Goodbye forgotten passwords
Many password managers can help South Africans keep track of the numerous login credentials needed to access a wide range of useful online services, apps, and websites with user accounts.
Cybersecurity researchers blame weak passwords as the cause of about 80% of all data breaches.
Many people choose these passwords because they are easier to remember, and they don’t want the hassle of resetting a forgotten password.
However, that also makes them more susceptible to attackers trying to gain access to your account or data through brute-force and password spraying attacks.
These attacks automatically generate and input passwords into account login pages to try and guess the right one through a process of elimination.
To avoid this possibility, Microsoft Support recommends that passwords for any online services should be at least 12 characters long, although 14 or more is better.
Furthermore, passwords should consist of a combination of uppercase and lowercase letters, numbers, and symbols.
It also advised against words that can be found in a dictionary or those used for the names of persons, characters, products, or organisations.
All of this advice is essential for lowering the likelihood of a malicious party figuring out your password, but it also makes it far more difficult for you to remember.
It is also a bad idea to use the same password — no matter how complex — for multiple websites or platforms.
A survey by Nordpass has shown that the average person had 168 login credentials with passwords in April 2024.
Memorising all your passwords — particularly if they are over 14 characters long and complex — would be a near superhuman achievement, not to mention remembering where they need to go.
Storing your passwords in a physical text document or in an unsecured app on your phone could expose it to a thief who got hold of your device.
Fortunately, there is software designed specifically for storing all your login credentials securely.
A password manager not only keeps all your passwords in one place, it syncs across devices and browsers to allow you to autofill the correct passwords on the right platforms.
Instead of remembering numerous passwords, you need only one “master” password to access your password manager.
The leading options also have multi-factor authentication (MFA), like authenticator apps or passkeys.
These provide additional security barriers, making it far tougher for a malicious attacker who obtains your master password to access your account.
While putting all your eggs in one basket might seem risky, cybersecurity experts generally agree that reputed cloud-based password managers are safe to use and the most secure way to store your passwords.
To protect your data, most password managers use the advanced encryption standard (AES) algorithm with a 256-bit implementation.
AES-256 encryption is regarded as “military-grade” and was first adopted by the US federal government to protect classified data.
To date, there are no confirmed instances of this form of encryption being cracked — either through brute-force attacks or other techniques.
According to current calculations, it would take millions of years for existing computers to crack AES-256 with existing processing power.
Most important password manager features
Aside from encryption, the most important features to consider when it comes to picking a password manager are as follows:
- Multi-factor authentication (MFA) — During initial setup, users must be required to create a secondary channel for authenticating themselves, like adding a phone number, email address, or authenticator app.
- Passkeys — This newer form of digital credential user ties a user’s device to an account, website, or app through a cryptographic key. Intended to eventually replace passwords.
- Biometric authentication — Fingerprint or facial identification support can further bolster user verification.
- Complex password generation — A password manager that can generate sufficiently complex passwords is helpful for when you are creating new accounts or need to improve passwords on existing ones.
- Autofilling — The best password managers have browser plugins and compatibility with multiple platforms, allowing for seamless access to your password vault across devices.
- Physical decryption keys — Some password managers allow users to create a physical key with a USB drive that they can store somewhere safe and out of sight. This can then be used to open their password vault if they forget their master password.
- Frequent updates — When it comes to cybersecurity, threats are constantly evolving. Check if your preferred password manager regularly releases patches and updates for its apps and/or has a blog for keeping users up to speed with its regular security enhancements.
Reddit user r/Passwords has created a helpful comparison table that summarises all the key features of some of the best password managers on the market.
Using more than 20 capabilities, he calculated a score for each service in four main categories — MFA, biometrics, data breach alerts, and encryption.
NordPass, Dashlane, and ProtonPass achieved the top average scores across these metrics, while Keeper and 1Password also performed well.
The pricing of these products varies from $1.49 (R26) to $4.99 (R88) per month. Some options also include a virtual private network (VPN) service for enhanced online anonymity.
Below is r/Passwords’ comparison table for well-known password managers. He also provided a detailed breakdown of his methodology at the bottom of the comparison document.