Web development

Items filtered by date: December 2020
Monday, 21 December 2020 22:22

Best password managers of 2020

Our password manager reviews are the result of over 40 hours of research on 140+ password manager companies from across the web. These reviews and our password manager guide help small businesses and startups find the best password manager for their business.


Dozens of password managers are available to help you manage passwords for your personal and business accounts. Every provider touts a variety of features and services, making it difficult to determine which one is the best fit for your needs. To make it easier to choose the right one, we evaluated password managers based on what’s most important.


Security is the most important criteria when choosing a password manager because you’ll be using the tool to store your account credentials. We looked for password managers with the highest level of encryption available, along with secure password generators and password reports to let you know if your passwords are too weak, have been reused on multiple sites or have been compromised. We also checked to see if each password manager works with biometric authentication, which adds an extra layer of security when logging in to your accounts.


Compatibility across a wide range of devices is important because many people use mobile devices and tablets to log in to their online accounts. We reviewed each password manager to determine if it’s compatible with the most common operating systems, browsers, and mobile platforms.


Storage capacity is critical if you have many online accounts, so we prioritized services with unlimited password management. With so many people signing up for email, streaming services, online banking and other online services, it’s easy for one person to have dozens of accounts to manage. A password manager with unlimited storage makes it possible to keep them all secure.


Extra features can make it even easier to manage passwords and share credentials with trusted family members or colleagues. We looked for password managers that offer password audit tools and password sharing.



1Password Logo
1Password offers individual and family accounts with 256-bit AES encryption to prevent unauthorized access to your accounts. The built-in password generator enables users to automatically create secure passwords, and the automatic form-filling function eliminates the need to fill in form fields manually.

1Password also offers biometric authentication, which enhances security by requiring a unique identifier before anyone can log in to your account. Another important security feature is the password report, which informs you if a password is weak or has been compromised. Individual and family accounts also include automatic syncing and password sharing.

Automatic syncing updates data changes across every device, ensuring that you always have access to your current passwords. Password sharing also makes it possible for trusted contacts to log in to shared accounts without seeing your credentials. Both versions work with unlimited devices and are compatible with multiple platforms, making it easy to manage passwords on a desktop computer, laptop, tablet, or smartphone.

Pros and Cons of 1Password

What Customers Are Saying
Users love that 1Password is dedicated to keeping their data safe. One user writes, “The attention to detail when it comes to 1Password’s security is incredible.” 1Password also receives praise for how easy it is to use. The interface is intuitive, and it’s easy to organize dozens of passwords.


Bitwarden Logo
Bitwarden offers a free version for personal use as well as team and enterprise accounts with additional options for business users. The free account can be used on two devices at a time, and the team and enterprise accounts work on unlimited devices. Storage capacity also depends on whether you use the free version or a paid version; the free version stores up to 50 passwords while the paid versions have unlimited password storage.

To keep your data secure, Bitwarden uses 256-bit AES encryption and offers a secure password generator to help you generate strong passwords that are difficult for hackers to guess. Users also have access to a tool that identifies weak passwords. Additional features include device syncing, password sharing, and automatic form-filling. Bitwarden is compatible with multiple platforms and devices, including the Android and iOS mobile platforms, making it possible to manage passwords at home, in the office, or on the go.

Pros and Cons of Bitwarden

What Customers Are Saying
Bitwarden customers love how easy it is to manage passwords across multiple devices. One user reports that there are plugins for “Firefox, Chrome, Safari, Opera, Edge, Vivaldi and Tor Browser,” while another comments that creating secure passwords is “easily accomplished” with Bitwarden. Users also appreciate the clean, uncluttered interface.


Dashlane Logo
Dashlane offers free and paid accounts with a wide range of features. The free account works with one device and stores up to 50 passwords, but the paid options offer unlimited password storage on an unlimited number of devices. Dashlane protects user data with 256-bit AES encryption, which is the industry standard for preventing unauthorized access to online accounts. It also includes a secure password generator to help users create strong passwords that are difficult for hackers to guess.

This password manager also has a tool that conducts password audits and lets you know if your passwords are vulnerable to brute-force attacks. Users can also use the password tool to determine if their passwords have been reused. Dashlane also offers data syncing across multiple devices, an automatic form-filling function and password sharing, which enables users to give trusted individuals access to their online accounts without revealing their usernames and passwords.

Pros and Cons of Dashlane

What Customers Are Saying
Dashlane is well-regarded for its intuitive user interface and premium features. One reviewer writes that Dashlane is “well-designed and well-executed,” making it easy to start managing passwords immediately. Dashlane has also been praised for offering additional security features, such as VPN protection and automatic scans of the Dark Web.


Enpass Logo
Enpass offers a free version as well as a paid subscription that costs just $0.50 per month. For $41, users can also upgrade to a lifetime subscription. The free account stores up to 25 passwords and works on one device, while the premium version stores unlimited passwords and works with an unlimited number of devices.

In terms of security, Enpass uses industry-standard 256-bit AES encryption to prevent unauthorized access to user credentials. Enpass also supports biometric authentication, has a secure password generator and offers a password audit tool that helps users create strong passwords that aren’t as vulnerable to hacking attempts as weak passwords are. For users who want to share accounts with friends and family members, Enpass offers password sharing, which makes it possible to allow other people to log in to streaming services and other online accounts without having access to the account credentials.

Pros and Cons of Enpass

What Customers Are Saying
Enpass receives high marks for security, with one user commenting that his favorite feature is that “my data is all stored securely and encrypted locally,” which means no one at Enpass ever sees your passwords. Users also praise Enpass for seamless syncing between desktop and mobile devices.


F-Secure Logo
F-Secure offers a single paid version priced at €29.90 per year for unlimited password storage. The password manager also works with a wide range of platforms and devices, including laptops, smartphones, and tablets. To protect user credentials against unauthorized access, F-Secure uses 256-bit AES encryption and supports the use of biometric authentication, which uses a unique identifier to verify a user’s identity before allowing access to any accounts. The built-in password report highlights potential security flaws, alerting users when their passwords aren’t strong enough to resist brute-force attacks by hackers.

F-Secure also offers automatic form-filling, which saves users time when they log in to websites and mobile applications. Additional features include a secure password generator and automatic syncing across multiple devices. F-Secure doesn’t offer password sharing, however. F-Secure works with the Mac, Windows and Linux operating systems, the iOS and Android mobile platforms and the Safari, Opera, Edge, Chrome, Firefox and Internet Explorer browsers.

Pros and Cons of F-Secure

What Customers Are Saying
F-Secure performed well in third-party tests, making users feel confident in its ability to keep their passwords secure. One reviewer commented that F-Secure performed well in antimalware tests and “includes special protection for banking sites…to foil man-in-the-middle and other attacks.” F-Secure also receives high praise for its parental controls.


Intuitive-Password Logo
Intuitive Password offers a free version and three paid plans: Express, Advanced and Pro. The cost of a paid plan ranges from AUD $2 to $7 per month for access to features such as syncing across multiple devices and unlimited password storage. The free version offers limited storage and only works with one device. Several security features protect user data from unauthorized access, including AES-256 encryption and a secure password generator that helps users choose strong passwords. Intuitive Password also supports biometric authentication for added security, reducing the risk of third-party access to account credentials.

Password sharing enables users to give account access to trusted contacts without revealing their usernames and passwords, making it easier to use shared streaming accounts, online banking services and other online resources. Intuitive Password also offers automatic form-filling, which reduces the amount of time spent typing usernames and passwords into online forms.

Pros and Cons of Intuitive Password

What Customers Are Saying
Users appreciate the high level of security offered by Intuitive Password. One user comments that Intuitive Password’s “robust options go beyond the basics” to protect user data. Users also claim that Intuitive Password offers more two-factor authentication options than many of its competitors, making it even more difficult for third parties to gain access.


Kaspersky-Password-Manager Logo
Kaspersky Password Manager offers a free version that offers unlimited password storage and works with a single device. The paid version, which costs $14 per year, also offers unlimited storage, but it works with an unlimited number of devices. AES-256 encryption protects user data by adding extra characters to online credentials, making it difficult for hackers to guess your password or crack it with an algorithm. Like many password managers, Kaspersky Password Manager is also compatible with biometric authentication for added security.

Kaspersky Password Manager allows premium users to sync across multiple devices, including tablets, smartphones and computers. This tool also works with a variety of browsers, including Chrome, Safari, Firefox, Opera, Edge and Internet Explorer. One potential drawback of Kaspersky Password Manager is that it doesn’t offer password sharing, which may cause users who want to share accounts to give out their usernames and passwords, making their data a little less secure.

Pros and Cons of Kaspersky Password Manager

What Customers Are Saying
Users often comment on the tool’s advanced security features, such as the ability to encrypt image files. Kaspersky also receives high marks for its visually appealing user interface. One reviewer praises Kaspersky for its “effective design, with a pleasing green, white, and gray color scheme and clearly outlined elements.”


KeePass Logo
KeePass is an open-source password manager that’s a little different from traditional password-management tools. They use the Advanced Encryption Standard (AES) and the Twofish algorithm to encrypt their password databases. These algorithms are highly secure — AES is even approved by the National Security Agency for top secret information.

KeePass also offers a secure password generator, a password report that alerts users when their passwords should be stronger and support biometric authentication. What sets KeePass apart from many of the other password managers on the market is that it’s free for life. Many free versions have limited features, but KeePass users have access to unlimited storage and can use the password manager on an unlimited number of devices. KeePass also makes it easy to import passwords from other sources, which can reduce the amount of time it takes to set up.

Pros and Cons of KeePass

What Customers Are Saying
Customers love KeePass for its strong commitment to security. The password manager has received several certifications from international authorities for its commitment to security. One reviewer says KeePass only stores “the minimum [amount of data] needed to make the site function,” giving users additional peace of mind.


KeePassXC Logo
Like KeePass, KeePassXC is an open-source password manager that offers a variety of features for free. This version of KeePass uses AES-256 encryption, which is the industry standard for protecting user accounts from unauthorized access. KeePassXC also offers unlimited password storage at no cost to users.

In addition to AES-256 encryption, KeePassXC has several features to enhance the security of a user’s accounts. One is support for biometric authentication, which requires the user to provide a fingerprint or other unique identifier to gain access to any credentials. Another is a secure password generator, which helps users avoid choosing weak passwords. KeePassXC also has a password report that points out potential problems with existing credentials.

Although KeePassXC doesn’t offer password sharing, it does include device syncing and automatic form-filling for the user’s convenience. KeePassXC works with Windows, Mac and the Chrome, Vivaldi, Chromium and Firefox browsers, but it’s not compatible with mobile platforms like iOS and Android.

Pros and Cons of KeePassXC

What Customers Are Saying
Users love that KeePassXC is an open-source solution to password management. One user raved, “If you want total control over your sensitive data, this is for you.” Customers also appreciate the option to sync data with Dropbox, flash drive and other tools, which isn’t offered by many other password managers.


Keeper offers a free version of its password manager as well as a paid version that costs $1.66 to $4.99 per month depending on the type of account selected. The free and paid versions work on an unlimited number of devices and have no limit on the number of passwords that can be stored. Keeper also has a number of standard security features, including 256-AES encryption, support for biometric authentication and a secure password generator that makes it easier to create strong passwords.

For users who want to share account access without giving out their usernames and passwords, Keeper also offers password sharing. When a password is shared with a trusted individual, that person can log in to the account without knowing the user’s credentials. Syncing across devices also ensures that users always have access to their current credentials. Keeper works with desktop and mobile platforms, giving users additional flexibility.

Pros and Cons of Keeper

What Customers Are Saying
Users rave about Keeper’s cross-platform compatibility, with one reviewer writing that Keeper “delivers an excellent experience across a ton of platforms and browsers.” Customers also appreciate Keeper’s secure password generator, which one reviewer claims can increase productivity by “cutting out the time and frustration of remembering or resetting passwords.”


LastPass Logo
LastPass has a free version that offers password storage on an unlimited number of devices. What makes LastPass stand out is that it has a package designed for families. This family account costs $4 per month and comes with six Premium licenses to make it easier for family members to share passwords.

LastPass also takes security seriously, offering 256-AES encryption, support for biometric authentication and a password audit tool to alert users if their passwords are weak. The secure password generator offers extra protection against unauthorized account access by making it easier for users to create strong passwords. LastPass also offers automatic form-filling and syncing across multiple devices to help users save time and avoid having to make manual updates when they switch from a computer to a mobile device. This password manager works with a variety of platforms and devices, including iOS and Android.

Pros and Cons of LastPass

What Customers Are Saying
Users appreciate the availability of a “feature-rich” free account that offers unlimited storage on a single device. LastPass also offers “many ways to trigger account recovery,” which makes it possible to access your account even if you forget your master password. Most password managers have no account recovery options.


LogMeOnce offers a free version and three premium versions: Pro, Ultimate and Family, which range in price from $2.50 per month to $4.99 per month. The free version offers unlimited password storage, but it only works on one device. Users who upgrade can use LogMeOnce with an unlimited number of devices. The Ultimate and Pro plans have similar features, but the Ultimate plan offers 10GB of encrypted storage compared to the 1GB of encrypted storage included with the Pro Plan.

LogMeOnce keeps user data secure with AES-256 encryption, a secure password generator and support for biometric authentication. This password manager also has an audit tool to help users determine if they need to make their passwords stronger. LogMeOnce works with the Mac, Windows and Linux operating systems, the Chrome, Firefox, Opera, Edge, Safari and Internet explorer browsers and the iOS and Android mobile platforms.

Pros and Cons of LogMeOnce

What Customers Are Saying
Customers love that LogMeOnce offers proprietary features that aren’t available with other password managers. One user even commented that LogMeOnce “has one of the most impressive lineups of features on the market.” Users also appreciate how easy it is to import passwords into LogMeOnce from other sources.


NordPass Logo
NordPass offers a free version and a premium version that costs $2.49 per month. Both versions offer unlimited password storage, but the free version works on one device, while the premium version works on up to six devices at a time. NordPass protects user data with a XChaCha20 algorithm, which makes it more difficult for hackers to use algorithms to decrypt usernames and passwords. This password manager also supports biometric authentication and offers a secure password generator to help users strengthen their credentials.

Many password managers aren’t compatible with Linux, but NordPass is, giving users more control over their online credentials. NordPass also offers password sharing and automatic syncing across multiple devices. Automatic syncing means that password changes are updated immediately, eliminating the need for users to make manual changes, while password sharing enables account owners to grant access to their online accounts without sharing their credentials.

Pros and Cons of NordPass

What Customers Are Saying
NordPass users love the tool’s easy-to-use interface, which has an intuitive design that makes it easy to start managing passwords, even for users with little technical experience. Customers have also commented on the affordability of the NordPass tool, with one reviewer commenting that it’s a “budget-friendly” solution for managing online credentials.


Password Boss offers three versions of its password-management tool: a free version with unlimited password storage on one device, a premium version that costs $2.50 per user per month and a family version that costs $4 per month. The family and premium versions both offer unlimited password storage across an unlimited number of devices.

This password manager works with MacOS, Linux, Windows, iOS, Android, Chrome, Firefox, Safari, Edge, Opera and Internet Explorer, making it possible for families or business users to use Password Boss without having to upgrade their devices or download different browsers. Password Boss uses 256-bit AES encryption to protect personal data, has a password audit tool to make users aware of flaws in their existing passwords and offers a secure password generator for added convenience. Automatic form-filling, device syncing and password sharing are also available with the free and paid versions of Password Boss.

Pros and Cons of Password Boss

What Customers Are Saying
Password Boss has a reputation for being easy to use and having an intuitive user interface, prompting one reviewer to state that the password manager is “extremely easy to use.” Password Boss also receives high ratings for reliability, with one user writing that “you can hardly find any flaws in the program.”


RememBear Logo
RememBear has a free version, which works with one device, and a premium version, which costs $3 per month and works with an unlimited number of devices. What makes RememBear a little different from other password managers is that animated bears appear when account owners use certain functions. RememBear also offers automatic form-filling and syncing across multiple devices.

This password manager uses AES-256 encryption to prevent unauthorized account access, helps users create strong passwords with a secure password generator and has an auditing tool that points out potential problems with users’ current credentials. The password auditor alerts users when they should change their passwords to make them stronger, enhancing online security. In terms of compatibility, RememBear works with many platforms and browsers, including the iOS and Android mobile operating systems. It’s important to note that RememBear doesn’t offer password sharing, even with a premium account.

Pros and Cons of RememBear

What Customers Are Saying
RememBear is known for its well-designed user interface, which prompted one reviewer to praise the “excellently designed UI and UX.” Users also love the animated bears that appear when it’s time to capture new passwords, sync updates across multiple devices and perform RememBear’s many built-in functions.


RoboForm Logo
RoboForm was one of the earliest password managers on the market. Since its early days as a form-filling tool, RoboForm has added many additional features, including unlimited password storage for both free and paid accounts, a secure password generator, password sharing and device syncing for premium accounts. Like many of its competitors, RoboForm uses AES-256 encryption to safeguard users’ personal data. It also offers a password audit tool to help users understand how they can improve their online security.

RoboForm has a free version, a premium individual version priced at $23.88 per year and a family version priced at $47.75 per year. The free version offers unlimited password storage on an unlimited number of devices, but it omits some of the features available with premium plans, such as device syncing, cloud backup, two-factor authentication and priority 24/7 support. RoboForm works with six browsers, three computer operating systems and two mobile platforms.

Pros and Cons of RoboForm

What Customers Are Saying
Customers love how easy it is to set up RoboForm and start using it immediately. One user writes, “I find it easy to set up and then let Robo do its job. It’s so nice not to fill in all the info.” Customers also report a positive experience with RoboForm’s audit tool.


SplashID offers a variety of features to keep data secure and make password management more convenient. This password manager has a security dashboard, which is similar to the password auditing tool offered by many of its competitors. The dashboard gives users feedback on the security of their stored credentials, highlighting weak passwords and other potential security issues. Two versions of SplashID are available: a free version that works with one device and a premium version that works with an unlimited number of devices at a price of $1.99 per month. Both versions offer unlimited password storage.

To keep user credentials secure, SplashID uses AES-256 encryption and gives users access to a secure password generator. It also offers device syncing for premium users, an automatic form-filling function and password sharing. The intuitive interface makes it easy to set up SplashID and start using it right away, even if a user has little technical knowledge.

Pros and Cons of SplashID

What Customers Are Saying
Customers praise SplashID for its strong security features, prompting one user to write, “All the credentials are encrypted and safe.” SplashID also has a strong reputation for having an elegant user interface that’s easy to use. Based on these features, SplashID has been called a “must-have productivity improvement tool.”


Sticky-Password Logo
Sticky Password offers free and paid accounts, all of which come with unlimited password storage. The premium version offers access to additional features, such as syncing across multiple devices, password sharing and automatic backups. What makes Sticky Password unique is that the company takes a percentage of the proceeds from every premium license sold and makes a donation to a nonprofit organization that helps manatees.

Sticky Password uses 256-bit AES encryption to protect user credentials against hackers. Users also have access to biometric authentication, a secure password generator and a password report to assess the strength of each password. Sticky Password works with Windows, Linux and MacOS; 16 browsers, including Internet Explorer and Opera, and the iOS and Android mobile platforms.

Pros and Cons of Sticky Password

What Customers Are Saying
Users love Sticky Password’s security features and password-sharing capabilities. One reviewer explains that password sharing, biometric authentication, and other features make for a “liberating experience.” Sticky Password is also well-regarded for offering the ability to sync data without using the cloud, which enhances security and gives users more control.


True-Key Logo
True Key has additional security features that set it apart from its closest competitors. Because True Key is offered by McAfee, it comes bundled with most of McAfee’s security suites, giving users an extra layer of protection when accessing websites and mobile applications. True Key also has several types of multifactor authentication to make it more difficult for hackers to access users’ accounts. In addition to these extra features, True Key offers the standard AES-256 encryption and supports biometric authentication.

The free version of True Key stores up to 15 passwords, while the premium version offers unlimited password storage at a cost of $19.99 per year. True Key also offers additional features, such as automatic form-filling, device syncing, and a secure password generator, but neither version comes with password sharing. For users who like to switch between desktop and mobile devices, True Key also works with a wide range of browsers and platforms, including Linux and Opera.

Pros and Cons of True Key

What Customers Are Saying
Customers love that True Key comes bundled with McAfee’s antivirus software and has “excellent MFA (multifactor authentication) options.” True Key has also been recognized for its easy-to-use interface and robust password audit tool, which enhances security by helping users create strong passwords that are less vulnerable to attacks.


Zoho-Vault Logo
Zoho Vault offers a robust free version as well as three paid versions. The Standard version costs just $0.09 per user per month, the Pro version costs $3.60 per month and the Enterprise version costs $6.30 per month. Standard accounts come with password sharing, the ability to set up user roles, a centralized panel and the ability to transfer passwords to new users. The Pro account includes everything in the Standard plan, along with the ability to manage user groups, view activity reports and share folders. Enterprise accounts can be integrated with Active Directory or business help desk software.

Zoho Vault provides access to a password report that gives users guidance for strengthening their credentials and making them less vulnerable to attacks. This password manager also uses AES-256 encryption, supports biometric authentication and offers a secure password generator to protect sensitive data against unauthorized access.

Pros and Cons of Zoho Vault

What Customers Are Saying
Zoho Vault is known for delivering excellent value at an affordable price. One user comments that Zoho Vault is “priced extremely competitively,” and another notes that it is an “excellent tool to manage credentials.” Customers also like that Zoho Vault makes it easy to organize passwords and create new password entries.


Password managers are tools used to store and manage your online credentials. A good password manager offers unlimited storage, making it possible to manage passwords for streaming services, shared productivity applications, online banking, records management, and many other types of accounts.

Password managers are especially helpful for small businesses, as they enable employees to use shared accounts without seeing the usernames and credentials. Business owners can rest a little easier knowing that an employee who leaves the company doesn’t have access to credentials that can be used to submit purchase orders or access financial documents.

A good password manager also enhances collaboration, especially among the employees in small businesses. Small firms may not have the funds available to purchase every employee a copy of an application or program. Password managers make it possible for multiple employees to use the same account, keeping costs as low as possible.

Weak passwords, such as passwords containing no special characters or passwords that are used for multiple sites, are easy to guess, making accounts with those passwords more susceptible to unauthorized access. Password managers make it possible to generate strong passwords that are difficult for others to guess, enhancing online security and keeping your data private.


Small business owners can benefit from using a password manager in the following ways:

  • Reduce your IT expenses. Data breaches tie up resources, prompting some business owners to hire additional IT staff. By keeping passwords secure, a password manager prevents unauthorized access to company accounts, freeing up your IT staff for other duties and eliminating the need to hire extra team members.
  • Increase employee productivity. If employees waste a few minutes each day trying to remember passwords or calling IT for help with password resets, that’s several hours per year that could be put to a better use. A password manager eliminates the need to remember passwords for multiple websites.
  • Give customers peace of mind. Business owners deal with confidential data every day. Customers want to know that firms are doing everything in their power to keep that data secure. If you use a customer relationship management system or similar type of software, a password manager can help protect against unauthorized access.
  • Enhance collaboration. Password managers make it possible for employees to log in to websites using the same credentials. This makes it easier for employees to access the data they need to write reports, prepare presentations and complete other tasks requiring collaboration.


When choosing a password manager, it’s important to look for four key features. The first is a high level of security, which relates to the level of encryption used to protect your data against unauthorized access. Many password managers use 256-bit AES encryption, making them effective for guarding against brute-force attacks, a type of attack that involves entering random passwords and hoping that one of them works.

The best password managers also use techniques known as salting and hashing to keep data secure. Hashing refers to scrambling of a password, while salting refers to adding extra data to the hashed password to make it even more difficult to guess. Device compatibility and unlimited storage are also important. Many people now use tablets and smartphones in addition to their desktop and laptop computers, creating a need to manage passwords across a wide range of devices. Unlimited storage is necessary because most people have dozens of passwords to store, for everything from online investing accounts to digital gaming accounts.

The final thing to look for in a password manager is the availability of added features. Great password managers offer special features like password sharing and password audit tools to make them even more useful.


Password managers are relatively affordable, especially considering that they do the important job of protecting your online accounts against unauthorized access. Many companies offer free accounts for individual use. These free accounts typically have limited features, but they can be useful if you just want to store a few passwords and don’t mind not having access to premium features. Free accounts may also limit the number of devices that can be logged in at the same time, so that’s something you’ll want to consider if you’re trying to balance costs with functionality.

Paid versions are available in a wide range of prices, from less than $0.10 per user per month all the way up to $199.99 for a lifetime subscription. Some companies offer monthly billing, while others require you to pay for one year of service up front. This is another important consideration when choosing a password manager. If you’re signing up for a personal account, you may want the flexibility of being able to pay a small amount each month rather than a lump sum once per year. For business owners, paying annually is usually more convenient, as it eliminates the need to pay an extra invoice every month.

Source: https://digital.com/password-managers/


Published in Web Applications
Monday, 21 December 2020 21:59

What is Cybersecurity?

What is Cybersecurity?

The security of your Information Technology (IT) network
from end-to-end is cybersecurity.
That’s it?
Yes, but how we do this can get very complicated.
To make this easier, let us take a look at the Confidentiality – Integrity – Availability concept.

    01 Confidentiality

    If you stored your critical, super private information on your IT network, but everyone could see that information, you would agree that your super private information wouldn’t be private very long. You need a way to protect your super private information, or what is called the Confidentiality of your information. Many times, we utilize encryption to protect the Confidentiality of our information on our IT networks.

    02 Integrity

    You have worked very hard and many hours to create a listing of the critical assets of your business. You save this information and return to the listing the next day and find that the information you saved has been changed by someone else. You would not be happy – correct? What changed? How did it change? It will take you more hours and a lot more hard work to figure out what changed. The Integrity, or the accuracy, of your listing has been affected and you are not happy.

    03 Availability

    Picture your IT network that cannot access the internet, cannot talk to anyone or any other computer. Not much good – right? If we eliminate Availability to communicate on the network, the network is almost worthless to us and our business. Having our network communicate to other computers and people is critical; therefore, Availability is super critical to us.
    In Cybersecurity, experts determine how to protect information on IT networks, how to ensure accuracy of the information, and how to provide continuous availability of that information to those who use the information.
  • What is Information Security?

    The world around us is full of information that we use, understand, and make decisions with. Most of us have paper around our homes and businesses. What kind of paper? Do you receive mail with your name, home address, and possibly other personal information inside? Did you print a document from your Information Technology (IT) network to a printer? If you have these paper documents, then you have information that is not electronically on your IT network.
    It’s important to understand that not all information that we use day-to-day resides on our IT networks. Remember, Cybersecurity protects the data that resides on our electronic, IT networks. Information Security protects all of our information – even that on our IT networks. Those paper documents are protected by Information Security.
    Let’s discuss ways that Information Security experts support overall security:
    a. Did you open a door, use a key, or meet a security guard when you went to work today? These are all forms of physical security, which is a link to overall Information Security.
    b. Have you seen or heard a fire truck responding to an emergency, maybe a fire? We use fire suppression systems and alerting devices to assist us in protecting ourselves and the information we have within our homes and businesses.
    c. Let’s discuss an area that all of you deal with, but most never considered Information Security - laws, business and corporate policies, industry standards and best practices. How are these information security? Senior leaders create these documents or practices to support our Information Security through reduction of the risk to our facilities, our data, and even our personal safety.
    The next time you go home or to work, take a look around. We live in a world of information – in our personal and professional lives. Those who would do us harm will use our information to obtain access to our world and cause confusion, frustration, and possibly, considerable personal and professional loss. Understanding Information Security through training adds tremendous value to you and your organization.
  • Information Security
    VIS-A-VIS Cybersecurity

    If you are asking, “What’s the difference, are they not the same?” The simple answer is "No".
    Information Security deals with understanding risks and how we protect our information. Cybersecurity deals with protecting our Information Technology (IT) networks and data within.
    Here are two approaches to see the difference between the two:
    You would agree that the computer at your home or business has a lot of information that you have created and stored within its storage devices – Correct?
    How do we protect this information?
    We will use Cybersecurity to protect the electronic data. That’s good, but how do you keep someone from gaining access to your computer and your electronic data? That’s a very good question.
    We will use Information Security to protect information within our home or business, provide user training, and ensure the right people have access to our IT networks. Information Security includes Cybersecurity since electronic information is still information.
    Still not convinced you understand? Let’s try another description:
    Let’s assume that your home or apartment has several rooms – the kitchen, the television room, the bedroom, and maybe a bath. These rooms serve a purpose within the home or apartment.
    Visualize that Information Security is your home or apartment – You have doors, keys, locks, possible alarm systems, and maybe a fire suppression system. You may even have a neighborhood security company that protects the outside of your home.
    Visualize that Cybersecurity is a room in your home or apartment (i.e. the Kitchen). This specialized room supports you by providing a special function within the home.
    You likely agree that if Cybersecurity is a room within the home, and the home is Information Security, then Cybersecurity is a part of Information Security. Information Security protects all information, while Cybersecurity protects the electronic information.
  • Types of Cybersecurity

    Cybersecurity is a diverse field that covers a wide range of security measures. A neat way to classify these measures is on the basis of what is it that is being secured. Let us take a look at the various categories below.

    Application Security

    We rely on computers and Information Technology (IT) networks to provide us everything from work, social networking, entertainment, and shopping to name a few. You likely know that many of these are provided through software programs (Amazon, Microsoft Office, Computer games) and hardware (laptops, smart phones, Bluetooth speakers). We use these everyday and those who might wish to harm us know that we depend on these.
    So how do we protect ourselves while we use these programs and devices?
    Have you heard of Norton or McAfee Antivirus software? Most likely you have as these are some of the biggest names in both antivirus and computer firewalls. Let’s discuss antivirus programs:
    When you get sick, what does the doctor do for you? Determine what is making you sick and possibly give you medicine? You understand the medicine will make you better. An antivirus program is similar to your doctor – it looks at the illness (virus) trying to infect your computer or IT network system and provides the medicine to prevent the virus from infecting your computer further.
    We stated that Norton and McAfee also provide computer firewalls – you ask, “What is a firewall?” I want you to think of a firewall as a large brick wall that attempts to prevent intruders from gaining access to your building. In a computer or IT network system, we use firewall applications to provide a barrier to those who wish to harm us. What kind of barrier? Not a physical barrier like a visible fence or wall, but an electronic barrier that prevents network intrusions.
    Remember in Cybersecurity, we stated we use encryption to protect our computers and IT networks. How does encryption programs provide that protection? Think of encryption as scrambling information to make it unreadable or extremely difficult to understand. Encryption programs protect our information on computers and IT networks by making that information very hard to read or understand.
  • Cloud Security

    It’s amazing that we utilize something called a ‘Cloud’ to support our computers and Information Technology (IT) networks. In fact, we have become extremely dependent upon it. We cannot, however, discuss Cloud Security until we understand what a Cloud is within our computer and IT networks. So, what is a Cloud?
    Just like real clouds in the sky, a computer or IT network cloud is an entity that ‘visibly’ exists in the IT world, but just like real clouds in the sky, you can’t say that there’s a one-size, fits all category for it. A computer or IT network cloud can change shape, size, and characteristics to match the environment desired by those who utilize them. Interesting! It has the ability to adapt and change within seconds to meet your needs – just like a real cloud in the sky can alter its shape based upon its environment.
    We use the cloud (like Amazon Web Services (AWS) or Microsoft Azure) to store and manage our vast array of information. If you have ever used Google Drive, Microsoft OneDrive, or Apple’s iCloud, then you have used the cloud to store your information or data. Cool, huh?
    Cloud Security protects our information in the cloud through applications that:
    1. Identify those who should have access to our information stored in the cloud
    2. Prevent unauthorized use of our information
    3. Protect our information through strong security measures
    The use of the cloud is critical to our everyday personal and professional lives and we rely on cloud security to secure and protect our information.
  • Infrastructure Security

    Every day we rely on critical infrastructure to support our lives – traffic lights,hospitals, electricity through the electrical grid. In fact, we cannot imagine a world that does not have these ‘modern’ conveniences.
    Some refer to days without electricity or running water as ‘the stone age.’ Critical infrastructure dates back to the Roman Empire and the aqueduct systems.
    Why is critical infrastructure a type of Cybersecurity?
    1. Although critical infrastructure dates back to the Roman Empire, the use of Information Technology (IT) to support and enhance critical infrastructure is much more recent – in the late 1900s. Much like the vulnerability of IT networks to possible attacks, our use of IT to support critical infrastructure makes them vulnerable to attacks.
    2. Can you imagine your electric company being attacked through the IT network? What could happen? You could lose your power – how do you like life without electricity? Not good, right? What about your water supply? If attackers stopped the flow of water to your home by shutting down the pumps, how do you take a shower or get a drink of water? You don’t.
    3. Infrastructure Security focuses on programs (software applications) and computer devices (hardware) to: a. Identify and detect events taking place in our IT networks that might affect our critical infrastructure systems, and protect those systems with electronic barriers against those who would do them harm.
    4. Infrastructure Security supports laws, regulations, and standards that enhance companies and governments ability to adopt methods of limiting the impacts to us if we are attacked:
    a. Backup generators and alternate work locations in the situation our environment becomes unusable (no water or electricity).
    b. Physical security around our critical infrastructure areas like water, electricity, hospitals, and food production.
  • Network Security

    Many businesses with even a small number of employees have an Information Technology (IT) network to support its operations.
    Can you imagine the cost of purchasing, installing, and maintaining many copies of Microsoft Office on every computer within your company?
    Many networks have a central repository of common, shared programs (Microsoft Office, Adobe) that allow rapid installation and maintenance.
    Networks also tie our individual IT equipment (computers, laptops, printers, scanners) together allowing quick, efficient deployment of programs and assets.
    Now that you know more about a network, it’s time to discuss Network Security. What is it? How does it work? How does it support our cybersecurity effort? All great questions –
    let’s answer them:
    Network Security seeks to protect our internal networks through prevention, detection, and correction of intrusions – I know your question, “What’s an ‘internal’ network?” Many experts state that the ‘External’ network is the Internet – that part of your business network which you don’t have direct control over. If the ‘External’ network is that portion of your business network you don’t have control over, then the ‘Internal’ network is that which you do have direct control over.
    Where’s that ‘Easy’ button!
    Network Security uses many types of software and hardware assets to support its function.
    a. Artificial Intelligence and Machine Learning-
    by harnessing the power and speed of the computer (yes, it’s much faster than a human), the network rapidly scans our networks to identify intrusions and bad situations (called anomalies).
    b. Vulnerability Management programs-
    scuba diving at night in the ocean – trust me, you feel vulnerable! Well, vulnerability management looks into our internal networks to identify those areas which might be susceptible or vulnerable to an intrusion.
    c. Intrusion Detection and Prevention Systems-
    software and hardware devices that constantly search and notify us of intrusions.
    Like a hand in a glove, Network Security is integral to cybersecurity with its focus on maintaining the security of our internal networks.
  • Internet of Things (IoT) Security

    It is amazing how every facet of our lives are being scrutinized and devices which have computer chips are being created and placed in most homes and businesses to make our lives easier, more connected. If you go to an appliance store, you will find ovens, refrigerators, dishwashers, and washer and dryers that utilize the power of the internet to allow you to control their actions from a smart device, or do activities more efficient. In a recent commercial, a man was in a grocery store and could not remember if he had milk – he logged into his refrigerator at home and used the internal camera to see if there was milk inside. Really? How about our home security systems, cameras, thermostats? Do you have Alexa in your home? “Hey Alexa, get me a soda from the smart refrigerator – I see I have one in there from the camera inside.” NOPE! Alexa can’t do that yet.
    What are we talking about? We know we have these devices in our homes, but what do cybersecurity experts call these devices – Internet of Things (IoT). As a society, we have become use to ‘things’ that utilize the internet to provide us information, entertainment, or assistance. These devices are not necessarily connected to our Information Technology (IT) networks. Some devices connect directly to your smart device using a different connection capability called ‘Bluetooth’. Bluetooth uses a wireless signal that is very short range to normally communicate between two devices (a smart phone and wireless headsets or a smart toy).
    Internet of Things (IoT) Security is focused on protecting our IT networks when IoT devices are connected. How much security do you believe is built into a $10 smart toy? Not much, if any. The problem with this $10 smart toy is that it could be vulnerable to an attack, and if it is connected to your IT network – well, guess what? You’ve been attacked by an intruder.
    So how do we protect ourselves if IoT devices are everywhere?
    1. Training – the more you know about the vulnerabilities of IoT devices, hopefully, the more you will be smart in how you use them.
    2. Limited use on our IT networks – Genius! So why don’t we simply not use them on our networks? Problem solved right? No. Remember, one of the major three components of cybersecurity is Availability. That’s right – people want their IoT devices.
    3. Increased protection on our IT networks specifically tailored to look for IoT device vulnerabilities. That’s easier said than done since we are constantly changing our IoT devices and how we use them.
  • Is Cybersecurity for..

    There are many who would like to get into Cybersecurity but find the market full of certifications and technical jargon. They search to find the right certification, the right training organization, and a way to gain the experience needed to pursue a career they desire. Let’s look at several questions and attempt to lift the veil of technical jargon and understand how to get into cybersecurity.
    How do I understand the importance of a certification?
    Certifications inform employers and cybersecurity experts that you have both the experience and knowledge that the certification covers. Certifications don’t replace experience – they complement experience prerequisites
    Working in a different career field or just finished school – how do I get into cybersecurity?
    1. First, congratulations on your career path to date – it takes dedication and perseverance to achieve what you have so far. Guess what? The perseverance you have displayed is what it takes to make a career change or pursue a life as a cybersecurity expert
    2. Cybersecurity has so many different paths – forensics, malware analysis, vulnerability management, incident response, etc. For certain, there are hundreds of titles for various positions. A good reference is the National Institute for Science and Technology (NIST) National Initiative for Cybersecurity Education (NICE) framework – it identifies those career fields that are fully recognized as the foundation of all other cybersecurity career areas
    3. Lastly, what interests you ? Seriously – what really intrigues you? If you like crime scene investigations and getting into the understanding of cybercrime and finding the ‘bad guy’, then Forensics may be your area. The primary key to getting into cybersecurity is finding what you really like to do and understand – promise, there’s a cybersecurity area that deals with what you enjoy. Why can we say that? Because Information Technology (IT) permeates everything we do – cybersecurity protects IT
    Are you saying there’s no correct answer? No, we’re saying there’s so many different answers that no answer fits all possibilities
    Here’s what you need to do:
    1. What interests you – not your friends, family, or significant others – just you! Give yourself a Top-3 list
    2. Look at NIST NICE references or other cybersecurity websites – which cybersecurity career fields match to each of your Top-3
    3. Research (Google, GreyCampus) these cybersecurity career fields – identify the requirements for your Top-3
    4. Don’t procrastinate – make a decision and pursue your dream! Cybersecurity is fun, rewarding, and challenging
  • CyberSecurity Certifications

    Path to Certification

    Where do I start?
    Most want to know the answer to that question – in fact, almost every cybersecurity expert in the industry today has asked that question more than once. Remember – you are not alone in wanting to know. In fact, you will likely search for this answer many times as you become more involved with cybersecurity. Understanding cybersecurity and the path that guides you to your career goal is circular – let’s explain.
    1. Where am I now?
    Your experience whether in technical or non-technical brings valuable insights into cybersecurity. Some of the best experts in the industry were musicians, artists, journalists – it’s not how technical you are, it’s how you pursue your goals
    2. What education and training do I need?
    a. Much of this depends on how you learn – are you a classroom-style learner? Visual learner? Virtual learner? Book learner? Practice-exam learner? So many different methods these days – what works best for you?
    b. Education is a formal program similar to college – typically longer in duration with a very structured format
    b. Training is a semi-formal program that supports shorter duration (a few days to few weeks) courses that are more focused than education
    • Certification programs are likely training-style
    3. If certifications, education, or training don’t replace experience – how do I get the experience?
    a. Some career fields have beginner or starter positions – help desk, entry-level analysts, technicians
    b. Each career field has different certification requirements – obtaining some certifications require little to no experience
    You never stop learning – even after you obtain the experience and certifications, you need to continuously support your understanding of the global cybersecurity environment. The world is changing – and so must you!
    Now, based on your target focus area and level of competence, let us discuss certain cornerstone certifications, both entry-level and advanced.
  • Entry-Level Certifications

    imageChoosing the right certification for your entry into cybersecurity is important, but don’t fear if you select one that is not perfect. Most cybersecurity experts have many certifications to represent many different focus areas. What we need to do is identify those certifications that cover a broad range of areas, allowing you to seek a career in an entry-level position and gain both the experience in cybersecurity, and knowledge of addition certifications to pursue over time. All of these certifications require little to no experience to get started.
    1. CompTIA is an organization that specializes in entry-level certifications, many are cybersecurity related
    a. A+, Network+, Server+ - these certifications provide you the initial understanding of IT systems. Many beginning IT and cybersecurity individuals take these certifications to certify that they understand the basics of an IT network
    b. Security+ - this is the first certification that most cybersecurity experts pursue. The Security + states that an individual has spent considerable time researching and studying cybersecurity and has gained a very good understanding of the basics and has some knowledge at the intermediate levels
    2. EC-Council is an organization that primarily focuses on vulnerability assessments and analysis
    Certified Ethical Hacker (CEH) – the CEH states that you have a basic understanding of penetration testing (looking at a computer network and finding the weak areas within). Many cybersecurity experts begin with this certification, especially if they seek to become a Security Control Assessor
    3. Cisco is an organization that has for decades supported the creation and implementation of IT networks, switches, and routers
    Cisco Certified Network Associate (CCNA) – provides valuable insights into the basics of how networks operate. Most signals that travel within a network need to be switched or routed to their destinations. Understanding how networks work is vital for a cybersecurity expert in devising how to protect the network
  • Advanced-Level Certifications

    You are already a cybersecurity practitioner and possibly an expert in several cybersecurity domains. Fantastic, we have both information and certifications that can support your continued growth within the industry. Most advanced-level cybersecurity certifications focus around specialization – seeking to understand specific areas at a greater depth than surface-level; however, there are a few broad certifications that are superb, advanced-level certifications to obtain. All of these certifications require experience to earn the certification or to become fully certified.
    1. CompTIA is an organization that specializes in entry-level certifications, but does have one that meets the intermediate/advanced-level
    CompTIA Advanced Security Practitioner (CASP+) – the CASP+ is a very technical-based certification that addresses your knowledge of Command Line Basics (Unix-based code), network operations, and advanced, cybersecurity support requirements
    2. ISACA is an organization that focuses on cybersecurity within a business; seeking to ensure understanding of how cybersecurity involves and is impacted by business decisions and senior management
    a. Certified Information Security Manager (CISM– addresses how cybersecurity strategy and operations mesh with business decisions – addresses the symbiotic relationship that must be nurtured
    b. Certified Information System Auditor (CISA) looks at cybersecurity from the perspective of an auditor, or as a business preparing for a cybersecurity audit. Cybersecurity audits are critical to our defense-in-depth and understanding of where our security gaps are
    3. (ISC)2 is an organization that has many of the global, Gold-Standard certifications for cybersecurity – both broad scope and focused; heralded as the prime certifications for most Federal and State governments, Military, and commercial entities
    a. Certified Information Systems Security Professional (CISSP) – the gold-standard, broadscoped, cybersecurity certification focusing on all eight of the recognized cybersecurity domains (or areas of knowledge)
    b. Certified Cloud Security Professional (CCSP) – the gold-standard, cloud-based certification focused on non-specific cloud environments, operations, and security
  • Career Options in Cybersecurity

    You’ve done your research on cybersecurity, looked at various cybersecurity certifications, and have decided that you are ready to embrace a career in cybersecurity. Fantastic, but it appears that you have a few more questions:
    1. Am I ready to make a move into cybersecurity? Do I need a college degree? Do I need to have a technical background?
    Great questions – let’s take a look at the answers:
    a. You’ve conducted hours of research on cybersecurity, certifications, and possible career opportunities within cybersecurity, and you are excited and motivated to get started – then it looks like cybersecurity might be a great choice for you
    b. No, you don’t need a college degree
    c. No, you don’t need a technical background – there are technical aspects to cybersecurity, but creativity and the ability to ‘think outside the box’ are extremely important traits or skills of a cybersecurity expert
    2. I’ve worked in a non-cyber, non-IT career field for many years – is it too late to change my career to cybersecurity?
    No, it’s never too late – we have cybersecurity experts who started their career in human resources, logistics, or project management, plus many others.
    3. Who should pursue a cybersecurity certification?
    Anyone who has an interest in cybersecurity – some certifications require experience, some do not. Review our information on Entry-Level and Intermediate/Advanced cybersecurity certifications – this will provide valuable information on certification organizations and the certifications that could support your desire to be in cybersecurity
    4. What jobs are available to a cybersecurity expert?
    There are far too many to name them all, but Cyber Defense Analyst, Information Assurance Analyst, Vulnerability Management Analyst, Security Engineer, Forensics, Malware Analyst, Penetration Tester, Security Controls Assessor – there are dozens of different titles and positions that are in high demand within the government, military, and commercial sectors
  • How to prepare for Cybersecurity?

    There are so many organizations promoting their cybersecurity training – which is best? You likely know the answer already – it depends. Not the answer you were looking for? We understand, so let’s discuss this question and why it depends:
    1. Are you an ‘in class, bootcamp-style’ learner?
    Many cybersecurity students need that face-to-face interaction with an instructor, especially an instructor who provides the information in a way that makes the material relevant to today, as well as an instructor who is dynamic – interacting with each student in a way that best meets all students requirements for learning
    2. Are you a ‘virtual’ learner?
    Some cybersecurity students want to learn in the comfort of their homes, or they are at work and cannot leave their desk for a week to attend an ‘in class’ course. The virtual environment allows interaction with an instructor either in a visual, audio, or both format. The virtual environment does limit the amount of interaction you have with the instructor, but many virtual platforms have superb methods of enhancing the interaction to provide that feedback to and from the instructor
    3. Do you only want the original certification organization (for the CISSP that would be (ISC)2) to present the course to you?
    In most situations this is a viable option, however, the cost for the course can be much higher than from a qualified organization presenting certification materials that provide similar quality materials
    4. Are you seeking the cybersecurity certification with the best value to you, and to your organization?
    There are many certification organizations that provide high quality certification courses that equal or sometimes exceed the original certification organization’s course. These certification organizations may enhance the learning experience with highly skilled instructors, labs, webinars, workshops, course study materials, and practice exams
    When choosing a certification training organization, ask yourself if they meet your needs in a way that you can learn the best.
  • Attacks

    Did you know that most cybersecurity experts stated, “It’s not if we’ll be attacked, it’s when we will be attacked”. All we have to do is look around – listen to the news, read the headlines, look at history. Most attacks go unpunished and result in gains of prestige and significant monetary funds.
    Did you know that there are hundreds of cyber-attacks per day around the world? That number could be in the thousands if a true accounting was completed of all known and unknown attacks. Really, you say? Let’s pose a question – assume that you could legitimately (100% lawful), make $10,000 by conducting 20 phone calls to possible connections and just asking a simple question – nothing to sell and no pressure. Would you do this? Most of you would. So, why is it so hard to believe that a threat (someone or something who would do us harm) would take $10,000 of your monies by simply gaining access to your computer? You might report, but doubtful that you or anyone else would catch the cyber thief.
    Cyber attacks target people, computer systems, governments, and industry (just a few):
    1. In 2014, Russian hackers gained billions of user names and passwords. Credit card data from banks (JP Morgan Chase among others) are stolen
    2. In 2015, suspected Russian efforts shutdown Ukrainian electrical power, and another disrupted French television networks
    3. In 2016, the Petya ransomware attacked worldwide. A botnet (a very large array of internet devices) caused a major availability problem for Netflix, Paypal, and others
    4. In 2017, Equifax had 143 million customer records stolen. WannaCry ransomware affected hundreds of thousands
    5. In 2018, major brands – British Airways, MyFitnessPal, and Facebook had data stolen from internal databases costing millions
    6. In 2019, millions of cyber records stolen from Bulgarian National Revenue Agency, Fortune 500 companies, and Marriott-Starwood brands
  • News-Blog

    Staying connected and informed is very important to a cybersecurity expert. Our need to understand the environment (threats, new capabilities, old concerns) provides us both a sense of awareness and drives us to gain new training and experience to support the ever-changing Information Technology (IT) world.
    We stay connected in many of the same ways you stay connected with our News, and Blogs. Let’s take a look at each:
    News – did you know that most crime reported is really only about 10% of the actual crime that occurs? Most are never reported. The same can be stated about cybercrime. The three major reasons for non-reporting of cybercrime are:
    a. Didn’t know – many cybercrimes go unnoticed for days, weeks, months, and even years
    b. Wasn’t required to report – didn’t see this as a big deal and wasn’t required to tell anyone – we didn’t
    c. Reputation expense too great – if we report, we won’t be trusted or our brand will be tarnished
    Blogs – many times an organization, researcher, or expert will create a running discussion (called a blog) on a topic or list of topics.
    a. Digital Guardian – focuses on data protection and threat research
    b. The Hacker News – provides up-to-date insights on technology and how that affects the global network
    c. Threatpost – an independent look at cybersecurity and the threats and vulnerabilities within
Published in Web Applications
Tuesday, 01 December 2020 15:07

Script for detecting proxy and VPN

   $proxy_headers = array(
       foreach($proxy_headers as $x){
           if (isset($_SERVER[$x])) die("You are using a proxy!");
Published in System Administration