Q: Is a paid password manager necessarily better or safer than a free one?
Passwords are a daily source of frustration for all of us because so much of our lives are tied up online.
As everyone should know by now, using weak passwords — especially the same weak password on all your accounts — is a really bad idea.
Password managers solve both of those common problems for you.
How do they work?
All password managers work in the same general way: They provide you with a secure “locker” that contains all your passwords that is protected by one master password. These lockers incorporate very high levels of encryption, so even if someone were to gain access to it, it would take an extraordinary effort to crack the locker.
They also provide a way to generate a different long, complex password for each of your online accounts, so you don’t have to come up with all of them yourself.
Where the locker lives
The location of the “locker” determines both security and convenience, so understanding the difference will help you understand which approach makes the most sense for you.
From a security standpoint, if the encrypted locker lives on your own machine, you’ll never have to worry about whether a third-party service company ever gets hacked.
One of the more popular free tools that stores your password database locally is KeePass. The downside to this open-source tool is that it requires a lot more manual configuration and could become confusing for nontechnical users.
Another minor inconvenience is that if you want to use KeePass on a computer that you don’t own, you’ll either have to sync your database to an online storage service or store it on a flash drive that you have to carry around. Security fanatics like this approach because they get to control all of the aspects of the security.
Another popular free option is LastPass, which stores your encrypted locker online.
The advantage of storing the encrypted file on their servers is that you aren’t beholden to a single computer or required to carry a separate device around for authentication. You simply install it on all your devices — desktop, laptop, smartphone or tablet, which are synced up — or login through their website if you’re on a device you don’t own.
On its face, storing all your passwords on the internet may seem scary, but the reality is that these companies are going to be much better at securing the locker than most users. Even if the company gets breached, the stolen information would have to be decrypted, which would take a bit of time.
A simple reset of your master password and saved passwords would render the stolen information useless. If your personal computer gets breached, you may never know it happened.
Free vs. paid
The competition in the password manager world is pretty fierce, so many of the more popular options have gone to a “freemium” model. This means that they provide a basic level of service for free and offer premium features that vary for each program for a fee. The security level is exactly the same, so you’ll be paying for the extra features only if you want them.
Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.
