Password managers have become almost essential to manage the most used authentication method in Internet applications and services. While waiting for the industry to usher in a new “password-free” era, the use of specialized software that does the job for us is highly recommended.
As one of last year’s cybersecurity summaries we said that ‘The most used passwords in 2023 were perfect… for cybercriminals’. And passwords are an insecure method if they are not handled correctly , as these types of lists have confirmed. And to this we must add those that – even though they are safe – are exposed in the massive violation of Internet services.
free and open source password managers
In addition to being intrinsically insecure, passwords are obnoxious in terms of usability , frustrating when it comes to remembering hundreds of them to manage the immense number of web pages, services, applications and computers where we have to authenticate. The point is that they remain essential until other methods (such as access codes or biometric identification) free us from them.
Until then, password managers are a good support, since they automate their generation and management process, reducing human errors to a minimum, since the passwords created are highly secure, meeting standard standards in size, complexity and diversity.
They also help against phishing attacks by immediately identifying characters from other alphabets. They usually work on multiple platforms and can work in offline and online modes. Of course, they save time on authentication and perhaps most importantly: the user only needs to remember one master password and the manager will take care of everything else.
Free and open source password managers
The best-known options for password managers are commercial applications that, in addition to charging for their services, require that you place enough trust in them to give them the keys to your digital home. The big advantage of open source administrators is the ability to audit the software and especially keep the credentials under your control , installing and self-hosting the necessary code on your own machine. We remind you of the most interesting ones that you can use, all of them free.
KeePass
It’s the granddaddy of open source password managers and has been around since the days of Windows XP. KeePass stores passwords in an encrypted database that you can access using a password or digital key. You can import and export passwords in a wide variety of formats.
A growing number of plugins and variations have emerged over the years, such as KeeWeb and KeePassX. Although it is a Windows application, KeePassX is a cross-platform version intended to provide a more Linux-friendly version and even enthusiasts can run the application on mobiles such as the Purism Librem 5. As for KeeWeb , it is a web application that can run in any browser.
Bitwarden
Especially intended for LastPass users looking for a more transparent alternative, it works as a web service that you can access from any desktop browser, while for Android and iOS it has their respective mobile apps. Bitwarden can share passwords and has secure access with multi-factor authentication and audit logs.
Intended for both users and companies, it offers an API so that they can integrate their tools within the organization. Therefore it can be run on servers, in browsers, on desktop PCs or on mobile phones. The source code is available for all these versions under the GNU license (GPL 3.0). Something that we will all like is that passwords are saved on the company’s servers.
Passport shop
A self-hosted password manager designed specifically for work teams. Integrates with online collaboration tools such as browsers, email or chat clients. You can self-host Passbolt on your own servers to maintain complete control of the data, although teams without experience or infrastructure can use a cloud version that hosts it on company servers.
Psono
Psono is another option for teams looking for open source enterprise password management software. This is a self-hosted solution that offers an attractive web-based client written in Python, with source code available under the Apache 2.0 license.
In addition to sharing passwords, you can also manage files or folders. Browser extensions are available for Mozilla Firefox and Google Chrome. Psono is free for small teams and larger companies will have to pay based on the number of users.
Teampass
A team-oriented manager with an offline base mode that we like, where you export your items to an encrypted file that can be used in locations without an internet connection. Teampass isn’t the prettiest app in the world, but the design is tremendous and you can quickly define roles, user privileges, and folder access. It is licensed under the GPL 3.0.
What if I don’t want to use password managers?
In this case you will have to manage them yourself, keeping the basic rules for creating and using secure passwords , which are repeated in any cybersecurity manual:
- Do not use typical words or common numbers.
- Combine upper and lower case.
- Combine numbers with letters.
- Add special characters.
- Lengthen the term with the greatest number of digits.
- Do not use the same password on all sites.
- Especially, use specific passwords for banking and online shopping sites.
- And if applicable, also vary the username.
- Keep the password safe from any third party.
- Never reveal your password in supposedly official requests from emails or messages from messaging services (these are usually phishing attacks).
- Reinforce the use of passwords with other supported systems, especially double authentication (2FA) or biometric systems, fingerprint sensors or facial recognition.
Finally, we would like to highlight another good alternative, the password managers that all web browsers include and that have the same objective as native applications: securely save your passwords and help you start sessions faster without having to remember or reuse them.