My wife’s memory is so terrible, I’ve become her memory-keeper, faithfully logging her favorite burgers on my iPhone and remembering every variation of her usual password. “The usual” (not her actual password) has been my wife’s password for at least 10 years, although there’s now a second “usual” for the accounts we share, plus a handful of variations to reflect password requirements like capitalization, numbers, or special characters.
According to LastPass’s , 44 percent of survey respondents recycle identical or similar passwords across sites despite knowing this is unsafe. And 53 percent of survey respondents said they haven’t changed a password in 12 months despite hearing of a data breach.
But relying on a master password with variations to meet specifications isn’t just lazy, it’s unsafe. The indicates that 37 percent of data breaches involve credential theft of weak credentials (aka, crap passwords easily guessed by hackers). A full 80 percent of web app breaches involve stolen credentials — a worrying trend given the uptick in web apps among WFH life.
While there’s no harm in logging my wife’s preferred burger toppings, I know I’m doing her no favors by cataloging her passwords. The problem isn’t so much ill intent, although of Americans do commit “financial infidelity” on a partner, reports the National Endowment for Financial Education. Instead, it’s access control: If something were to happen to me (say in 2021 I do get to go to that Greek island writing retreat where there’s no WiFi, and I’m not available to help my wife get into an account), she’d need to guess, and . Then she’d reset the password to something she’d easily remember — which would be .
I’ve shifted toward using Safari’s built-in password manager to generate and autofill strong passwords for me, skirting the issue. Since I use only Apple products and work for myself, my passwords autofill across all my devices. But my wife has personal and work computers, and can’t have access control tethered to a specific device, platform, or browser.
Before a data breach turns into something way worse, like , we should probably use a password manager. However 2021 plays out, I want to avoid preventable missteps and control the things I can. With a password manager, I’ll only need to remember one password for my wife.
While price is important, ease of use is my main criteria.
While price is important, ease of use is my main criteria. For a password manager to work in our multi-device, cross-platform, memory-challenged lives, it needs to be simple to set up. Seems like a low bar but, tbh, it isn’t.
Here are the top three I’m considering.
Dashlane first caught my eye because its free plan allows you to store up to 50 passwords across one device and share up to five passwords with other Dashlane users. Shared passwords are encrypted using both a unique public key, which is associated with each user’s account and used when sharing, and a private key, known only to the user.
Paid plans for individuals and families cost $59.99 and $89.99 per year respectively. Both paid plans include unlimited passwords, devices, and a free VPN, which is nice to have for the rare instances I’m on public WiFi. Family plans give you up to five private accounts and a centralized family dashboard. A Site Breach Alerts feature lets you know if your personal information is compromised.
I actually tried Dashlane in 2019 when I tested out a virtual assistant, basically, outsourced admin help for self-employed folks like me. I got the password manager set up in minutes. My virtual assistant? Not so much. She spent a billable hour trying and failing to get her Dashlane account to work, at which point I actually troubleshot the app on her behalf via chatbot. When the virtual assistant still couldn’t activate her account to use my shared passwords, I gave up: on her, on hiring a virtual assistant, and on Dashlane.
Was she bad at her job or does Dashlane suck at sharing passwords? There’s no way for me to know unless I try it again, and I might: I liked its features, found it easy to use, and there’s literally no cost to test out the free plan. The family account is appealing, and it seems a good choice for entrepreneurs who need to share a handful of passwords with freelancers or contractors. But if I ran into similar problems, I’d move on to another app.
While LastPass’s free plan comes , it doesn’t accommodate password sharing. Paid plans begin at $36 per year for an individual or $48 for a family plan (and there are scalable business plans, too). While its paid plans are cheaper than Dashlane’s, LastPass has had some pretty blatant security flaws, most notably in 2019, when Google Project Zero that allowed hackers to see users’ credentials. Yikes.
When I dug into LastPass to evaluate my options, I got confused. Could I share passwords with an individual plan or would I need a family plan? It wasn’t clear, and that suggested usability problems that ultimately killed this one for me. If I couldn’t understand their front-facing marketing pages — copy designed to get me to opt in — how could I explain the service to my wife, never mind play tech support if we forgot the master password? , other users have found.
LastPass seems like an easy solution for individuals who want a set-it-and-forget-it password solution, so long as they remember their master password. But the decidedly tells me my money’s better spent elsewhere.
1Password seems refreshingly simple. There’s a two-week free trial, after which time the password manager costs $3.99 per user per month ($47.88 per year) or $4.99 per month ($59.88 per year) for the family plan, which covers five users and includes 1GB of secure document storage. 1Password relies on both a master password and a secret key, which gives it a slight edge against unauthorized access.
More so than Dashlane, 1Password seems family-friendly: There’s group password sharing for safe online access with personal vaults for times when information needs to stay private. With the option to create guest accounts for sharing smart home passwords or WiFi, 1Password also seems like a top pick for short-term rental hosts. While LastPass and Dashlane let you share individual logins, 1Password operates on vault sharing. That’s ideal for a home-sharing host who wants guests to have access to a set of passwords, but unfun for the user who primarily shares access one site at a time with independent contractors.
Like Dashlane, 1Password seems to be oriented toward users who may not be tech savvy, but who understand the risks of poor password management and want to stay safe. My memory-challenged wife is a perfect user persona! Users can install across multiple platforms and devices, making it a compelling solution for our cross-platform, multi-device family. There’s even a Travel Mode that deletes sensitive data before you cross borders, then lets you restore once you’re settled, protecting your data from prying border officials. And at under $60, it’s appealingly affordable. The biggest drawback: Unlike with the other password managers, if you forget your password, there’s no way to reset it.
Password managers aren’t perfect, but ultimately they’re the best solution to both faulty memories and access control headaches caused by weak credentials. I can’t expect companies to adequately protect my private data — since 2005, have been exposed, and companies don’t always notify consumers — but I can avoid preventable missteps and control the variables in my power.