Nowadays, passwords are used for all kinds of financial accounts, social accounts, online shopping accounts and so on. For most users, however, these passwords are hard to remember. You can remember just a few passwords that are used frequently in their daily life. If you create a long and complex password for an account and don’t use it for a long time, you may forget the password when you want to use it. As a result, millions of people now rely on password managers to store their passwords and secure their various online accounts. However, the password manager is not completely secure, and many popular password managers frequently expose vulnerabilities.
This article will walk you through the 10 most popular free password managers and then the vulnerabilities exposed in the past.
Here are 10 mainstream free password managers:
LessPass: It is an open-source password manager that doesn’t support synchronization. Remember your master password, and you can access all your passwords anytime, anywhere. It offers Firefox and Chrome plugins. In addition, it is a good cross-platform password manager.
Passbolt: Based on OpenPGP, it is an open-source and extensible password manager for teams. It allows credentials to be shared and stored securely. For example, your office’s WiFi password, an administrator’s password for a router, or your team’s social media account password, can all be secured by using Passbolt.
Felony: This is also an open-source PGP password management tool. It is easy to use and based on Electron, React, Redux.
KeeWeb: It is an open-source and cross-platform password manager. Compatible with KeePass database format, it offers a desktop version.
LastPass: With a free version, it is the best password manager I’ve ever used. LastPass supports automatic cloud synchronization. Therefore, users can simply remember a master password and enjoy automatic password filling, secure notes, password sharing with friends, and other features whenever and wherever they want, regardless of the number of devices.
Meldium: Meldium is a password manager for small to medium-sized teams and companies to securely share the app permissions among their members. But it is only free for teams with five members or less. Otherwise, you need to pay for a plan to use it.
Dashlane: This is a growing password management tool that offers a free version. You can open Dashlane and click on the green button to change the password. Users can change the password of their account into a new password that is generated by Dashlane randomly. For accounts with two-factor authentication, users can directly answer questions about password authentication they set up before in Dashlane.
Among the well-known password managers, KeePass is an open-source password manager certified by OSI. You have full access to its source code and you can compile it yourself. You can also test the security on your own or use any other encryption algorithm if needed.
Btwarden: It is another open-source and free password manager. Bitwarden works by using the high-security level AES256 algorithm to encrypt your personal data locally and then upload it to a cloud server to realize cloud synchronization. Bitwarden uses Microsoft’s Azure cloud server, encrypts the master password with PBKDF2, and supports two-factor authentication. Thus, you don’t have to worry about security while using Btwarden.
Hashcat: Hashcat is a Hash password recovery (cracking) tool that can come in CPU-based version or GPU-based version. It was announced as open-source on December 5, 2015.
The vulnerabilities exposed by the password manager:
Researchers have long known that many password managers have security problems. Because the password manager is generally protected by a master password. Once the master password in the password manager or the registered email address is stolen, all the user’s account passwords cannot be saved.
It has also been found that when the password manager itself is locked, the master password will remain in the device’s memory in cleartext. The password manager encrypts the password database using a key derived from the user’s master password. When the user enters the master password, the key is loaded into the program’s memory and the vault is unlocked. Some or all of the personal passwords stored in the vault may also be temporarily copied into the program’s memory when you are using it. This means that hackers who can access the computer will easily read and then access all the data stored in the password manager.
What to do if the password manager you are using exposed vulnerability?
- First of all, stop using the password manager and change your passwords stored in it.
- Update software as soon as there is a new version because it contains very important security patches.
- Check your computer for malware.
- Be very careful when installing software from unknown resources.
Note: For your own safety, we kindly recommend you not to store extremely valuable passwords, such as bitcoin private keys, in a password manager. And you should always connect to a high-quality VPN like RitaVPN to protect yourself while surfing the Internet.