Having strong, unique passwords for each of your online accounts is good practice. However, it can be tedious to keep track of all of them. Password managers can help generate, manage, and store your individual accounts’ unique passwords. Instead of having to remember multiple passwords, when using a Password Manager, you only need to remember one master password to access each of your passwords. 

The Trinity College Information Security Team recommends some password managers that you can use in your daily life. Each Password Manager uses highly advanced encryption and adequate private security for your passwords. While we recommend these tools, not all these software options are supported by Trinity College. If you have questions or support concerns, the help desk may directly contact the software vendor. 

 

LastPass 

LastPass is an enterprise-level online password manager. The basic version is free, with a Premium version available for a cost. The basic understanding provides most of the same features as the Premium version, except it limits the number of devices you can connect, and lacks the security password audit feature, customer service support, and the capability to share password vaults with family members. Other Premium Features: The LastPass Security Challenge features a password auditing tool alerting you of weak, old, compromised, or reused passwords. LastPass will provide you with a new password for those accounts.  

*The Trinity College Information Security Team provides premium licenses if employees need the capability to share passwords with other co-workers. To inquire, please get in touch with [email protected]For additional support, please visit LastPass Support 

Microsoft Authenticator

Though it was designed to provide two-factor authentication to your online accounts, its capabilities were expanded to also manage passwords across Microsoft Edge and Chrome. Microsoft Authenticator compares favorably with other authentication apps, but the same cannot be said when compared to full-featured password managers, such as LastPass. But despite more limited features and browser support, the free Microsoft Authenticator does have its uses. Microsoft Authenticator supports importing passwords from Google, Firefox, Apple iCloud, 1Password, Dashlane, NordPass, LastPass, Bitwarden, and RoboForm.

Bitwarden

Protect your online data using a password manager you can trust. Bitwarden gives you the power to create and manage unique passwords, so you can strengthen privacy and boost productivity online from any device or location. Bitwarden conducts regular third-party security audits and complies with Privacy Shield, HIPAA, GDPR, CCPA, SOC2, and SOC3 security standards. 

Apple’s iCloud Keychain 

Apple’s iCloud Keychain is recommended with limitations. Apple’s iCloud Keychain (used by Safari, iOS, iPadOS, and macOS) is a password manager that allows you to sync and share your passwords between any Apple device you are logged into using your iCloud account. Apple’s keychain functionality can be used by other applications to store items, such as public and private certificates, passwords, etc. 

Apple does not have access to your stored passwords when they are stored on their servers. The encryption mechanism that is used contains a general key derived from your iCloud password and a separate, unique device key for each device attached to your Apple iCloud account. The encryption mechanism is unique to Apple, though they use standard algorithms

1Password 

1Password is a trusted password manager app that keeps your login information private and secure. 1Password does lack a free version, but you can check it out for 30 days before signing up. An individual subscription comes with 1GB of document storage and optional two-factor authentication and additional security. A travel mode lets you remove your 1Password sensitive data from your device when you travel and then restore it with one easy click when you return, so it’s not vulnerable to border checks. On Macs, you can use Touch ID to unlock 1Password, and on iOS devices, you can use Face ID, too. Other features: Watchtower, which notifies you if you have an account that may have been compromised (based on the URL and news reports), a weak password, or even a reused password.  

KeePass 

KeePass is a local-only database of passwords. While You can use Dropbox, iCloud, network shares, and USB drives to share the database file, you should close the file on one computer before opening it on another. If you are concerned about storing your passwords “in the cloud,” KeePass is the best free local storage option for storing passwords on your laptop, desktop, or mobile device.  

Browser integration is only available using plugins.*KeePass is open source, and the source code is available for your review. Plugins may or may not be open source, and care should be used when using any available plugins that the Information Security team has not evaluated. 

Each of these password managers has its pros and cons. The password manager that is best for you may not be best for a co-worker or family member, so select which manager you use based on the features and functionality that fit your needs.