Password managers are a good point of support to manage accesses to the large number of Internet services where we are registered. And avoid the problem of using multiple passwords.
Not a week goes by without knowing some massive violation of Internet services and with it millions of passwords are exposed. The reality is that passwords are a horrible method in both security and usability, but until more advanced methods that have to come from biometric identification are consolidated, we have to continue using them.
Basically this kind of software reduces human errors in password management, since it automates the process of generating passwords and accessing websites and services. Of course, the created passwords are highly secure in compliance with standard standards in size and complexity.
With this, one of its great advantages is that the user only needs to remember a master password and the manager will do the rest. They also help against phishing attacks by immediately identifying characters from other alphabets. They usually work on multiple platforms and can work in offline and online mode. Of course, it saves time in accessing websites and Internet services.
Five free and open source password managers
The best-known options in password managers are commercial and / or paid web services, which require you to place a trust in them to deliver the keys to your digital home. The great advantage of open source administrators is the possibility of auditing the software and above all -in general- keeping the credentials under your control, installing and self-hosting on our own machine. We leave you with the most interesting ones for common users and work teams.
It is the grandfather of open source password manager administrators and has been around since the days of Windows XP. KeePass stores passwords in an encrypted database that you can access using a password or digital key. You can import and export passwords in a wide variety of formats.
Over the years, more plugins and variations have emerged, such as KeeWeb and KeePassX. Although it is a Windows application, KeePassX is a cross-platform version intended to provide a more Linux friendly version and even enthusiasts can run the application on a Purism Librem 5 smartphone. As for KeeWeb, it is a web application that can be run in any browser.
Especially intended for LastPass users looking for a more transparent alternative, it works as a web service that you can access from any desktop browser, while for Android and iOS it has its respective mobile apps. Bitwarden can share passwords and has secure access with multi-factor authentication and audit logs.
Intended for both users and companies, it offers an API so that they can integrate their tools within the organization. For this reason it can be run on servers, browsers, desktop PCs or mobile phones. The source code is available for all these versions under the GNU license (GPL 3.0). Something that everyone will like is that the passwords are saved on the company’s servers.
A self-hosted password manager designed specifically for work teams. It integrates with online collaboration tools such as browsers, email or chat clients. You can self-host the program on your own servers to maintain complete control of the data, although teams with no experience or infrastructure can use a cloud version that hosts them on the company’s servers.
Psono is another option for teams looking for open source business password management software. This is a self-hosted solution that offers an attractive web-based client written in Python, with source code available under the Apache 2.0 license.
In addition to sharing passwords, you can also manage files or folders. Browser extensions are available for Mozilla Firefox and Google Chrome. Psono is free for small teams and larger companies will have to pay based on the number of users.
A team-oriented administrator with an offline base mode we like, where you export your items to an encrypted file that can be used in locations without an internet connection. Teampass is not the most beautiful application in the world, but the design is tremendous and you can quickly define roles, user privileges and folder access. It is licensed under GPL 3.0.
What if I don’t want to use password managers?
In this case you will have to manage them yourself, keeping the basic rules for the creation and use of strong passwords, which are repeated in any cybersecurity manual:
Do not use typical words or common numbers.
Combine upper and lower case.
Combine numbers with letters.
Add special characters.
Extend the term with the highest number of digits.
Do not use the same password on all sites.
Especially, use specific passwords for banking and online shopping sites.
And in your case also vary the username.
Keep the password safe from any third party.
Never reveal the password in supposed official requests from emails or messages from messaging services (these are usually phishing attacks).
Strengthen the use of passwords with other supported systems, especially double authentication (2FA) or biometric systems, fingerprint sensors or facial recognition.