Most of the sites in today's world will ask you to Sign Up before using their site. Why? Well they will try to customize and feed you with the stuff they think you will like depending on the way you have been using their service. Nothing wrong with that. You might like the personalized experience you are getting. But Signing up for thousand of websites is tedious. How in the hell am I to remember all these username and passwords. Agh!!!
OpenID solves the issue. It allows you to sign-in with your already existing digital identities. Sign-in with Google / Facebook etc. So, instead of creating a new user ID, you use one of your account on some other website and associate it with the new identity you are creating. So, your ID provider (The one you used to Sign-up on new website) confirms your identity for you. More about OpenID can be found here.
However, some people (including me) are not comfortable enough with associating various website with a single ID provider. Sure, you can use different ID providers for different websites, but then you will need to remember which ID provider you signed-up with on maybe XYZ.com. Also, what if your ID provider has some backend issue. You will not be able to log-in onto your favourite website till they fix issues on their side.
This is where Password Managers shine. They allow you to securely store various Username and Passwords for various services. You just need to remember the Master Password. Whenever you need to view or modify Username / Password, you need to type in your Master password. These username and password might be stored on your local device or some cloud server depending on the Password Manager you are using.
Your Browser has its own built-in password manager. That "Save password" pop-up you see whenever you create/modify credentials on some web service, actually, is your browser asking to store the said credentials securely in the Browser. But they are not really that secure or efficient to maintain:
- In case of Google Chrome, your credentials are protected with your Google Master Password. If anyone has access to that then they can essentially access all of your credentials (Use 2FA for increased security of your google account). In case of other browsers, you will generally be asked for Master Password. But they depend on the mercy of Operating System on how securely the credentials are stored. Apparently not that secure.
- The passwords are accessible only inside your browser. Say for example, you have installed Firefox on your laptop. Your credentials are stored inside the Firefox browser. Now, you are trying to log-in on to "Reddit" on your smartphone. You have not installed Firefox on your smartphone so you cannot sync password. Now, you need to turn-on your laptop, enter the master password, type the username and password by yourself on your smartphone. Not Efficient.
Bitwarden:
It is an Open-Source Password manager which is available for Free for personal use. It can be accessed on Windows, MacOS, Linux, Android, you name it. There are extensions for browser too. Hell, you can even access Bitwarden on Command Line Interface. Here are few reasons you should really consider using Bitwarden as your Password Manager:
- It is Free.
- It is secure (duh).
- It is open source.
- It allows you to sync your credentials across various platforms securely. You are free to sync your vault with as many devices as you want.
- Whenever you want to sign-up for a new service, you can generate strong passwords within Bitwarden itself. This password along with the Username will be securely stored inside Bitwarden. You can also configure if you want Bitwarden to show a Pop-up asking to save / modify credentials whenever you perform the corresponding action on any app.
- It also checks for Password leaks and will notify you if any of your password was in the breach or if your password is not strong enough or if you have used same password across various services. This is done by comparing hash. No one other than you (not even Bitwarden) can ever know about your credentials.
- It also provides with auto-fill functionality. So, you do not need to manually copy and paste your credentials.
- It also supports 2-step Login using Email and Authentication App. This adds another layer of security. Basically, whenever someone tries to log-in to Bitwarden, they will need to have access to your master key and Email or Authentication app too.
- Along with Passwords, you can store your credit card details, secure notes etc too. Users with Free Plan can store "Text" only data.
- If you are using your browser to store passwords, you can export them into a single file and then import them directly into Bitwarden without having to go through the trouble of copy / pasting them one by one. Find the detailed guide here.
- If you want even further security, then you are free to self host the Bitwarden manager on your own cloud server and sync your devices with it.
All of the above described features are Core features and they are available in Free Plan. The paid plans start at mere $10 /year and you get additional features like TOTP, support for all types of files (Free plan supports only text data) upto 1GB of size, vault health reports, emergency access and Priority Support.
To be honest, the free plan is more than enough for an ordinary person. The core features will remain free forever. Their paid plans are so cheap compared to other password managers in the market. Paying $10 /year for a service as good as Bitwarden's is worth it in my opinions. So, if you can shill out $10 per year then I would really recommend upgrading. It helps them cover their expenditures and continue the development of software. As for someone who are considering free plan, then there is not much you are missing by not upgrading.
If you want even further security the I would recommend checking out KeePass. A free, open-source, light-weight password manager (and generator) that will store password in local database securely protected with your Master Key. Everything is done locally on your device which means there is no sync feature which means that whenever you modify the database, you will need to export it and then manually import it on all of your other device.
Either way, start using Bitwarden or Keepass or other password managers. It will take you few minutes to set up but you will end up with better managed passwords and increased security.
Until next time.