Security features
Most important of all – are they secure?
The biggest drawback of trusting all your passwords to a single program is glaringly obvious: should the password software ever be compromised, all of your login credentials, be it for your account on social media websites or your bank details, will be laid bare.
Both bitwarden and Encryptr store your passwords in an encrypted database on the cloud. Neither of these tools transmit unencrypted data to and from the server. Instead, encryption/ decryption is done on your local machine, and only the data itself is stored on a remote server. Bitwarden makes use of Microsoft Azure servers to host its data, but you can also use Docker to roll your own instance of bitwarden if you don’t trust hosting the data on someone else’s cloud in who knows what juristriction. With bitwarden, you can also set up twofactor authentication as an added protection, along with a master password to ensure data safety.
Unlike other online services, Encryptr and bitwarden do not provide any mechanism to recover the master password. As with the desktop tools, if you forget the master password, you will be unable to access the data stored using these tools, which sounds bad but in a way boost security as it means there’s no additional way for someone to obtain this via a faulty recovery process or hacking.
Apart from offering a master password facility, LazLock also uses 128-bit AES encryption to secure the vault that contains all your passwords.
In addition to a master password, KeePassXC gives you the choice of 256 AES or Twofish algorithms to encrypt the database. In stark contrast to the other tools on our list, KeePassXC also lets you use a keyfile in addition to, or in place of, a master password to secure your database. The keyfile and database are all stored on the local machine, so it’s best if you don’t keep them in the same directory.
PasswordGorilla also uses the Twofish algorithm to safeguard the database, but also uses the SHA256 algorithm to protect the master password. The tool also employs key stretching to prevent brute force attempts against the master password. This technique works by increasing the time it takes to test each possible key, and thus makes brute force attacks far less likely to succeed.
With the exception of LazLock, all the tools also automatically lock the database after a specified period of inactivity – this helps reduce the chance that someone could access the database, should you leave your system open to access – although you have to configure bitwarden to do so.