Password security is key to keeping your website safe from hackers, but creating a strong and unique password can be difficult. Unfortunately, remembering it can be even harder — unless you use a password manager.
We’ve previously looked at 10 ways to keep your WordPress website secure, and today, we’re expanding on that with concrete recommendations of the best password managers to use.
As well as sharing the password managers that most impress us, we’ll explore why password security is critical for website owners, what to look for in a password manager, and some password best practices.
Want to go straight to the recommendations? No problem! Just click on one of the links below to skip ahead:
- Best Overall Password Manager
- Best Freemium or Free Password Manager
- Best Password Manager for Businesses
- Best for Additional Security Features
Why Password Security Matters for Website Owners
According to IBM’s Data Breach Report 2021, compromised login details are responsible for one out of every five data hacks and breaches. What’s more, it can take months to discover a hack and resolve it.
A hacked website can have devastating effects. In extreme cases, you may find you can no longer sign in to WordPress or your preferred Content Management System (CMS). Instead, you will have to log in to your DreamHost panel or cPanel manually and, from there, identify malicious files that need deleting. Sometimes, website owners find they have no option but to reinstall WordPress and rebuild their site — a time-consuming and expensive solution.
In most cases, however, hacking is harder to spot — and yet no less damaging. For example, hackers may redirect visitors from your page to spam sites, harvest visitor information and credit card data, rewrite your website content, mine cryptocurrency, and much more.
Since these hacks aren’t always easy for website owners to discover, they can be live for months. In that time, they can cause reputational damage, expose sensitive data that could then lead to identity theft and liability, and cause long-term damage to your SEO work. Plus, of course, you’ll miss out on potential sales, conversions, and ad revenue during that time because of your website’s reduced quality.
Many website owners assume that they won’t be targeted by hackers, especially if they’re a small business owner or have limited web traffic. Yet a 2019 Verizon report found that small businesses were the victims of over 40% of data breaches. Entrepreneur calculates that this adds up to over 150,000 small businesses in the US alone.
For many hackers, smaller websites are low-hanging fruit. They are often easier to hack because the website security isn’t as rigorously set up. There’s also rarely a full-time web developer on the team who can spot and fix issues quickly. In other words: no matter how small or big your website is, you are at risk of being hacked.
Fortunately, improving password security is a quick and easy way to better protect your website.
Hacked Site? We'll Fix It Fast
With our Hacked Site Repair service, we'll remove any malicious code and restore your website so it's back up and running fast.
Important Features to Look for in a Password Manager
A password manager will help you use a different secure password for everywhere you log in, from your website to online banking.
Most people reuse the same weak password for everything because of the difficulty of remembering multiple passwords. It’s not hard to understand why: The average person has a whopping 100 passwords to remember.
That’s where a password manager comes into play. It’s an app that will generate and store passwords and usernames for you. The only one you actually need to remember (or write down in a secure place) is the one that unlocks your password manager.
100 secure passwords? That’s a tall order. Just one, however? It’s doable.
That said, not all password managers are made equal. Make sure your password manager has the following features.
End-to-End Encryption
End-to-end encryption is the most secure type of encryption available, and in a password manager, it’s non-negotiable.
When your passwords are encrypted, they are converted into code. So in order to discover your passwords, a hacker would first need to get access to them, and then they would need to decipher the code. Without the key, that second step is almost impossible to do.
Conversely, any time your passwords are unencrypted, they are vulnerable to hackers. Traditionally, data was encrypted in transit. This meant that you and any recipients could view the uncoded data, but it was also unencrypted (read: vulnerable) at the server where it was stored.
In contrast, with end-to-end encryption, your passwords remain encrypted even when they’re stored on a server. Not even the staff working at the password manager can discover the unencrypted versions.
The only times your passwords are unencrypted and vulnerable are when you access them yourself or choose to share them with another person (which, ideally, you will do via the app’s password sharing feature for extra security). This makes end-to-end encryption the gold standard for security.
Multi-Factor Authentication
Although end-to-end encryption will protect your passwords from server attacks, it won’t stop the most traditional of hacks: someone discovering your login details for the password manager or simply stealing the cell phone the app is stored on.
That’s where multi-factor authentication (MFA) will protect you. With MFA, you need not only your username and password but also additional identification to log in. Some common MFA identifiers include:
- A one-time password (OTP): a unique code that’s typically sent via SMS or viewable on an authenticator app
- Your fingerprint or other biometric authentication
- Security questions
Selecting a password manager with MFA — and making sure you enable it! — will help keep your website secure. Don’t forget you can also set up MFA for your website for an extra level of protection.
Role-Based Permissions
Chances are multiple people have access to the back end of your website, where you upload content, install plugins, and customize the code and theme.
To ensure website security, people should only be able to access the areas they need to fulfill their role. For example, you don’t want the marketing intern to be able to edit your website code because they could accidentally delete your whole bookings system or take the online store offline.
With role-based permissions, this is easy to manage. You can simply assign roles to every user and then set it so that passwords are only shared with people who hold certain roles.
Dark Web Monitoring System
Sometimes, no matter how careful you are, login credentials will get hacked. Perhaps someone at your company uses the same login for the website they do their online shopping or social media. Maybe someone emailed login info to a new team member, and then their email got hacked.
Password managers with dark web monitoring systems will alert you if any of your passwords appear in a data breach. While you can manually check this on the Have I Been Pwned database, a built-in dark web monitoring system will let you know as soon as the breach is discovered online.
Dark web monitoring systems are an increasingly common feature in password managers, although some big-name brands still don’t offer it, such as RoboForm and Sticky Password.
Protect Your Website with DreamShield
For just $3/month, our premium security add-on scans your site weekly to ensure it is free of malicious code.
4 Best Password Managers in 2021
With numerous password manager apps on the market and at a wide range of prices, it can be hard to choose between them.
Don’t worry: We’ve compared the major brands to select our top four based on security features, compatibility, ease of use, additional features, and pricing. No matter your budget or requirements, we’re sure one of these will suit you.
1. Best Overall Password Manager: 1Password
1Password stands out not only for its excellent features but also for its ease of use. Everything is intuitive and beginner-friendly, with clear explanations.
It looks slightly slicker on Mac and iOS than on Windows and Android, but what most impressed us was its compatibility with different browsers, operating systems, and apps. Combine this with unlimited devices and password autofill features, and you should find that filling in forms and passwords is quicker than ever.
The only downside to 1Password is that there isn’t a free version. However, there are often discounts available for new subscribers.
Features:
- Unlimited devices
- Two-factor authentication
- End-to-end AES-256 encryption
- Apps for Mac, iOS, Windows, Android, Linux, and Chrome OS
- Browser extensions for most popular browsers
- Unlimited password storage
- Role-based permissions (business accounts only)
- 1Password Watchtower, a dark web monitoring system
- Digital wallet
- Guest accounts (business and teams accounts only)
- Password autofill
- Password sharing via password vaults
- Travel Mode, a temporary delete feature for sensitive information when you travel internationally
Price: $36 per year for a personal account, or $60 for a family of up to five people. Business accounts start at $96 per user per year, but you can sign 10 users up for $240 a year with a Teams Starter Pack. Each account comes with a 14-day free trial.
2. Best Freemium or Free Password Manager: Bitwarden
Using a free password manager means compromising on some functions, but the open-source app Bitwarden includes an impressive array of features for free.
Should you decide you want additional functions, the premium version is also affordable. It comes in at just $10 a year for a personal account, while premium business accounts start at $36 per user per year.
Bitwarden isn’t as beginner-friendly as some of the other options on our list, but you will find some great tutorials on YouTube. And once you’ve got the hang of it, there’s plenty to like about this cheap-and-cheerful password manager. If you don’t want to pay for a premium password manager, Bitwarden is an excellent choice.
Features:
- Secure password generator
- Two-factor authentication
- Enhanced two-factor login (premium feature)
- End-to-end encryption
- Unlimited devices
- Browser, mobile, and desktop apps
- Secure text sharing
- Secure file sharing (premium feature)
- Multiple users (max. 2 with a free account)
- Can also store credit card information
Price: Free for up to two users. $10 a year for a premium personal account, $40 for a family account of up to six people, and $36–$60 per user for a premium business account.
3. Best Password Manager for Businesses: Dashlane
For personal use, we prefer 1Password and Bitwarden. Bitwarden’s free version offers significantly more features than Dashlane’s, the most important being multiple devices. Meanwhile, 1Password is both more affordable and left us slightly more impressed overall.
For businesses, however, Dashlane is worth considering. The Admin Console is user-friendly and great for managing larger teams. Meanwhile, the dark web monitoring system is widely praised by users for how many compromised passwords it finds.
Features:
- Limited free version (one device, maximum of 50 passwords)
- End-to-end encryption
- Two-factor authentication
- Unlimited devices (premium, family, and business accounts only)
- Compatible with Windows, Mac, Android, iPhone, and iPad
- Dark web monitoring system
- Single sign-on (SSO) authentication for ease of use
- Form and payment autofill
- Role-based permissions (business accounts only)
- Free VPN (premium, family, and business accounts only)
Price: Freemium. Premium personal plans range from $36 to $60 a year, family plans are $90 a year for up to six users, and business plans start from $60 per user per year.
4. Best for Additional Security Features: Keeper
For most users, 1Password or Dashlane’s password management features will be sufficient. If you’re looking for something with additional security features, however, Keeper might suit you better.
Its KeeperChat secure messaging app, for example, means that all messages are stored in a secure vault. Unlike WhatsApp or Slack, any photos or videos sent to someone’s mobile device won’t be downloaded to the phone’s main image folder, where they can easily be viewed by other people.
However, there are some downsides to Keeper’s high security levels. For example, you can’t bulk change passwords, and Keeper won’t automatically update your passwords either.
There is a free version of Keeper, but it can be hard to find via the website. We found it easier to search Google for “Keeper free account.” Bear in mind that the free version doesn’t include the desktop app or a web browser extension.
Features:
- Free version (limited to one mobile device)
- End-to-end encryption
- Two-factor authentication
- Unlimited passwords
- Unlimited devices
- Digital wallet with unlimited payments
- Android, Mac, PC, and iOS apps
- Autofill feature for forms
- Secure file storage
- KeeperChat secure messaging app
- BreachWatch dark web monitoring system
- Deleted password recuperation via the Trash Bin
- Keeper Concierge 24-hour support and training
- Single sign-on authentication (Enterprise accounts only)
Price: Keeper Unlimited is $34.99 a year, $74.99 a year for family accounts with a maximum of five users, and $45 per user per year for business accounts. The Plus Bundle is $58.47 a year for a personal account or $103.48 a year for family accounts. In addition, students get 50% off.
Password Best Practices
With your password manager, you’ll never need to manually create a password again — with one very important exception. To log in to your password manager, you’ll need to provide a password. This is called a master password.
To keep that master password secure, follow these best practices:
- Create a strong password. We’ve already written about 11 ways to create solid passwords, but here’s a quick recap: don’t reuse it or use common phrases. Make it at least 8-16 characters long. Complex passwords are best, so include numbers and symbols. Consider using a string of seven (or more) random words from the dictionary. And avoid anything that’s meaningful to you.
- Don’t share it with anybody. You might trust them, but do you trust the messaging app you’re using?
- Use multiple-factor authentication. This way, even if someone does hack your password, they still won’t be able to access your password manager.
- Don’t save it in your browser or in a computer file. If you need to record it somewhere, you’re better off writing it down than saving it in a digital format. Just don’t be like the British Ministry of Defence and publish photos with your password in the background. Instead, keep it somewhere safe, secure, and not immediately visible.
- Don’t lose or forget it. This might sound obvious, but it’s surprisingly easy to do, especially if your phone normally lets you use your fingerprint instead. Unfortunately, most password managers won’t let you recover a lost master password, so forgetting it means losing access to every single one of your passwords.
You’re Cordially Invited
Join DreamHost’s Facebook group to connect with like-minded website owners and get advice from peers and experts alike!
Protect Your Website from Being Hacked
Being hacked is a nightmare situation for any website owner. Nobody wants to discover hackers have installed malware or SEO spam on their site or, perhaps even worse, that they can no longer access the back end.
Although our Hacked Site Repair Service will get your site back to normal in just one to two days, prevention is far better than cure. That’s why security is key for websites of all sizes.
Fortunately, some website security upgrades are easier than others — like using strong passwords. A password manager will make using strong passwords much easier, which in turn will help you protect your website (and all your other accounts) from being hacked.
The post Best Password Managers for Website Owners to Use in 2021 appeared first on Website Guides, Tips & Knowledge.
source https://www.dreamhost.com/blog/best-password-managers-for-website-owners/
No comments:
Post a Comment