The best password managers and security tips: How to troubleshoot login issues

You’ve probably heard of password managers. They may seem complicated, but setting up your password strength doesn’t have to be painful. These services remember all your passwords and can generate secure ones. When you go to a login page in a web browser and even in many applications, the administrator will automatically fill in what you need to access your account. Some even comb the web to warn you if any of your data appears in a security breach.

A significant change for one of the most popular managers, LastPass, is why I have passwords in my brain again. On March 16, LastPass Free users will need to upgrade to the service’s premium plan (typically $ 36 per year, but is currently offered for $ 27 per year) if they want to continue syncing passwords between your devices. Although I am a fan of LastPass, their free plan is no longer a good option.

The best password managers work on as many platforms as possible; that’s why we generally recommend standalone services over password savings built into browsers and operating systems. I have tried the most popular ones in a search for high security, wide options and ease of use. Here’s what I found:

• Easier to use:1Password ($ 35.88 a year for individuals, $ 59.88 for families up to five years old) has an easy-to-use design and several layers of oven safety for a good price. 1Password has no free level: security is something we think is worth paying for. “Free software almost always involves commitments,” a 1Password spokesman said. “We can focus our efforts on developing new ways to defend your data rather than collecting or exploiting it.”

Like other password managers, you can organize your passwords into different collections: one for personal accounts, one for work, and one for shared family logins. The mode of travel is exclusive to the service: it is for people who need to hide sensitive information when traveling to countries where they fear their phone may be searched.

Dashlane ($ 59.99 per year for individuals, $ 89.99 for families up to five) is also easy to use and is a good choice if you are interested in other features such as an integrated VPN (also known as as a virtual private network) to access the Internet more securely and a dark web monitoring service that keeps hackers alert that your credentials may have.

In the end, I opted for 1Password for its price. (I also thought the Dashlane Mac Safari browser extension, now in beta, was wrong. A Dashlane spokeswoman said the team is working on a solution).

• Best service with emergency access: It’s a tie between Dashlane and LastPass Premium ($ 36 a year for individuals, $ 48 for families up to six years old). Both allow you to grant trusted contact access to your store if you are dead or disabled. Features like this are important because our lives are so tied to our digital accounts, as my colleague Joanna recently commented. If something happens to you, your designee may request access to your warehouse. You can set a specified delay period of three hours to 30 days, during which you can deny access if you can.

LastPass Premium isn’t as sleek as Dashlane, but it’s a very capable password manager, also with dark network monitoring, plus a gigabyte of encrypted file storage (and a nice Safari browser extension). If you’re using Safari and don’t need a VPN, go with LastPass.

1Password considers this type of emergency access to be a security threat. In a forum post, a company employee explained that a domestic abuser, in order to enter a password vault, could detain a victim against his or her will. Suggest storing a printout of your secret key code and master password in a safe or with your attorney.

• The best free option:Bitwarden has a free plan for individuals and two-person businesses that syncs an unlimited number of passwords between devices. The service has many key basics: end-to-end encryption, secure password generator, two-factor login and apps for all desktop, browser and mobile operating platforms, as well as access via from the web.

A premium subscription is required ($ 10 per year for individuals, $ 40 for families up to six years old) for bells and whistles, such as an exposed password report and enhanced protection for home session.

“We are a for-profit company, but we find it completely harmonious and compatible to offer a basic manager for free,” said Michael Crandell, CEO of Bitwarden. Many users who start with the free plan eventually decide to upgrade, he added.

Once you have chosen a password manager, you can manually add all old passwords. If you store passwords in the Chrome browser on your computer, you can export and import them into your new password manager. (Apple does not have a similar password export option.) If you switch from one password manager to another, it also exports passwords.

Password managers will improve your digital life. But whether you have one or not, there are four simple password protection rules you need to know.

Rule no. 1: Don’t rely only on passwords.

Use two-factor authentication, also known as 2FA, whenever possible. This requires additional code or validation sent to another device.

In general, activating 2FA is better than not having it at all. But if you have the option to use it, use an application authenticator (I like Authy) over a plain text message. It works when you have no mobile reception and is not susceptible to SIM card hijacking; in the event of a hacker, targeting someone with a valuable account, against that person’s phone number from the wireless provider. You can call your carrier and add a password to your wireless account for added security.

Rule no. 2: Make long passwords.

The term “password” should be removed. The new warmth is the password phrase. “Password length is a more important factor than complexity, because it’s harder to decrypt a longer password,” said Jameeka Green Aaron, head of information security at customer authentication company Auth0.

For example, the password phrase “Raccoon Doorknob Spacecraft” would take centuries to break, according to Bitwarden’s free password strength testing tool. Meanwhile, according to the controller, a 12-character string, with uppercase and lowercase letters, symbols and numbers, could take an attacker three years to break. Most password managers allow you to set the length of automatically generated passwords.

Rule no. 3: Make it unique.

Whatever you do, don’t reuse passwords. It’s the most common way to hack accounts, Ms. Aaron said. If hackers discover your password in one place, they try it elsewhere. This is where password managers come in. Use them to create strong unique passwords and store them for all your accounts.

Rule no. 4: You have a backup plan for your backup plan.

The password manager key is a master password, along with a device to authenticate your login. A good password manager doesn’t know what your primary password is and can’t help you recover your account.

So to be a good password parent, you have to think about the worst case scenario: what if you lose the device to which two-factor authentication codes are sent? What if you forget your master password?

Authy syncs authentication codes across multiple devices (e.g., phone and iPad), which helps if you lose one. Setting up a physical security key, such as YubiKey, as an additional authenticator, is another protection measure. As for remembering the master password, the best solution is low-tech: write it on a piece of paper and save it with the rest of the most important documents. It is more secure in the physical world than in the digital.

—For more analysis, reviews, tips, and WSJ technology headlines, sign up for our weekly newsletter.

Write to Nicole Nguyen to [email protected]