FreshRSS

Normální zobrazení

Jsou dostupné nové články, klikněte pro obnovení stránky.
PředevčíremHlavní kanál

The best VPN service for 2024

As with any overly marketed products, the claims around virtual private networks (VPNs) can be fishy. Phrases like “military-grade encryption” or “total anonymity” aren’t verifiable, and certainly won’t help you decide which services suit your browsing needs best. As more of these companies embrace influencer marketing to sell their products, the obscure lingo has only grown, making it a confusing field to navigate, despite VPNs’ importance for online security. We tested nine popular VPNs to demystify the market and help you figure out which are the best VPNs available today.

Table of contents

Best VPNs of 2024

What is a VPN?

VPNs, or virtual private networks, mask your IP address and the identity of your computer or mobile device on the network and creating an encrypted "tunnel" that prevents your internet service provider (ISP) from accessing data about your browsing history. VPNs are not a one-size-fits-all security solution, though.

Instead, they’re just one part of keeping your data private and secure. Roya Ensafi, assistant professor of computer science and engineering at the University of Michigan, told Engadget that VPNs don’t protect against common threats like phishing attacks, nor do they protect your data from being stolen. Much of the data or information is stored with the VPN provider instead of your ISP, which means that using a poorly designed or unprotected network can still undermine your security. But they do come in handy for online privacy when you’re connecting to an untrusted network somewhere public because they tunnel and encrypt your traffic to the next hop.

That means sweeping claims that seem promising, like military-grade encryption or total digital invisibility, may not be totally accurate. Instead, Yael Grauer, program manager of Consumer Reports’ online security guide, recommends looking for security features like open-source software with reproducible builds, up-to-date support for industry-standard protocols like WireGuard (CR's preferred protocol) or IPsec, and the ability to defend against attack vectors like brute force.

Understanding VPNs and your needs

Before considering a VPN, make sure your online security is up to date in other ways. That means complex passwords, multi-factor authentication methods and locking down your data sharing preferences. Even then, you probably don’t need to be using a VPN all the time.

“If you're just worried about somebody sitting there passively and looking at your data then a VPN is great,” Jed Crandall, an associate professor at Arizona State University, told Engadget.

That brings us to some of the most common uses cases for VPNs. If you use public WiFi networks a lot, like while working at a coffee shop, then VPN usage can help give you private internet access. They’re also helpful for hiding information from other people on your ISP if you don’t want members of your household to know what you’re up to online.

Geoblocking has also become a popular use case as it helps you reach services in other parts of the world. For example, you can access shows that are only available on streaming services, like Netflix, Hulu or Amazon Prime, in other countries, or play online games with people located all over the globe.

There are also a few common VPN features that you should consider before deciding if you want to use one, and which is best for you:

What is split tunneling?

Split tunneling allows you to route some traffic through your VPN, while other traffic has direct access to the internet. This can come in handy when you want to protect certain activity online without losing access to local network devices, or services that work best with location sharing enabled.

What is a double VPN?

A double VPN, otherwise known as multi-hop VPN or a VPN chain, passes your online activity through two different VPN servers one right after the other. For VPN services that support this, users are typically able to choose which two servers they want their traffic to pass through. As you might expect, this provides an extra layer of security.

Are VPNs worth it?

Whether or not VPNs are worth it depends how often you could use it for the above use cases. If you travel a lot and rely on public WiFi or hotspots, are looking to browse outside of your home country or want to keep your traffic hidden from your ISP, then investing in a VPN will be useful. But, keep in mind that even the best VPN services often slow down your internet connection speed, so they may not be ideal all the time.

In today's world, we recommend not relying on a VPN connection as your main cybersecurity tool. VPN use can provide a false sense of security, leaving you vulnerable to attack. Plus, if you choose just any VPN, it may not be as secure as just relying on your ISP. That’s because the VPN could be based in a country with weaker data privacy regulation, obligated to hand information over to law enforcement or linked to weak user data protection policies.

For VPN users working in professions like activism or journalism that want to really strengthen their internet security, options like the Tor browser may be a worthwhile alternative, according to Crandall. Tor is free, and while it's less user-friendly, it’s built for anonymity and privacy.

How we tested VPNs

To test the security specs of different VPNs and name our top picks, we relied on pre-existing academic work through Consumer Reports, VPNalyzer and other sources. We referenced privacy policies, transparency reports and security audits made available to the public. We also considered past security incidents like data breaches.

We looked at price, usage limits, effects on internet speed, possible use cases, ease of use, general functionality and additional “extra” VPN features like multihop. The VPNs were tested across iOS, Android and Mac devices so we could see the state of the mobile apps across various platforms (Windows devices are also supported in most cases). We used the “quick connect” feature on the VPN apps to connect to the “fastest” provider available when testing internet speed, access to IP address data and DNS and WebRTC leaks or when a fault in the encrypted tunnel reveals requests to an ISP.

Otherwise, we conducted a test of geoblocking content by accessing Canada-exclusive Netflix releases, a streaming test by watching a news livestream on YouTube via a Hong Kong-based VPN and a gaming test by playing on servers in the United Kingdom. By performing these tests at the same time, it also allowed us to test claims about simultaneous device use. Here are the VPN services we tested:

Read more: The best password managers for 2023

Other VPN services our experts tested

NordVPN

NordVPN didn’t quite make the cut because it’s overhyped, and underwhelming. As I've written in our full review of NordVPN, the pricing, up to $14.49 for a “complete” subscription, seemed high compared to other services, and its free or lower cost plans just didn’t have the same wide variety of features as its competitors. 

TunnelBear

Despite the cute graphics and user friendliness, TunnelBear wasn’t a top choice. It failed numerous basic security tests from Consumer Reports, and had limited availability across platforms like Linux. It did, however, get a major security boost in July when it updated to support WireGuard protocol across more of its platforms.

Bitdefender VPN

Bitdefender doesn’t offer support for devices like routers, which limits its cross-platform accessibility. It also lacked a transparency report or third-party audit to confirm security specs.

Atlas VPN

Atlas ranked lower on our speed tests compared to the other VPNs tested, with a notably slower difference on web browsing and streaming tests. It was a good option otherwise, but could easily cause headaches for those chasing high speed connections. Security-wise, an Atlas VPN vulnerability leaked Linux users’ real IP addresses.

VPN FAQs

What are some things VPNs are used for?

VPNs are traditionally used to protect your internet traffic. If you’re connected to an untrusted network like public WiFi in a cafe, using a VPN hides what you do from the internet service provider. Then, the owner of the WiFi or hackers trying to get into the system can’t see the identity of your computer or your browsing history.

A common non-textbook use case for VPNs has been accessing geographically restricted content. VPNs can mask your location, so even if you’re based in the United States, they can make it appear as if you’re browsing abroad and unblock access. This is especially useful for streaming content that’s often limited to certain countries, like if you want to watch Canadian Netflix from the US.

What information does a VPN hide?

A VPN doesn’t hide all of your data. It only hides information like your IP address, location and browser history. A common misconception is that VPNs can make you totally invisible online. But keep in mind that the VPN provider often still has access to all of this information, so it doesn’t grant you total anonymity. You’re also still vulnerable to phishing attacks, hacking and other cyberthreats that you should be mindful of by implementing strong passwords and multi-factor authentication.

Are VPNs safe?

Generally, yes. VPNs are a safe and reliable way to encrypt and protect your internet data. But like most online services, the safety specifics vary from provider to provider. You can use resources like third-party audits, Consumer Reports reviews, transparency reports and privacy policies to understand the specifics of your chosen provider.

What about Google’s One VPN?

Google One subscriptions include access to the company’s VPN, which works similarly to other VPNs on our list, hiding your online activity from network operators. However, Google announced recently that it plans to shut down the One VPN because "people simply weren’t using it." There's no specific date for the shutdown, with Google simply saying it will discontinue the service sometime later in 2024. Pixel phone owners, however, will continue to have access to the free VPN available on their devices.

Recent updates

June 2024: Updated to include table of contents.

November 2023: This story was updated after publishing to remove mention of PPTP, a protocol that Consumer Reports' Yael Grauer notes "has serious security flaws."

This article originally appeared on Engadget at https://www.engadget.com/best-vpn-130004396.html?src=rss

© Engadget

The best VPNs

The best password manager for 2024

When we’re logging into our online accounts, it's usually with a purpose. We want to get in as quickly as possible to scroll social media or check a bank statement without interruption. It’s easy to become impatient and let login security slip by using the same passwords for everything — think the usual suspects like streets you've lived on or your kids' or pets' names. But that’s a security nightmare: With just one leak, a malicious actor can access some of your most sensitive accounts. Password managers help mitigate this threat by giving you an easy way to store and develop unique, strong passwords for every account. Yet, these services are not all built the same. We tested out nine of the best password managers available now to help you choose the right one for your needs. 1Password remains our top pick for the best password manager, thanks to its zero-knowledge policy, numerous security features and general ease of use, but there are other solid programs out there to consider as well.

How do password managers work?

Think of password managers like virtual safe deposit boxes. They hold your valuables, in this case usually online credentials, in a section of the vault only accessible to you by security key or a master password. Most of these services have autofill features that make it convenient to log in to any site without needing to remember every password you have, and they keep your credit card information close for impulse purchases.

But given that passwords are one of the top ways to keep your online identity secure, the real value of password managers is staying safe online. “It's just not possible without a password manager to have unique, long and hard-to-guess passwords,” Florian Schaub, an associate professor of information and of electrical engineering and computer science at the University of Michigan, said.

Common guidance states that secure passwords should be unique, with the longest number of characters allowed and uppercase letters, lowercase letters, numbers and special characters. This is the exact opposite of using one password everywhere, with minor variations depending on a site’s requirements. Think of how many online accounts and sites you have credentials for — it’s an impossible task to remember it all without somewhere to store passwords safely (no, a sticky note on your desk won’t cut it). Password managers are more readily accessible and offer the benefit of filling in those long passwords for you.

Are password managers safe?

It seems counterintuitive to store all your sensitive information in one place. One hack could mean you lose it all to an attacker and struggle for months or even years to rebuild your online presence, not to mention you may have to cancel credit cards and other accounts. But most experts in the field agree that password managers are a generally secure and safe way to keep track of your personal data, and the benefits of strong, complex passwords outweigh the possible risks.

The mechanics of keeping those passwords safe differs slightly from provider to provider. Generally, you have a lengthy, complex “master password” that safeguards the rest of your information. In some cases, you might also get a “security key” to enter when you log in to new devices. This is a random string of letters, numbers and symbols that the company will send you at sign up. Only you know this key, and because it’s stored locally on your device or printed out on paper, it’s harder for hackers to find.

These multiple layers of security make it difficult for an attacker to get into your vault even if your password manager provider experiences a breach. But the company should also follow a few security basics. A “zero-knowledge” policy means that the company keeps none of your data on file, so in the event of an attack, there’s nothing for hackers to find. Regular health reports like pentests and security audits are essential for keeping companies up to par on best practices, and other efforts like bug bounty programs or hosting on an open source website encourage constant vigilance for security flaws. Most password managers now also offer some level of encryption falling under the Advanced Encryption Standard (AES). AES 256-bit is the strongest, because there are the most number of possible combinations, but AES 128-bit or 192-bit are still good.

Who are password managers for?

Given their universal benefit, pretty much everyone could use a password manager. They’re not just for the tech-savvy people or businesses anymore because so much sensitive information ends up online behind passwords, from our bank accounts to our Netflix watch history.

That’s the other perk of password managers: safe password sharing. Families, friends or roommates can use them to safely access joint accounts. Texting a password to someone isn’t secure, and you can help your family break the habit by starting to use one yourself, Lisa Plaggemier, executive director at National Cyber Security Alliance, said. Streaming is the obvious use case, but consider the shared bills, file storage and other sites you share access with the people around you as well.

Are password managers worth it?

You likely already use a password manager, even if you wouldn’t think to call it that. Most phones and web browsers include a log of saved credentials on the device, like the “passwords” keychain in the settings of an iPhone. That means you’ve probably seen the benefits of not having to memorize a large number of passwords or even type them out already.

While that’s a great way in, the downfall of these built-in options are that they tend to be device specific. If you rely on an Apple password manager, for example, that works if you’re totally in the Apple ecosystem — but you become limited once you get an Android tablet, Lujo Bauer, professor of electrical and computer engineering, and of computer science, at Carnegie Mellon University, said. If you use different devices for work and personal use and want a secure option for sharing passwords with others, or just don’t want to be tied to one brand forever, a third-party password manager is usually worth it.

How we tested

We tested password managers by downloading the apps for each of the nine contenders on iPhone, Android, Safari, Chrome and Firefox. That helped us better understand what platforms each manager was available on, and see how support differs across operating systems and browsers.

As we got set up with each, we took note of ease of use and how they iterated on the basic features of autofill and password generators. Nearly all password managers have these features, but some place limits on how much you can store while others give more control over creating easy-to-type yet complex passwords. From there, we looked at extra features like data-breach monitoring to understand which managers offered the most for your money.

Finally, we reviewed publicly available information about security specs for each. This includes LastPass, which more experts are shying away from recommending after the recent breach. For the sake of this review, we’ve decided not to recommend LastPass at this time as fallout from the breach still comes to light (The company disclosed a second incident earlier this year where an unauthorized attack accessed the company’s cloud storage, including sensitive data. Since then, hackers have stolen more than $4.4 million in cryptocurrency using private keys and other information stored in LastPass vaults.)

These are the password managers we tested:

Other password managers we tested

LastPass

For a while, security experts considered LastPass a solid choice for a password manager. It’s easy to use, has a slew of helpful extra features and its free version gives you a lot. But we decided not to include LastPass in our top picks because of the high profile data breaches it has experienced over the past couple of years.

Keeper

Keeper met a lot of the basic criteria we tested for, like autofill options and cross-platform availability. We liked its family plan options, too, that can keep your whole household secure. But we didn’t think its extra features, like the encrypted messaging app, added much value. Plus, it has a self-destruct feature after five incorrect login attempts which, despite adding extra protection, could be a recipe for disaster for casual users.

Enpass

Enpass works well as an affordable password manager. That includes an inflation-beating “lifetime” access pass instead of a monthly payment for users really committed to the service. Still, it was confusing to set up across devices and because Enpass stores data locally, as opposed to in the cloud, we struggled to get started with it on mobile.

Norton

A familiar name in security, we were excited to test out Norton’s password manager. While it’s free, its features seem underdeveloped. It lacked password sharing, account recovery and complex form-filing tools that come standard in many of the other password managers we tested.

LogMeOnce

LogMeOnce comes with a wide range of premium tiers, from professional to family, that include different levels of storage and features. But when we tested, it lacked some basic cross-platform availability that other password managers had already, like compatibility with Mac and Safari.

FAQs

Why use a password manager?

Using a password manager can enhance your online security. They store all of your complex passwords and autofill them as needed, so that you can have unique, strong passwords across the web without remembering each of them yourself. In many cases, unique passwords are your first defense against attack, and a reliable manager makes it easier to keep track of them all.

Are password managers 100 percent safe?

Password managers are a secure way to store your credentials. Experts in the field generally agree that the benefits of accessibility when storing complex passwords outweigh the possibility of attack, like what happened with LastPass. But with any service, it can vary from provider to provider. You should look out for zero-knowledge policies, regular security audits, pentests, bug bounty programs and encryption when choosing the right secure password manager for you.

What if I forget my master password?

Forgetting a master password won’t necessarily lock you out for good, but the recovery process varies from provider to provider. Some services give you a “security key” at sign up to enter when you log into new devices. It can also be used to securely recover your account because it’s a random string of keys stored locally that only you have access to. Other services, however, have no way to recover your vault. So creating a master password that you won’t forget is important.

How can I make a good master password?

A good master password should be unique, with the longest number of characters allowed and uppercase letters, lowercase letters, numbers and special characters. Experts often recommended thinking of it like a “passphrase” instead of a “password” to make it easier to remember. For example, you can take a sentence like “My name is Bob Smith” and change it to “Myn@m3isB0b5m!th” to turn it into a secure master password that you won’t forget.

This article originally appeared on Engadget at https://www.engadget.com/best-password-manager-134639599.html?src=rss

© Engadget

The best password manager

Members of ransomware gang Lockbit arrested by law enforcement

International law enforcement, led by the UK’s National Crime Agency, have disrupted ransomware gang Lockbit's operation. The group behind notable hacks against aircraft manufacturer Boeing, chip giant Taiwan Semiconductor Manufacturing Company, sandwich chain Subway and thousands more had its site taken offline on Monday while authorities arrested major players behind the gang. "This site if now under the control of law enforcement," the website reads. According to malware repository Vx-underground, law enforcement took down at least 22 Lockbit-affiliated Tor sites.

"Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems," National Crime Agency Director General, Graeme Biggar, said in a statement. “As of today, LockBit are locked out. We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity."

Lockbit admitted defeat, too. In a statement to Vx-underground, the group said "FBI pwned me." Operation Cronos, the name law enforcement used for their efforts, also resulted in the seizure of source code and other useful data related to Lockbit's operations. At the same time, authorities in Poland, Ukraine and the US arrested key members of the ransomware operation. There are sanctions out for two more Lockbit affiliates in Russia.

There's more good news for Lockbit victims, too: The operation obtained keys from Lockbit to create a decryption tool for victims to get their data back, according to US Attorney General Merrick Garland. The free decryptors can be found via the No More Ransom project

Since 2019 when Lockbit first entered the scene, it's squeezed victims for more than $120 million in ransomware payments, according to acting assistant AG Nicole Argentieri.

This article originally appeared on Engadget at https://www.engadget.com/members-of-ransomware-gang-lockbit-arrested-by-law-enforcement-144245076.html?src=rss

© Reuters / Reuters

FILE PHOTO: A screenshot taken on February 19, 2024 shows a take down notice that a group of global intelligence agencies issued to a dark web site called Lockbit. Handout via REUTERS/File Photo

Members of ransomware gang Lockbit arrested by law enforcement

International law enforcement, led by the UK’s National Crime Agency, have disrupted ransomware gang Lockbit's operation. The group behind notable hacks against aircraft manufacturer Boeing, chip giant Taiwan Semiconductor Manufacturing Company, sandwich chain Subway and thousands more had its site taken offline on Monday while authorities arrested major players behind the gang. "This site if now under the control of law enforcement," the website reads. According to malware repository Vx-underground, law enforcement took down at least 22 Lockbit-affiliated Tor sites.

"Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems," National Crime Agency Director General, Graeme Biggar, said in a statement. “As of today, LockBit are locked out. We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity."

Lockbit admitted defeat, too. In a statement to Vx-underground, the group said "FBI pwned me." Operation Cronos, the name law enforcement used for their efforts, also resulted in the seizure of source code and other useful data related to Lockbit's operations. At the same time, authorities in Poland, Ukraine and the US arrested key members of the ransomware operation. There are sanctions out for two more Lockbit affiliates in Russia.

There's more good news for Lockbit victims, too: The operation obtained keys from Lockbit to create a decryption tool for victims to get their data back, according to US Attorney General Merrick Garland. The free decryptors can be found via the No More Ransom project

Since 2019 when Lockbit first entered the scene, it's squeezed victims for more than $120 million in ransomware payments, according to acting assistant AG Nicole Argentieri.

This article originally appeared on Engadget at https://www.engadget.com/members-of-ransomware-gang-lockbit-arrested-by-law-enforcement-144245076.html?src=rss

© Reuters / Reuters

FILE PHOTO: A screenshot taken on February 19, 2024 shows a take down notice that a group of global intelligence agencies issued to a dark web site called Lockbit. Handout via REUTERS/File Photo

The best password managers for 2024

We use passwords for everything. From our bank accounts to free social media sites, our password footprints spread all over our digital landscape. But that means if you’re reusing the same ones over and over again, you’re opening yourself up to hackers potentially finding one in a leak and getting into your most sensitive accounts. That’s where password managers come in. They store all your credentials in one place, taking the burden off of you to remember them all, and even offer stronger password options to help prevent reuse in the future. Yet, it’s a confusing space filled with extra features and security gaps that can make it hard to navigate. We tested out nine of the best password managers available now to help you choose the right one for your needs. 1Password remains our top pick thanks to its zero-knowledge policy, numerous security features and general ease of use, but there are other solid password managers out there to consider as well.

How do password managers work?

Think of password managers like virtual safe deposit boxes. They hold your valuables, in this case usually online credentials, in a section of the vault only accessible to you by security key or a master password. Most of these services have autofill features that make it convenient to log in to any site without needing to remember every password you have, and they keep your credit card information close for impulse purchases.

But given that passwords are one of the top ways to keep your online identity secure, the real value of password managers is staying safe online. “It's just not possible without a password manager to have unique, long and hard-to-guess passwords,” Florian Schaub, an associate professor of information and of electrical engineering and computer science at the University of Michigan, said.

Common guidance states that secure passwords should be unique, with the longest number of characters allowed and uppercase letters, lowercase letters, numbers and special characters. This is the exact opposite of using one password everywhere, with minor variations depending on a site’s requirements. Think of how many online accounts and sites you have credentials for — it’s an impossible task to remember it all without somewhere to store passwords safely (no, a sticky note on your desk won’t cut it). Password managers are more readily accessible and offer the benefit of filling in those long passwords for you.

Are password managers safe?

It seems counterintuitive to store all your sensitive information in one place. One hack could mean you lose it all to an attacker and struggle for months or even years to rebuild your online presence, not to mention you may have to cancel credit cards and other accounts. But most experts in the field agree that password managers are a generally secure and safe way to keep track of your personal data, and the benefits of strong, complex passwords outweigh the possible risks.

The mechanics of keeping those passwords safe differs slightly from provider to provider. Generally, you have a lengthy, complex “master password” that safeguards the rest of your information. In some cases, you might also get a “security key” to enter when you log in to new devices. This is a random string of letters, numbers and symbols that the company will send you at sign up. Only you know this key, and because it’s stored locally on your device or printed out on paper, it’s harder for hackers to find.

These multiple layers of security make it difficult for an attacker to get into your vault even if your password manager provider experiences a breach. But the company should also follow a few security basics. A “zero-knowledge” policy means that the company keeps none of your data on file, so in the event of an attack, there’s nothing for hackers to find. Regular health reports like pentests and security audits are essential for keeping companies up to par on best practices, and other efforts like bug bounty programs or hosting on an open source website encourage constant vigilance for security flaws. Most password managers now also offer some level of encryption falling under the Advanced Encryption Standard (AES). AES 256-bit is the strongest, because there are the most number of possible combinations, but AES 128-bit or 192-bit are still good.

Who are password managers for?

Given their universal benefit, pretty much everyone could use a password manager. They’re not just for the tech-savvy people or businesses anymore because so much sensitive information ends up online behind passwords, from our bank accounts to our Netflix watch history.

That’s the other perk of password managers: safe password sharing. Families, friends or roommates can use them to safely access joint accounts. Texting a password to someone isn’t secure, and you can help your family break the habit by starting to use one yourself, Lisa Plaggemier, executive director at National Cyber Security Alliance, said. Streaming is the obvious use case, but consider the shared bills, file storage and other sites you share access with the people around you as well.

Are password managers worth it?

You likely already use a password manager, even if you wouldn’t think to call it that. Most phones and web browsers include a log of saved credentials on the device, like the “passwords” keychain in the settings of an iPhone. That means you’ve probably seen the benefits of not having to memorize a large number of passwords or even type them out already.

While that’s a great way in, the downfall of these built-in options are that they tend to be device specific. If you rely on an Apple password manager, for example, that works if you’re totally in the Apple ecosystem — but you become limited once you get an Android tablet, Lujo Bauer, professor of electrical and computer engineering, and of computer science, at Carnegie Mellon University, said. If you use different devices for work and personal use and want a secure option for sharing passwords with others, or just don’t want to be tied to one brand forever, a third-party password manager is usually worth it.

How we tested

We tested password managers by downloading the apps for each of the nine contenders on iPhone, Android, Safari, Chrome and Firefox. That helped us better understand what platforms each manager was available on, and see how support differs across operating systems and browsers.

As we got set up with each, we took note of ease of use and how they iterated on the basic features of autofill and password generators. Nearly all password managers have these features, but some place limits on how much you can store while others give more control over creating easy-to-type yet complex passwords. From there, we looked at extra features like data-breach monitoring to understand which managers offered the most for your money.

Finally, we reviewed publicly available information about security specs for each. This includes LastPass, which more experts are shying away from recommending after the recent breach. For the sake of this review, we’ve decided not to recommend LastPass at this time as fallout from the breach still comes to light (The company disclosed a second incident earlier this year where an unauthorized attack accessed the company’s cloud storage, including sensitive data. Since then, hackers have stolen more than $4.4 million in cryptocurrency using private keys and other information stored in LastPass vaults.)

These are the password managers we tested:

Other password managers we tested

LastPass

For a while, security experts considered LastPass a solid choice for a password manager. It’s easy to use, has a slew of helpful extra features and its free version gives you a lot. But we decided not to include LastPass in our top picks because of the high profile data breaches it has experienced over the past couple of years.

Keeper

Keeper met a lot of the basic criteria we tested for, like autofill options and cross-platform availability. We liked its family plan options, too, that can keep your whole household secure. But we didn’t think its extra features, like the encrypted messaging app, added much value. Plus, it has a self-destruct feature after five incorrect login attempts which, despite adding extra protection, could be a recipe for disaster for casual users.

Enpass

Enpass works well as an affordable password manager. That includes an inflation-beating “lifetime” access pass instead of a monthly payment for users really committed to the service. Still, it was confusing to set up across devices and because Enpass stores data locally, as opposed to in the cloud, we struggled to get started with it on mobile.

Norton

A familiar name in security, we were excited to test out Norton’s password manager. While it’s free, its features seem underdeveloped. It lacked password sharing, account recovery and complex form-filing tools that come standard in many of the other password managers we tested.

LogMeOnce

LogMeOnce comes with a wide range of premium tiers, from professional to family, that include different levels of storage and features. But when we tested, it lacked some basic cross-platform availability that other password managers had already, like compatibility with Mac and Safari.

FAQs

Why use a password manager?

Using a password manager can enhance your online security. They store all of your complex passwords and autofill them as needed, so that you can have unique, strong passwords across the web without remembering each of them yourself. In many cases, unique passwords are your first defense against attack, and a reliable manager makes it easier to keep track of them all.

Are password managers 100 percent safe?

Password managers are a secure way to store your credentials. Experts in the field generally agree that the benefits of accessibility when storing complex passwords outweigh the possibility of attack, like what happened with LastPass. But with any service, it can vary from provider to provider. You should look out for zero-knowledge policies, regular security audits, pentests, bug bounty programs and encryption when choosing the right secure password manager for you.

What if I forget my master password?

Forgetting a master password won’t necessarily lock you out for good, but the recovery process varies from provider to provider. Some services give you a “security key” at sign up to enter when you log into new devices. It can also be used to securely recover your account because it’s a random string of keys stored locally that only you have access to. Other services, however, have no way to recover your vault. So creating a master password that you won’t forget is important.

How can I make a good master password?

A good master password should be unique, with the longest number of characters allowed and uppercase letters, lowercase letters, numbers and special characters. Experts often recommended thinking of it like a “passphrase” instead of a “password” to make it easier to remember. For example, you can take a sentence like “My name is Bob Smith” and change it to “Myn@m3isB0b5m!th” to turn it into a secure master password that you won’t forget.

This article originally appeared on Engadget at https://www.engadget.com/best-password-manager-134639599.html?src=rss

© 1Password

1Password for iOS
❌
❌