BLUF :  Yes, they are a VERY good idea, even after taking into consideration the risks of “all your eggs in one basket”. Should you be using one? Yes, because you should be using different passwords for every site & service, and we all know writing down your passwords is not a good idea or an approved secure method for password safety (In case you haven’t seen BLUF before, it’s like the TL;DR noted summaries you may see on-line, a way to summarize information quickly and used frequently within the DoD. It stands for Bottom Line Up Front and the other is Too Long; Didn’t Read in case you were wondering).

As a follow up from a recent meeting, the question arose about password managers and the issues one prominent one has had of late. The follow-on information and results of their (LastPass) breach really helped to further identify what is needed and for us to look for in a Password Manager. To make it easier, the Password Manager market competitors have been very transparent about how they secure your password vault. My goal today is to help you either pick one or if you already have one, how to make sure it is protected from the kind of breach LastPass experienced.

“Passwords are as annoying as they are necessary, and a good password manager can keep you secure while making it easier to juggle the sheer number of passwords you need to be a person on the internet. Using a password manager is one of the most important things you can do to protect yourself online, aside from using two-factor authentication and keeping your operating system and web browser up to date. If any of your passwords are weak and easy to guess, if you reuse any of your passwords across multiple sites, or if the sites you use are ever hacked and your account is compromised, you risk losing access to your accounts and your data. In fact, if you reuse passwords, chances are good that your password is already out there on an easy-to-find database. You can even check to see if your email address or password has been involved in a data breach.”

So, with the NYTimes on my side, and before I give you the chart of information about the current top password managers, let me say any of them are better than none, as long as they work for you, and you have secured access to them with some form of MFA. Yes, even LastPass, but if you still use LastPass AND didn’t have it protected using features below, enable those features and change passwords on your sites, starting with the most critical first (Banks, investments, etc.…). With that said, here are the top managers (all are very good) and important features your password manager should have (if you don’t use one of these, check and see if your provider does have these features and enable them). They are designed to make your vault worthless to someone without the master password, security key, and MFA you have setup.