Here’s one you may have heard before: You should use a password manager. A good password manager helps create strong passwords, is safer than reusing the same ones and can keep you—blah blah blah. Stick that next to “Go to bed earlier” and “Cookies are bad for you” in the brimming file of good advice you’ll take… later.
How about this, though? You should use a password manager because it makes using the internet easier. Even if every one of your passwords is “password,” you should still use a password manager. It makes logging in faster and means never having to enter your credit-card number again—the added security is just a bonus.
Right now is the perfect time to make the leap. The coming version of Apple’s iOS software includes new hooks that allow password managers to log you into websites and apps on your phone, something Google’s Android already supports.
Many operating systems and browsers include their own password managers, but I recommend getting something that works across all your devices. The big three are LastPass from
AgileBits’ 1Password and Dashlane Inc.
I’ve tested them all and Dashlane, after a recent update, has become my favorite. At $5 a month, it’s slightly more expensive than its competitors, but it now offers an arsenal of security tools: a VPN, a dark-web tracker and protection against identity theft, all in one place.
The first thing Dashlane or any password manager needs is passwords. You can enter them one by one, but I recommend just setting up the app and installing the companion extension for your browser. When you log into any site, Dashlane will just ask if you want to save your credentials.
You also can save credit-card information, passport numbers and more. Everything stays safe behind your master password, which I recommend making as complicated as you can muster. You’ll be able to use your fingerprint or face to unlock Dashlane quickly on newer phones, tablets and computers, but you still have to enter it from time to time for security.
Once your accounts are stored in Dashlane, you can even get Dashlane to log you into websites automatically. Next time you pay for something, too, you can skip the hunt for your wallet and simply click to choose a card.
One warning on that front: Security researchers have found “invisible fields” on some websites, which steal extra information by taking advantage of auto-filling tech. Dashlane says it doesn’t fill in these hidden fields, and has other security mechanisms such as requiring a master password when sharing financial information.
I added 221 passwords into Dashlane, and the app immediately generated a score of my “password health,” looking for weak or reused ones. I scored a not-too-hot 72. Dashlane was able to automatically change some of my passwords, though that required giving the app access to my email, and I spent an hour changing the rest. For a brief, beautiful moment, my password health sat at a perfect 100. Now, due to an old Dropbox hack, I’m down to 99.
Dashlane’s latest version includes a new Identity Dashboard, which the company uses to provide a rough overview of your entire online health. I added my Gmail account, home address and other info to Dashlane, and the service immediately began crawling dark-web databases to see if my information had been compromised. I assumed it had: From Equifax and Yahoo to Home Depot and Target, billions of accounts have been stolen in recent years.
Indeed, 10 security alerts showed up, each detailing which information had been taken. I was able to quickly change a few passwords, and see which other accounts had similar info and needed to be changed, too. I wish I’d been able to do this so easily years ago! Going forward, if any of my info appears in these leaked databases, the service will notify me so I can take action.
Among Dashlane’s other tools, a new built-in VPN (aka “virtual private network”) stands out. Because it encrypts your internet traffic and obfuscates your location, it’ll keep you more secure on public Wi-Fi. If you use it at home, it can keep your data out of the hands of your service provider, which might sell it. Just bear in mind, Netflix and other apps with protected content won’t stream when you use the VPN, and VPNs might not work on your corporate Wi-Fi.
The VPN uses Hotspot Shield from AnchorFree, a popular VPN provider that says it stores virtually no user data. (Hotspot Shield typically costs between $3.50 and $13 a month on its own.)
Dashlane’s most expensive plan, at $10 a month, also offers credit monitoring and up to $1 million in identity-theft insurance.
A Matter of trust
Keeping your data safe is a good thing, as is knowing when it has been compromised. But what if you never had to give out your data in the first place?
As Dashlane, 1Password and the rest mature, they’re moving to protect more, but you can supplement their core services with features like Abine’s Blur suite, which blocks web trackers and provides disposable phone numbers, emails and credit cards.
In the meantime, if you have to trust a service, make it one whose entire business is predicated on that trust. Some VPN providers do collect user and activity data, and you should avoid using them. “We’ve never sold and we’ve never collected user data,” said David Gorodyanksy, chief executive of AnchorFree, Dashlane’s VPN partner.
Similarly, Dashlane says it designed everything from its servers to its password policies with hacker-proofing in mind. Nothing is ever completely safe, of course, but you should feel better knowing that these companies protect your data as if their existence depends on it.
If you buy an Eero home network and get 1Password bundled in, or want LastPass because it’s only $2 a month, that’s fine. But I like that the new Dashlane puts so many features into one easy-to-use system. Come for the autofill, which makes quick work of the internet’s seemingly endless forms. Stay for the peace of mind that comes from being safer online.
——For more WSJ Technology analysis, reviews, advice and headlines, sign up for our weekly newsletter