OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


The Best Password Managers

Article for: Everyone
Difficulty: Simple
Importance: It is critical to have and use a password manager

There are many password managers available. Password managers are essential because we need strong passwords. They should be over 20 characters, hopefully random, and never using the same one in multiple places. It is not possible for humans to remember hundreds of passwords, so a single place to store them is essential. You must put your passwords and any password changes into your password manager and then use them onsite from your manager. Only by always entering them in the password safe and then copying them to a website or program, will you always know you have the correct password. I divide them into two basic groups, Local and Online.


The data resides on your computer and is available to you all the time. These have advantages and disadvantages:
  • They are more secure since the data isn't in some central place under other people's control. Lastpass, for example, was breached 5 times in the last 10 years. They responded quickly and well, but they are a significant target. However, since they store the files using excellent encryption, if you have a strong password into your safe, no one can break into it even if it is lost.
  • You can enter local password protected programs like Quickbooks, or Teamviewer with local password managers because they run off your local machine.
  • They are separated from your browser, which is a major point of attack.

  • The big disadvantage is when you are not on your computer but need to share your passwords with your mobile devices like phones or tablets. It is convenient to have all your passwords online and accessible from all your devices and always up to date.

Keepass is my recommendation for a local password manager. It has millions of users, is free, is very secure and has been audited. It is open source, so experts can examine the code. Keepass integrates with Windows, so it is easy to login to online accounts and local programs. You can use hotkeys that will send usernames and passwords out to websites or local programs.

Keepass has several mobile apps that are compatible with it. I use Keepass2Android on my phone and tablets. It is great.

I used to copy my password file occasionally to my mobile devices. Since I always add passwords from my office computer, I didn't need to sync. The same password file works on both Windows and Android.

Now, however, I sync them with a free Dropbox account. It is a little tricky to set up the sync on Keepass, but if you know what you are doing, you can do it in a few minutes. However, I don't recommend this for my clients. You also lose a little of your security because you store your passwords outside your control. I don't worry about it because my password into my Keepass safe is excellent, so no one could break into it even if they took the file.

Strongbox is an option that is open source, Keepass compatible, and works with Mac and iOS products. They have both free and paid versions and are highly recommended.


Online password managers provide programs for Mac, Android, Windows and Linux and store the information on their servers in the cloud. They also sync from their servers to your local devices so you could use them even if you could not access their servers. You have local copies of the master in the cloud.

The biggest and most famous is Lastpass, which was purchased by LogMeIn in 2015. Lastpass offered an excellent free version and an even more robust paid version. In 2017, they doubled the price and removed some free features. Recently they announced you could no longer sync the mobile version with the desktop version for free and are requiring purchase of their premium product for syncing. This has bothered many. I wrote them off after LogMeIn bought them. There is no reason to use Lastpass if you will not sync devices. Keepass is a better, safer option.

I currently recommend Bitwarden for an online option. It is also free or paid depending on features. It is open source and audited. The free version allows you to sync all your devices and even use your own server to host the passwords instead of theirs. You also have unlimited passwords and support with their free version. For $10/yr. the paid version allows 1 GB of encrypted file attachments, an authenticator, more 2FA support, health reports and priority support. Besides, if you use it, you should support them. Start with the free version, and if it becomes an important part of your online life, subscribe for $10/yr.

Further reading

  • Here is a good article comparing the two most prominent online server based systems, Bitwarden and Lastpass.
  • Here is an article looking at trackers embedded into prominent Android online password managers. The worst offender appears to be Last Pass with 6 trackers. Bitwarden's 2 trackers are reporting on crashes and database issues, so not privacy issues.
  • Another article on the benefits of Bitwarden:
  • A list of articles I've written about Keepass. How to set it up and many features. This includes links to videos and PDF files.

Date: April 2021

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster