7 Essential Password Manager features and 6 Bonus features
Not every password manager is created equal. In fact, there are huge differences between password managers. Some are local apps, others cloud-based. Some have mobile apps and browser extensions, some support security keys and passwordless authentication, others may function as authenticator apps or come with additional security that makes them stronger in this regard.
Users may have different requirements when it comes to password managers, but there is an essential list of features that all password managers should support.
Sponsored: The NordPass password manager is currently available at a discounted price.
The following list provides an overview of these essential features.
1. Reputation of organization or developer
The very first thing to look for is reputation. More precisely, the reputation of the organization or individual behind the password manager. Here, it is important to check the track record but also past issues, such as successful hacks or other security related issues, that may have damaged the reputation.
2. How is the data protected?
Encryption is a book with seven seals for many computer users, but it is still essential. Weak or outdated encryption algorithms may give malicious actors free reign over all stored passwords. Selecting a secure password is just a single aspect of using password managers. A good start is to look for password managers that support modern encryption options. Look for SHA-256, Argon2 and AES support as a start.
3. Multi-factor authentication support
Since the password manager stores all passwords, and maybe also other data, it is essential to protect it well. A unique strong master password is a good start, but support for multi-factor authentication is better. Use an authenticator app or security key to add a second layer of protection.
4. Frequent updates
It is usually a bad sign if a password manager has not been updated for months or even years. Regular updates may include security improvements or fixes, and also new features. It may not be necessary to pick a password manager that gets weekly updates, but if the last update dates back a year or more, it may not be the best option.
There is no definitive answer to this, but the password manager should support all platforms that a user uses. Sometimes, compatible apps or extensions may be available to fill the gap. Most cloud-based password managers support all major desktop and mobile operating systems. Browser extensions may improve the interaction with websites and services open in the browser further. It may not be a must for all, as it is still possible to use copy & paste to fill out login forms.
6. Password Tools
Modern password managers include a number of tools, from password generation tools to create secure passwords whenever the need arises to password leak checks or password management features. A password generator is essential, the other features may be nice to have.
7. Backup and recovery options
Password managers should offer a backup or recovery option for emergencies. A user who forgets their master password may never access the password vault again, unless a backup or recovery option is available. It is essential to make use of this feature, and store the information securely in a safe location.
Bonus: nice to have password manager features
The following features may not be essential for all users, but most users may consider them excellent features that improve the value of a password manager:
- Ability to store data besides passwords, e.g., notes, form data, files, credit card information.
- Security checks, e.g., to highlight weak passwords.
- Form filling support in the password manager's extensions.
- Support for syncing password data across all devices.
- Support for passwordless authentication, or planned support for it.
This is the most important point of all. Never ever choose a password manager who is not installed on your machine.
Not everyone trusts the cloud, but those online password managers do have tight security in place. However, we saw some weaknesses in the data breach of LastPass. Use a strong master password and 2FA
So it would appear that with rapid advances in AI and other technologies we are about to go into completely uncharted waters in the security/privacy landscape.
I LOVE the idea of Keepass. I don’t need to “sync” with anything, so having all the data local on my Windows PC sounds great! And if I DO need to copy the data to another machine, I can export/import. But I have not had much luck so far in setting up a local only configuration that has the ease of use with logging into websites as some of the major cloud-based password manager players. BitWarden has the ability to create a local server on both Linux and Windows, but it looks fairly complicated.
Yes, I have played (very briefly) with some of the Keepass extensions and they seemed clunky, but probably I am doing it wrong.
Does anyone have specific recommendations of how to set up a secure local password management system for intermediate level users that then “just works”? Perhaps a new How-To article, Martin? Now THAT would be an appreciated article!
Use Syncthing to keep the db synced between devices. On Linux and Windows it has a auto-hot-key combo which can tell which website is being accessed and input is easy