman said the
team is working on a fix.)

LastPass lets you designate a trusted contact to access you account in case you are dead or
incapacitated. You can deny your designee access if you are able.
PHOTO: LASTPASS

• Best service with emergency access: It’s a tie between Dashlane and LastPass Premium
($36 a year for individuals, $48 for families of up to six). Both let you grant a trusted
contact access to your vault if you’re dead or incapacitated. Features like this are

https://www.wsj.com/articles/the-best-password-managers-and-security-tips-how-to-solve-your-login-problems-11615122001?mod=djemptech_t 3/7
3/7/2021 The Best Password Managers and Security Tips: How to Solve Your Login Problems - WSJ

important because our lives are so tied up in our digital accounts, as my colleague Joanna
recently covered. If something happens to you, your designee can request access to your
vault. You can set a specified delay period between three hours and 30 days, during which
you can deny that access if you’re able.

LastPass Premium isn’t as sleek as Dashlane, but it’s a very capable password manager,
also with dark-web monitoring, plus a gigabyte of encrypted file storage (and a good
Safari browser extension). If you use Safari, and don’t need the VPN, go with LastPass.

1Password views this kind of emergency access as a security threat. In a forum post, a
company employee explained that a domestic abuser, to get into a password vault, could
hold a victim against his or her will. He suggests storing a printout of your secret key code
and your master password in a safe-deposit box or with your attorney.

Bitwarden's free tier allows users to access passwords from their phones, laptops and other devices.
PHOTO: BITWARDEN

• Best free option:Bitwarden has a full-featured free plan for individuals and two-person
businesses that syncs an unlimited number of passwords across devices. The service has
many key basics: end-to-end encryption, secure password generator, two-factor login and
apps for every desktop platform, browser and mobile operating system, plus access via
the web.

A premium membership ($10 a year for individuals, $40 for families of up to six) is
required for bells and whistles, such as an exposed-passwords report and enhanced login
protection.

https://www.wsj.com/articles/the-best-password-managers-and-security-tips-how-to-solve-your-login-problems-11615122001?mod=djemptech_t 4/7
3/7/2021 The Best Password Managers and Security Tips: How to Solve Your Login Problems - WSJ

SHARE YOUR THOUGHTS

How do you manage your passwords? Join the conversation below.

“We are a for-profit company, but we find it completely harmonious and compatible to
offer a basic manager for free,” said Michael Crandell, Bitwarden’s CEO. Many users who
start with the free plan eventually decide to upgrade, he added.

Once you’ve picked a password manager, you can manually add in all of your old
passwords. If you store passwords in your computer’s Chrome browser, you can export
them and then import them into your new password manager. (Apple doesn’t have a
similar password export option.) If you are switching from one password manager to
another, exporting passwords is usually an option, too.

Password managers will improve your digital life. But whether you get one or not, there
are four simple rules of password protection you need to know.

Rule #1—Don’t rely on passwords alone.

Use two-factor authentication, also known as 2FA, wherever possible. This requires an
additional code or validation sent to another device.

In general, turning on 2FA is better than not having it at all. But if you have the choice, use
an app authenticator (I like Authy) over a plain text message. It works when you don’t
have cellular reception, and isn’t susceptible to SIM hijacking—where a hacker, targeting
someone with a valuable account, cons that person’s phone number from the wireless
carrier. You can call your carrier and add a passcode to your wireless account for added
security.

Rule #2—Make long passwords.

The term “password” should be retired. The new hotness is passphrase. “Password length
is a more important factor than complexity, because a longer password is harder to
decrypt,” said Jameeka Green Aaron, chief information security officer at customer-
authentication company Auth0.

https://www.wsj.com/articles/the-best-password-managers-and-security-tips-how-to-solve-your-login-problems-11615122001?mod=djemptech_t 5/7
3/7/2021 The Best Password Managers and Security Tips: How to Solve Your Login Problems - WSJ

For example, the passphrase “Raccoon Doorknob Spacecraft” would take centuries to
crack, according to Bitwarden’s free password-strength testing tool. Meanwhile,
according to the checker, a 12-character string, with uppercase and lowercase letters,
symbols and numbers, could take an attacker just three years to crack. Most password
managers let you set the length of automatically generated passwords.

Rule #3—Make it unique.

Whatever you do, don’t reuse passwords. It’s the most common way accounts get hacked,
Ms. Aaron said. If hackers discover your password used in one place, they try it in other
places. This is where password managers come in. Use them to create strong unique
passwords and store them for all your accounts.

Rule #4—Have a backup plan for your backup plan.

The key to your password manager is a master password, along with a device to
authenticate your login. A good password manager doesn’t know what your master
password is—and can’t help you recover your account.

So, to be a good password parent, you need to think of the worst-case scenario: What if
you lose the device your two-factor authentication codes are sent to? What if you forget
your master password?

Authy syncs authenticator codes across several devices (say, your phone and your iPad),
which helps if you lose one. Setting up a physical security key, such as YubiKey, as an
additional authenticator is another protective measure. As for remembering your master
password, the best solution is low tech: Write it down on a piece of paper and stow it away
with the rest of your most important documents. It’s safer in the physical world than it is
in the digital one.

—For more WSJ Technology analysis, reviews, advice and headlines, sign up for our
weekly newsletter.

Write to Nicole Nguyen at nicole.nguyen@wsj.com

Would you like more stories like this?

YES NO
https://www.wsj.com/articles/the-best-password-managers-and-security-tips-how-to-solve-your-login-problems-11615122001?mod=djemptech_t 6/7
3/7/2021 The Best Password Managers and Security Tips: How to Solve Your Login Problems - WSJ

Copyright © 2021 Dow Jones & Company, Inc. All Rights Reserved

This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers visit
https://www.djreprints.com.

https://www.wsj.com/articles/the-best-password-managers-and-security-tips-how-to-solve-your-login-problems-11615122001?mod=djemptech_t 7/7