Updated: 04-03-21

Everything You Need To Know About Password Management

Agnes Talalaev
from patchstack

In this article, we will explain the importance of password management tools, password security, what are strong passwords, and also give some insights about the statistics in the world of passwords.

Did you know that more than 23 million people use the password '123456'. ?

It's probably no surprise that people use bad passwords. A recent study of publicly-available "hacked" accounts reveals '123456' was the top used password, followed by "the much more secure" '123456789' and "hard-to-guess" 'qwerty'.

The study says that there are more than half a million cases where soccer (or football) fans use the club names "Liverpool" or "Chelsea" as their passwords. 

password management

For musicians, Metallica gets beaten down by 50cent. So if you know the person well, you may even guess the password a person is using.

The most common fictional names used as passwords were "superman" (333,139 users), "naruto" (242,749), "tigger" (237,290), "pokemon" (226,947), and "batman" (203,116).

The top ten most frequently used passwords?

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 111111
  6. 12345678
  7. abc123
  8. 1234567
  9. password1
  10. 12345

If yours is on the list, we'd suggest going and installing a password management tool right now to start using password manager-generated passwords to make sure they are unique.

Why use a password management tool?

Well, the truth is - nobody likes passwords and nobody likes to generate new passwords. That’s the reason why you should use password management tools to manage passwords. Life just makes so much more sense after starting to use one.

Password management tools are good for several reasons:

Firstly – you won’t remember every password you have. A very bad practice is to use one password in more than one account. To use a password is bad anyways – but we’ll go there later.

With password management tools you can easily access all your passwords from one place with one master key.

Secondly – use passphrases or generate a random key with your password management program.

Thirdly – the master key. Instead of using a password, use a passphrase, which is much longer in length. Use some numbers and upper and lowercase letters. And to make it clear – by passphrase you should consider generating a short sentence, but make sure, it’s something you’ll remember.

We use LastPass and KeePass in our team – check them out. KeePass is a bit geekier, but LastPass is widely used and has good UI, and is a multi-user password manager. Other options are Dashlane and 1Password. It’s your choice.

How to choose a password management tool?

It’s important that all your passwords are unique. A good password manager will randomly generate your passwords for you, and store them safely. It doesn’t matter what password manager you use, as long as you use one.

We use LastPass and KeePass in our team – check them out. KeePass is a bit geekier, but LastPass is widely used and has good UI, and is a multi-user password manager. Other options are Dashlane and 1Password. It’s your choice.


With LastPass, it's super easy to save passwords while minding your business on a daily basis. As they say - just remember your master password and LastPass remembers the rest.

password management
Screenshot from lastpass.com

The advantage here is that any time you log into a new account you can automatically one-click add the new password to your LastPass account and it will stay there whenever you need to use it on the account you save it to.

With LastPass, it's easy because you can simply just install the LastPass extension in your browser for saving and accessing your passwords.

Screenshot from lastpass.com

LastPass isn’t open-source, but there is a free version that can be used. And there is a premium plan for a bit more than $3 per month if preferred.

The premium plan provides users with an option to store passwords, digital records, and other items that need to be digitally secured. Also, LastPass allows users to grant family and friends access to their accounts if an emergency arises.

We don't want to leave out that LastPass has experienced three data breaches since it was founded. They have implemented strong encryption and salted hashes to ensure complete security in the cloud which eliminates the need to store files locally.

But on the other hand, their password management system works within the browser as an extension for most users, which makes their data a high-priority target. LastPass is easy to use and convenient, but the convenience comes with a slightly reduced level of privacy.

Want to know more about LastPass - take a look here.

KeePass (open-source)

KeePass is a free open-source password manager, which helps you to manage your passwords. You can put all your passwords in one database, which is locked with one master key or a key file.

KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm to encrypt its password databases. Both of these ciphers are regarded as being very secure. AES e.g. became effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information.

password management
Picture from keepass.info

With KeePass, the complete database is encrypted, not only the password fields. So, your user names, notes, etc. are encrypted, too.

SHA-256 is used to hash the master key components. SHA-256 is a 256-bit cryptographically secure one-way hash function. No attacks are known yet against SHA-256. The output is transformed using a key derivation function.

Sounds impressive, isn't it? But there's more - KeePass as being an open-source password management tool is free and you have full control over your information.

password management
Picture from keepass.info

KeePass is a localized solution that is stored in database form. Although it requires syncing to keep the file up-to-date, the information is kept separately from the various access points someone may try to access your data.

Even if someone could access your KeePass file, they would need the master key to open the database to discover your other passwords. That creates a very secure solution.

Users would be required to keep backups of their database in secure locations, preferably offline, in case something happened to the primary file. (Source)

Want to know more about KeePass - take a look here.


Since we don't have any Dashlane users in our team we needed to go and find reviews to get the idea of what's up with Dashlane. We have heard a lot of good recommendations about Dashlane though.

First of all - it’s easy to use, secure, and provides a lot of value even on free plans. But what about the pros and cons - here's what we found:

Screenshot from cloudwards.net

From the get-go, Dashlane looks like a fairly typical password manager in terms of features. You have auto-fill, strong password generation, and apps for iOS and Android.

It distances itself from the competition by having one of the most well-rounded feature packages for security, however.

Every plan comes with real-time password monitoring, even the free one. From the moment you set your password in Dashlane, it will start tracking it for any security threat or breach and notify you immediately to change your password if it finds one.

password management

The pricing is slightly more expensive than others but it sits well within the range set by other password managers. The Premium plan is slightly higher than average but comes with enough features to justify the cost.


One password management tool that has also been widely used is 1Password. Great name indicating that you only need to remember one password when using the password management tools - the master key.

password management

As we read the reviews we saw that it said that 1Password is a nice password management tool out there thanks to its ease of use and excellent security. Its pricing plans are fitted more for families and small businesses rather than individual users.

One thing that caught our eye was that 1Password does not have a free plan and also there is no live support. But there is a 24/7 support forum which is also good - forums are a great way to get an insight about a product from other users.

password management

1Password has a lot of features starting from multi-device sync, auto-fill on mobile devices (not for Android users, unfortunately), lower plans get 1GB per user, and upgraded plans 5GB per user.

As for security, it uses industry-standard encryption for storing your passwords. Data is stored locally and the most interesting part of 1Password’s security model is the secret key. This 128-bit key is generated locally and never sent to 1Password. 

Like your master password, it’s individual to you and cannot be recovered in the event you lose it.

Bitwarden (open-source)

Another great password management tool that we missed from the initial post (fortunately Patchstack has awesome users, who reminded us) was Bitwarden which is 100% open-source software. And to top it all it has great UI as well.

The source code for Bitwarden is hosted on GitHub and everyone is free to review, audit, and contribute to the Bitwarden codebase.

Bitwarden is free and available for multiple popular platforms. Bitwarden has desktop apps for Linux, macOS, and Windows, mobile apps for Android and iOS, and browser extensions for just about all web browsers, including Vivaldi and Brave.

Bitwarden is free and available for multiple popular platforms. Bitwarden has desktop apps for Linux, macOS, and Windows, mobile apps for Android and iOS, and browser extensions for just about all web browsers, including Vivaldi and Brave.

password management

The core features of Bitwarden are free but if you need up to 1GB encrypted file storage, 2-factor authentication with YubiKey, FIDO U2F, & Duo and priority customer support you can choose the premium deal1GB encrypted file storage.

Bitwarden and like other we mentioned here, uses AES 256 bit encryption as well as PBKDF2 to secure your data.

password management

AES is a standard in cryptography and used by the US government and other government agencies around the world for protecting top-secret data. With proper implementation and a strong encryption key (your master password), AES is considered unbreakable.

PBKDF2 SHA-256 is used to derive the encryption key from your master password. This key is then salted and hashed. The default iteration count used with PBKDF2 is 100,001 iterations on the client (this client-side iteration count is configurable from your account settings), and then an additional 100,000 iterations when stored on our servers (for a total of 200,001 iterations by default).

Don't forget the two-factor authentication

Two-factor authentication (2FA), also called multiple-factor or multiple-step verification, is an authentication mechanism to double-check that your identity is legitimate.

It’s something that will keep your accounts even more secured and offer you an extra layer of protection, besides passwords. It’s hard for cybercriminals to get the second authentication factor. This will drastically reduce their chances to succeed.

2FA is a must-have for: 

  • Your work or personal email
  • Your cloud storage accounts (Google Drive, Dropbox)
  • Online banking
  • Social media accounts (Facebook, Twitter, LinkedIn)
  • Communication apps (Slack, Skype)
  • Online shopping (PayPal, Amazon)
  • And even for your password management apps
  • Your website

Here you can find some mobile apps that you can use for two-factor authentication: Google Authenticator (available for Android, iOS, Blackberry). Authy (for Android, iOS, but also available as a desktop app and browser extension). Microsoft Authenticator (Windows Phone 7).

The best time to start with password management is now!

The best time is now. Take the time - install the one you think will work for you the best and start using password management tools. This about your master key - make it long and something only you will remember.

PS! If you are already interested in passwords - you may also be in protecting your website. Take a look at the Patchstack platform where you will also have 2FA, vulnerability monitoring, web application firewall, security reports, and much more.

Share This Article
Related Articles
🎁 Take 2 min survey
NO Credit card required

Protect your WordPress sites against plugin, theme and core vulnerabilities