Password Managers


3 mins


I’m exploring password managers. I want to test my current opinion & biases against what actually works.

To do this, I’m designing and implementing my own password manager.

What exactly is a password manager?

In its simplest online form, a password manager is a scheme that automatically retrieves & presents to its associated website a password to satisfy a login challenge. A typical implementation involves storage of passwords mapped to users maintained in a commercial service which itself requires an authenticated login to utilize.

The widely-used offline form of password manager is a simple list of websites, user names & associated passwords. This might be kept in a notebook, a series of sticky notes or even as an electronic document on the user’s computer.

Each of these forms of password managers address one or more key needs of the user.

  • Convenience
  • Security
  • Accuracy
  • Efficiency
  • Cost
Convenience

This is the most common reason a person uses a password manager. They don’t like remembering or tracking passwords, so pushing that job to a password manager is an easy decision. Consumers make convenience-based purchases all the time and this is no different.

An online commerical service that stores and manages passwords is by definition more convenient than using a notebook. Sorting a handwritten - or even typed - password document is essentially impossible. It’s easy to transpose characters or simply use the wrong one when ‘retrieving’ a password from a notebook or electronic passwords document.

Security

Some consumers will assert that using a password manager service is more secure than typing in passwords themselves. I’m unconvinced. I’ll revisit this in-depth after this exercise.

Accuracy

Here is where online password managers really shine. It won’t ever make a typo entering a password nor will it confuse site passwords. Accuracy is a big win especially for sites that are aggressive in their incorrect-password lockout policies.

As noted above, hand-typing or copy & pasting passwords is error-prone. There’s no getting around the human aspect: it’s a process that requires precision & we don’t always have it.

Efficiency

This is another great benefit - online password managers are just really efficient. Visit the site and a popup appears either asking you if you want to login, prefilled with your credentials, or just logs you in immediately? That’s a pretty efficient use of your time. Over the course of a year, you’ll save a ton of time otherwise spent on this process.

Cost

Most online password managers are commercial services for which the user pays a fee. This is typically a monthly subscription like most web services. The two most popular services cost $3.99 - $7.99 per user per month, while one of these services does offer a free version for one user.

I have never paid for nor used a commercial password manager, but I can see the value here. Four dollars per month for the convenience & efficiency offered by these services seems reasonable.

Obviously, use of an offline password manager - a notebook or document - has no dollar cost. Ignoring the value of time here for a moment, use of a notebook is free.