I will say straight away that personally I use an offline password manager and have done for the past 12 months but have used online password managers for the past few years prior to that. This article is simply my opinion and comparison based on experience of using both types of password managers.
Let’s start with a brief description of what a password manager actually is. A password manager is a piece of software designed to help you store and organise your passwords for online accounts. The passwords or data is usually encrypted and then stored and protected by a master password (which gives you access to the decrypted versions of your passwords)
There are a few different types of password managers but essentially you have online and offline password managers.
Online Password Managers
Online password managers are generally web based and accessed through your browser or an app on your mobile device. Your passwords are encrypted using strong encryption and stored in the cloud in databases.
- With online passwords manager’s convenience is the key benefit. Your data can be synced across all your devices whenever there is an internet connection meaning you can login from any device.
- There is no need for additional software as it tends to be web based meaning it is easily accessible.
- Low price. These services tend to be offered at quite a low price and can be obtained for as little as £1 per month.
- Unfortunately, its key pro is also it major con. In return for convenience you may be sacrificing some security. After all you are asking a third party to protect your passwords online for you and if we have learnt anything recently the cloud/online is not always the best place to store data (even encrypted) While browser integration, password capture features, automatic password changes are all convenient little features they are yet another area that could potentially be compromised.
- You need to have a high level of trust in the company storing your data that it won’t be shared with any third party. Again, this comes down to you not been in total control of the data no matter how much you are told its accessible only to you.
Just because I now use an offline password manager does not mean I think online password managers are bad. Far from it, I have used cloud based password managers in the past, in fact I have used more than one over the years and some of them have been great. A lot of hard work goes into them adding features and tools and they do what they are supposed to. Also the customer support at some of these companies when I have needed it has been second to none but there is a big BUT…
I personally never felt comfortable storing my passwords on the cloud. It almost feels like the data is out of my control. Especially in a time when it seems every day there is a data breach of some kind exposing user data to the highest bidder.
I do know that my data was encrypted on these services but it still did not sit well with me that this database of all my passwords is sat on a computer somewhere in the world 24 hours a day 365 days a year with a third party. There were also reports of a potential breach at one of the larger online password managers that forced me to consider alternative ways to store my passwords.
Offline Password Manager
An offline password manager is a piece of software that stores your encrypted passwords offline. These can be accessible via a browser (accessing a locally stored database) or could be completely offline and accessed through an external device like a USB stick.
- Your data is stored offline. This could be on your computer locally or could be stored on removable storage like a USB drive for portability and increased security (its only available when you plug it in)
- You are the one in control of your data. A good offline password manager will be independent and not need to “call home” or connect to the internet etc. giving you confidence that you control the flow of the data.
- Inability to sync over devices. Although using a USB device does make an offline manager portable you will have problems syncing with your mobile devices.
- Some offline password managers lack certain features (some intentional to improve security) such as browser integration. You are also responsible for your own data backups should your computer crash or device become damaged (most managers have a way to back up your database) as there is no third party backing up your database for you.
While I completely understand the convenience of online password managers for me I prefer an offline password manager any day. I am the one in control of my data and I am in control of where it is stored.
With an offline password manager like My Login Vault it is supplied on a USB device which not only gives me improved security it gives me portability ensuring I can use it when I am at home or when I am at work. Yes it does mean I can’t use it on my mobile but to be honest I don’t need to.
With My Login Vault the ease of use is also a big plus. I want my password manager to store my passwords, I want to be able to organise them and access them quickly keeping them as secure as possible
As with anything we all have different opinions and neither an online password manager or an offline password manager is EVER going to be 100% secure no matter what is claimed, although either is a big improvement on writing passwords down!
To me if you want convenience, more features or the ability to access and sync across mobile devices then an online password manager may suit you. If you are prepared to sacrifice some of that convenience for increased security and knowledge that you are the one in control of your data, then an offline password manager may be for you.
Whether you decided to use an online or offline password manager there are a few tips that serve well across both.
- Your master password should be the strongest password you have. It is the single biggest thing you can do to protect you accounts. Make it long. Make it random. Make it complex. After all your master password is the guardian to ALL your passwords on both online and offline password managers. If you give this password out or make this password weak and easy to guess all your passwords will be compromised
- Always use complex and random passwords for each account you have. Password reuse is a major cause of concern whether you use a password manager or not.
- Don’t share it. It sounds silly but you would be surprised at how many people give out their passwords easily. Your passwords should be treated like your pin number for your bank – PRIVATE
- Have a look at our password tips post for tips on keeping your password strong