Tech

Gain security with these 6 password managers for Android

The password managers they have become an important part of the lives of some, since we are registered in a large number of websites and services of all kinds that cover facets such as work, leisure and social life.

Because the Internet has devoured our lives, that means we deal with dozens of passwords. This, together with the not so surprising data breaches that we have been learning about in the last 10 years, has sparked a movement against the use of passwords, which are considered by some to be insecure. One of the most prominent alternatives is biometric authentication methods, but those made available to end-users cast serious doubt on privacy, reliability, and the trust that can be placed in them, so password advocates “classic” have compelling reasons to maintain their position.

Being heterodox, it is possible to carry out a correct password management using the memory that one has in the brain. If the amount is small, it is likely that the user will not repeat them and even remember to renew them from time to time, but as fallible beings that we are, everything gets complicated when the amount increases. This is where the possibility of repeating passwords or neglecting many of them comes in, which increases the chances that user data ends up in the wrong hands.

Fortunately, password managers have been around for a long time, they facilitate the management of passwords and in some cases are even capable of notifying the user in the event that one has ended up being compromised due to a data breach. Although this type of application is usually associated with web browsers, it can also be used at the operating system level, a context that is normal in the mobility sector, so we are going to take this opportunity to extend the topic around Android .

Reasons to use a password manager on Android

Google introduces its own password manager in Android, a feature that at this point should not surprise anyone seeing the successive data breaches discovered in the last 10 years.

Despite the fact that Google cares a lot about security (privacy is something else), using its mechanisms and services means staying tied to its ecosystem, so later one has more difficulty jumping to an alternative.

Another point that the search engine company has against it is the fact that most of its products and services are proprietary, although they may derive from open source projects, as is the case with Chrome versus Chromium. This prevents, in most cases, that they can be freely audited by a third party, a situation that leaves security and privacy in the trust that the user places in Google.

password managers

In short, the use of a third-party password manager that is fully cross-platform and, if possible, open source, provides much of what the user needs to avoid being trapped in the Google ecosystem, being able to access your credentials through different means (an application or a web browser extension). Obviously, complete independence is impossible to achieve unless one develops and maintains one’s own password manager, but this requires knowledge that is available to very few. Despite the fact that total independence is an unattainable goal for the common user, it is always preferable to improve partially in this sense than not to do it at all.

We cannot leave in the inkwell the position of total mistrust of services that rely on online synchronization, even those that are open source. This position is legitimate and is supported by powerful reasons, so if you prefer to use a password manager that works only locally, it is important to see if it has good cross-platform support and if it makes export facilities to transfer the data (already possible by bypassing Wi-Fi and Bluetooth, which can be hacked remotely).

Six third-party password managers for Android

Bitwarden

We start with the most popular solution among those published as free software. Bitwarden is a cross-platform password manager that has gained popularity over the years thanks to its easy-to-use applications and extensions. The fact of being in a high percentage free software both at client and server level It gives you a plus of transparency against many rivals.

Bitwarden

Bitwarden includes AES-256 encryption along with salted hash and PBKDF2-SHA-256 to provide privacy, security, and mechanisms to prevent brute force attacks (try passwords one by one until you find the correct one). Offers unlimited storage for passwords, personal information, and finances; end-to-end encryption and two-step authentication. Thanks to the fact that the server part is largely free software and can be forked, the user can host it on their own server machine.

Dashlane

Dashlane is another popular choice among password managers that also has support for Android. For encryption it uses AES-256, it is able to detect weak passwords and additionally makes a VPN available as a privacy booster. Other of its characteristics are that monitors various dark web sites for data breaches and leaks and provides two-step authentication and 1GB of encrypted storage that can be shared with other users of the same password manager.

Dashlane

Dashlane is a private, centralized service focused on paid subscriptions, so although there is a free individual plan that allows you to store up to 50 passwords, if you choose it as a manager, it would be convenient to pay for the Premium plan, which costs 5, 49 euros per month.

1Password

Another option as popular as centralized and proprietary. 1Password is another of the password management giants that offers monitoring for data breaches, two-factor authentication, 256-bit AES encryption, phishing protection and a secret key that is created locally on the device and is used in combination with the master key to authenticate to the server and encrypt user data. It’s important to note that it only works in verified web browsers (synchronization between mobile and desktop is a feature we consider essential).

1Password

1Password offers a 14-day trial period that forces the user to go through the checkout to continue using it. The basic personal plan costs 2.99 euros per month.

KeePass Forks

KeePass is one of the most popular password managers released as free software, if not the most after Bitwarden at the moment. It is a veteran of the sector who has remained firm in his philosophy, so, compared to most of the options mentioned in this post, works only locally and does not support, at least initially, online synchronization.

Being initially developed for Windows, it later came to macOS and Linux using Mono, a free software reimplementation of the .NET framework. Although its interface can be seen as old, its quality has been praised on more than one occasion. Passwords are saved by default in a file in ‘.kdbx’ format and can be exported to TXT, HTML, XML and CSV. It has a plugin architecture that can compromise it if not used carefully and relies on web browser extensions for ease of use.

KeepPass

And what about Android on this front? Well, there are several unofficial KeePass implementations, being KeePassDroid, KeePass2Android, KeePassDX and KeepShare those mentioned by the website of the original project. Because KeePass is released under the GPL, all of its forks are required to release the source code if they want to comply with the license.

All the options for Android offer essentially the same thing, but with a different aesthetic finish and some other characteristic of their own. Knowing which one is the best is a matter of trying, which is common in free software and its tendency towards forks and re-implementations.

pass

Enpass is yet another password manager, with its security-level features and its facilities when it comes to managing credentials and data such as payment data, but in its favor it has a rather particular one, and that is that it does not store the data on the developer’s own servers.

pass not only allows the user to store their passwords and data locally, but also offers the ability to sync via cloud storage services such as Dropbox, iCloud, Google Drive, OneDrive, Box, WebDAV and Nextcloud. Here possibly the most valuable option is Nextcloud because it can be implemented on a server contracted by the user, while most of the other options are proprietary and centralized services.

Pass for Android

Delving into the particularities of Enpass, we can mention the possibility of attaching any type of file, support for smartwatches and support for time-based one-time password (TOTP).

LastPass

And we close the list with the most popular solution in the sector, LastPass, which hasn’t seemed to be experiencing its best moments for a while.

LastPass is served as freemium (that is, it is initially free and makes additional features available for payment) and stands out for the use of AES-256 encryption with PBKDF2 SHA-256, salted hash and the fact that encryption and decryption processes are performed at the device level. It also offers cross-platform support across operating systems and web browsers, and two-factor authentication through means like YubiKey.

LastPass

LastPass has become extremely popular, but over the course of the past decade it has faced several security incidents that have undermined its reputation. The last thing we have heard about is an alleged compromise of the master passwords.

Another point to keep in mind is that syncing between mobile devices and desktop is no longer free, so you have to subscribe to a paid plan to get basic functionality for a service that syncs online.

Conclution

Although biometric authentication methods have managed to gain a foothold on mobile phones (there are even password managers that support them), the reality is that “lifetime” passwords are still the preferred means of accessing many services and websites and There are even reasons to defend them against more modern media that, at least for now, cast doubt on their reliability.

Having a reliable and multi-platform password manager is a good defense mechanism so that the user can access their credentials regardless of the medium and system used. There are many options, discovering which is the best is a journey that must be traveled by oneself.

Images: Pixabay

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *