Q&A Are the most popular password managers also the most secure ?

jetman

Level 8
Verified
Jun 6, 2017
394
I currently use Sticky Password as my password manager. I particularly like the option to synchronise devices over my home WiFi network- preventing my passwords from ever being uploaded into the cloud. There are also extensions for all the browsers I currently use. Although the interface is a bit dated, Sticky Password works well for my needs.

However, Sticky Password is a relatively obscure password manager. The company has a very small market share and there can't me many software developers in their team.

This makes me wonder if my security would be improved by switching to one the bigger names- Bitwarden, 1Password, Dashlane or LastPass. It seems to me that they would have more capacity to update and improve their software and browser extensions in light of emerging security threats. On the other hand, maybe Sticky Password has less chance of being targetted by hackers because it is so obscure ?

What do others think ?
 

rain2reign

Level 5
Jun 21, 2020
245
The most popular option does not necessarily need to be the most secure. The main advantage of the more well-known names, in whatever field you're looking into, is funding. Funding to do more stuff with, to hire more people to investigate leaks etc... You can be a popular option through a successful marketing strategy, through being to most user-friendly, being the cheapest option around (usually goes hand-in-hand with most bang-for-your-buck), all the way down to just simple dumb luck.

So in short, in my opinion, the answer to the main question is 'no'. It does not have to be the case. However, they are usually the onces that patches critical vulnerability the quickest.

It all comes down to your needs, use-case and preferences. Just because Product A is more well-known and secure, it doesn't have to be the most secure option for you if you let's say want to rely on, I don't know..., Firefox Sync and a browser extension Password Manager. Just to name a use-case. I never used Sticky Password myself, but obscurity can also mean security vulnerabilities not yet found and patched (In theory still exploited) from a different perspective.
 
Last edited:

Divine_Barakah

Level 27
Verified
May 10, 2019
1,616
I have a lifetime license for Sticky Password but I am no longer using it. Sticky Password seems like a dead project. It does not receive updates regularly. The Android app has serious autofill issues and the iOS app is a mess. If Sticky Password is working for you, just keep using it. Wifi sync is great security wise. Anyway, you can make use of their portable app too and store it on your usb drive.

I am using Dashlane now (I keep going back and forth) and it is working well here. You can give it a try and if you like it you can always refer friends and get 6 months added to your subscription if they sign up using your referral link.
 

mlnevese

Level 24
Verified
May 3, 2015
1,375
Former Sticky Password user as well, currently 1Password. I like the fact that 1Password requires your own password plus the secret key they generate to decrypt and has a 2 step verification option. Even if their servers were breached, good luck decrypting the double key encryption in lesse than a few centuries.
 

Tiamati

Level 11
Verified
Nov 8, 2016
502
The answer for your question today is yes. Lastpass used to be immensely popular but also known for its data breaches. However, lastpass last changes made Bitwarden gain much more terrain. Bitwarden was already very popular, but it's probably the 1st option anyone should consider now. With that said, Bitwarden has been considered the safest passwordmanager (online) for some time. Add to that they have been audited and are open source.

If i were you, i would get Bitwarden, or if you are willing to pay, use 1password. A trusted company that even sell their product to kaspersky (kaspersky password manager is based on 1password AFAIK)
 

Tiamati

Level 11
Verified
Nov 8, 2016
502

JoyousBudweiser

Level 12
Verified
Aug 22, 2013
577
The safest password manager is the one which you have control over everything, ie the entire data, the type of crypto etc. So to me, keepass is the best in that regard. But with that you are bound to make some compramises, the data is local, settings are not that user friendly as bitwarden, if you choose to encrypt with higher number of key iterations, you might want a strong system to go with it. So imho bitwarden is the best compramise one can get at this point of time.
 

Back3

Level 9
Apr 14, 2019
405
I use a combination of many password managers for my different needs. On my PC, my passwords bank is Keepass. All my passwords (wife too) are in this local vault: I like that it is local and that it keeps a copy of my deleted passwords. But it's not very convenient if you want to synchronize passwords and information on different devices. For that purpose, I use Enpass. But I also use it as a vault and not to login with Chrome. I use Bitwarden Chrome extension for login, so I don't have to keep password information in my browser.
 
Last edited:

Divine_Barakah

Level 27
Verified
May 10, 2019
1,616
Enpass did honour their lifetime licence for me. I like the fact that my password information is not encrypted on their servers but on my local and external online drives.
They release some new features such as the notifications for leaked and compromised accounts (I suspect it is using Have I Been Pwned API). The released features require subscribing. Lifetime license users do not have access to the new feature and they are required to subscribe to “Premium”. You can have a look at Enpass Discussion forum and see the reactions of user and how lame the responses of Enpass team are.
 

Spawn

Administrator
Verified
Staff member
Jan 8, 2011
21,053
Sync features brings risk when sharing data across the Internet. However, I am confident that these companies have their designed their software services around this, and have fail-safes in place to protect users' data and their own servers. Sync greatly benefits the user.

They can be installed on all your trusted devices, used anytime, anyplace and anyhow. No worries about restrictions.

An offline password storage solution is only good for a singular device, with any of the following assumptions:
  • user credentials can only be filled on that device
  • the database is encrypted with a password
  • the device is malware-free
  • the device is restricted (i.e. limited number of persons with access)
  • the device is always up to date to prevent exploiting vulnerabilities in software code
  • the device is air-gapped (?)
  • a secure copy of the database exists offline
  • the master password is memorised by the device owner
 
Top