Apple iPhone Users Targeted As Increased Password Reset Scams Skyrocket In 2024
New password reset attack targets Apple device users
Scammers are taking advantage of Apple’s password reset tool in a new ‘MFA bombing’ attack.
d3sign/Getty Images
Apple device owners are facing a new phishing hack that uses “multi-factor authentication (MFA) bombing” to steal their data.
Several Apple users in have reported a hacking attempt that appears to take advantage of Apple’s password reset feature, KrebsOnSecurity reported, citing people who have been targeted. The scammers have used Apple’s password reset tool to spam their targets with dozens, if not hundreds, of notifications, asking the user to reset their Apple ID password.
Pressing the “Allow” option gets the scammers one step closer to resetting the user’s credentials because that device could then be used to create a new Apple ID password.
Unfortunately, tapping “Don’t Allow” on all the notifications doesn’t solve the problem.
After those targeted by the scam chose to not allow their passwords to be reset, they received phone calls from the scammers claiming they were from Apple’s support team, according to the report. Their goal was to send a password reset code to the user’s device and have the user tell them the code. Armed with that information, the scammers could simply reset the Apple ID password and get full access to the user’s account.
Since Krebs’ sources didn’t press “Allow” on the notification, it’s unclear what the scammers would have done in that scenario. Presumably, the scammers would still likely need to call the target, again acting as Apple support, and fool them into resetting the password on their device and sharing it with the hacker.
Phishing attacks have been used for decades to target unsuspecting victims. But in recent years, scammers have increasingly turned to phishing as a desirable way to steal passwords, delete data, and ultimately steal money from their victims.
In 2022, mobile phishing attacks were up a whopping 61% year-over-year in just a six-month period, according to security provider SlashNext. The company said mobile users faced 255 million phishing attacks during that period.
It’s unclear how many Apple users have been impacted by this MFA bombing attack. However, Krebs’ sources reported that they received notifications on their iPhones, Apple Watches, and Macs, suggesting the attack isn’t just limited to one type of Apple device. What’s worse, there’s no simple way to stop it.
One of Krebs’ sources said they called Apple for help with the attack and the company said they should create a recovery key, a 28-character code that they would need to input to change their Apple ID password.
However, after creating a recovery code, Krebs reported that it was still possible to trigger the notifications the users saw when targeted by the spammers. It appears Apple’s password reset feature may be to blame and until the company changes how that works, hackers could conceivably continue to exploit the flaw and target users.
For now, if you’re an Apple user, your only option is to stay in the know and remain vigilant. If you receive a slew of password reset requests that you didn’t initiate, be sure to always choose the “Don’t Allow” option on the notifications.
Don’t be tempted to choose “Allow” simply because the notifications aren’t allowing you to use other apps or services on your device — a core component in the fraudsters’ plan. Even if you don’t choose “Allow,” be prepared for a call and be sure not to answer it.
Additionally, Apple has made it clear that the company does not call any of its users directly. So, if you receive a number from 1-800-275-2273 (Apple’s actual support line that the scammers are spoofing to make their calls seem legitimate), don’t pick up and definitely don’t provide any information to the caller.
Your privacy matters. That’s why it’s good practice to lock a desktop or laptop whenever you leave it unattended. Use any of the methods below to stop other people from snooping around your PC.
Unlike signing out, locking a computer is faster, just as secure, and doesn’t require you to shut down open programs. You also get to unlock it instantly and pick up where you left off. This article will go through various ways to quickly lock Windows 11 and 10.
The most straightforward approach to locking your PC is simply to use the Start menu. Open it, select the User icon or your profile portrait, and choose the option labeled Lock.
Note: If the Lock option is not present, open the Control Panel, go to Hardware and Sound > Power Options > Change what the power buttons do, and activate the box next to Lock to add it.
Lock Computer with a Keyboard Shortcut
If you prefer keyboard shortcuts, an even faster way to lock a Windows computer is pressing Windows Key + L. Use it a few times, and you’ll get it hard-coded into your muscle memory.
Lock Computer with a Desktop Shortcut
If you find it challenging to use the Win + L keyboard shortcut, you can create a desktop shortcut capable of locking your PC just as quickly.
Right-click a vacant area within the desktop area.
Select New > Shortcut on the context menu.
Copy and paste the following snippet of text into the Create Shortcut window and select Next:
rundll32.exe user32.dll,LockWorkStation
Type a name for the shortcut—e.g., “Lock PC”—and select Finish.
Double-click the shortcut whenever you want to lock your PC.
Lock PC via the Windows Security Screen
The Windows Security screen (a.k.a. the Ctrl + Alt + Delete screen) offers another quick way to lock Microsoft Windows. The best thing about this method is that you can use it even if Windows 11 or 10 isn’t responsive. Simply press Ctrl + Alt + Del to get the Windows Security screen to show up. Then, select Lock.
Lock Computer via Task Manager
If you ever find yourself using the Task Manager in Windows 11 or 10 and want to lock down your PC immediately, you can do that using the Task Manager itself.
Right-click the Start button and select Task Manager.
Select More details to expand the default Task Manager view.
Switch to the Users tab.
Select your Windows user account.
Select the Disconnect option at the lower-right corner of the window.
Lock Computer Alongside Screen Saver
If you regularly forget to lock your PC, you can set up a screensaver to kick in automatically and lock your PC when it engages.
Open the Start menu, search for screen saver, and select Turn Screen Saver On or Off to invoke the Screen Saver Settings pop-up.
Open the drop-down menu under Screen saver and pick a screensaver (select Blank if you prefer to keep the computer screen dark when the screensaver is active).
Specify a time in minutes within the Wait box, check the box next to On resume, display logon screen, and select OK.
Your PC will display the screensaver when left idle for the time duration. Press a key or mouse button whenever you want to exit it and get to the Lock Screen.
Lock Computer With Dynamic Lock
Dynamic Lock automatically locks the operating system if it detects a weak Bluetooth signal between your PC and another device. Although it works with any Bluetooth peripheral, using a smartphone (Android or iPhone) is the most practical.
Connect Smartphone to PC
Before activating Dynamic Lock, you must pair your smartphone with your computer.
Put your phone into Bluetooth discovery mode. That’s as simple as visiting its Bluetooth options screen (e.g., Settings > Bluetooth on the iPhone).
Open the Settings app on your PC (press Windows + I).
Select Devices > Bluetooth & other devices.
Select Add Bluetooth or other device > Bluetooth.
Select your phone and go through the onscreen instructions to pair it.
Activate Dynamic Lock
It’s now just a matter of activating Dynamic Lock.
Open the Settings app on your PC.
Select Accounts > Sign-in Options and scroll down to the Dynamic Lock section.
Check the box next to Allow Windows to automatically lock your device when you’re away.
Your PC will automatically lock itself whenever you move away from it with your iPhone or Android smartphone.
Lock Computer via Run Command
You can perform many valuable activities with Run commands in Windows, including locking your PC. Although it’s hard to justify using Run over the above methods, it’s good to know that this way exists.
Press Windows Key + R or right-click the Start button and select Run.
Type the following command into the Run dialog box:
rundll32.exe user32.dll,LockWorkStation
Select OK, or press Enter to lock Windows.
Lock Computer via Windows Terminal
Another obscure way to lock a Windows 11/10 PC requires running a command through the Windows Terminal or Windows PowerShell consoles. Here’s how to use it:
Right-click the Start button and select Windows Terminal (Windows 11) or Windows PowerShell (Windows 10).
Type the following command:
rundll32.exe user32.dll,LockWorkStation
Press Enter.
Tip: The above command also works on the older Command Prompt console. Open the Start menu, type cmd, and select Open to get to it.
While this command is not particularly useful for locking your PC in the moment, it can be handy to include the command in a script so that your PC locks when the script finishes.
Total Lockdown
Locking your Windows PC has no downsides and keeps intruders at bay. It’s easy to forget to do that, however, so it’s always worth taking your time to tweak your screensaver settings or set up Dynamic Lock. While you’re at it, check out how to create a passwordless login in Windows to make getting back in even faster.
6) IoT with 5G Network: The New Era of Technology and Risks
7) Automation and Integration
8) Targeted Ransomware
9) State-Sponsored Cyber Warfare
10) Insider Threats
2023: The Digital Transformation realized for businesses, organizations and even governments are relying on computerized and progressively increased digital systems to manage their day-to-day activities making Cybersecurity a primary goal and priority for all Executives and Organizations of all sizes.
The 2020 pandemic year exacerbated this fact – with up to 75% of billions of people globally transitioning from their physical office (which had the IT resources and personnel) to their “home office”. Essentially turning the entire “working from home industry” and all of the IT and HR requirements that it needs due to safeguarding data from various online attacks or any unauthorized access as the new “norm” of virtual/remote work.
Going Forward: Continuous change in technologies including the popular Dual Authorization Password apps primarily through utilizing the smart phone also implies a parallel shift and priority in Cybersecurity trends across the board in every organization as news of data breach, ransomware, malware, compromised devices/browsers and hacks unfortunately become the norms. This is simply based on adapting to the progressing volume (millions before the 2020 Pandemic worked from home, today it is billions) of remote workers. Here are the top Cybersecurity trends for 2023:
1) Rise of Automotive Hacking
Modern vehicles nowadays come packed with automated software creating seamless connectivity for drivers in cruise control, engine timing, door lock, airbags and advanced systems for driver assistance. These vehicles use Bluetooth and WiFi technologies to communicate that also opens them to several vulnerabilities or threats from hackers. Gaining control of the vehicle or using microphones for eavesdropping is expected to rise in 2023 with more use of automated vehicles. Self-driving or autonomous vehicles use an even further complex mechanism that requires strict cybersecurity measures.
2) Potential of Artificial Intelligence (AI)
With AI being introduced in all market segments, this technology with a combination of machine learning has brought tremendous changes in cybersecurity. AI has been paramount in building automated security systems, natural language processing, face detection, and automatic threat detection and the ChatGPT OpenAI capabilities that are literally transforming industries of anything relating to “the written word” including Copy Writing, Marketing, Advertising, Education, and many, many others are all being automated with AI. Although, it is also being used to develop smart malware and attacks to bypass the latest security protocols in controlling data. AI enabled threat detection systems can predict new attacks and notify admins for any data breach instantly.
3) Mobile is the New Target
Cybersecurity trends provide a considerable increase (50 percent) for mobile banking malware or attacks in 2020, making our handheld devices a potential prospect for hackers. All of our photos, financial transactions, emails, and messages possess more threats to individuals. Smartphones are logically one of the biggest targets for anyone with the skills and agenda primarily based on two facts:
Smartphones are used by more people globally today than PC’s (personal computers)
The security and vulnerabilities of smartphones are far less on average than PC’s
Social Media like Facebook, Instagram, and Tik Tok as well as other installed Apps of all types on smartphones/PC’s/devices are being targeted more and more each day by malicious individuals and “ransomware gangs” globally.
4) The “Cloud” i.e. Internet is Also Potentially Vulnerable
With more and more organizations now established on clouds, security measures need to be continuously monitored and updated to safeguard the data from leaks. Although cloud applications such as Google or Microsoft are well equipped with security from their end still, it’s the user end that acts as a significant source for erroneous errors, malicious software, and phishing attacks more than ever before today. Malicious actors across the globe are adapting faster than end users can act, especially in today’s ever so popular Social Media world.
5) Data Breaches: Prime target
Data will continue to be a leading concern for organizations around the world. Whether it be for an individual or organization, safeguarding digital data is the primary goal now. Any minor flaw or bug in your system browser or software is a potential vulnerability for hackers to access personal information. New strict measures General Data Protection Regulation (GDPR) was enforced from May 25th, 2018 onwards, offering data protection and privacy for individuals in the European Union(EU). Similarly, the California Consumer Privacy Act (CCPA) was applied after January 1st, 2020, for safeguarding consumer rights in the California area.
6) IoT with 5G Network: The New Era of Technology and Risks
With the advent and growth of 5G networks, a new era of inter-connectivity will become a reality with the Internet of Things (IoT).
The Internet of Things (IoT) is essentially an interconnected global network where all devices are connected to each other as well as the “internet” 24×7. This communication between multiple devices also opens them to vulnerabilities from outside influence, attacks or an unknown software bug. Even the world’s most used browser supported by Google, Chrome was found to have serious bugs. 5G architecture is comparatively new in the industry and requires a lot of research to find loopholes to make the system secure from external attack.
Every step of the 5G network might bring a plethora of network attacks that we might not be aware of. Here manufacturers need to be very strict in building sophisticated 5G hardware and software to control data breaches.
7) Automation and Integration
With the size of data multiplying every day, it is eminent that automation is integrated to give more sophisticated control over the information. Modern hectic work demand also pressurizes professionals and engineers to deliver quick and proficient solutions, making automation more valuable than ever. Security measurements are incorporated during the agile process to build more secure software in every aspect. Large and complex web applications are further hard to safeguard making automation as well as cyber security to be a key concept of the software development process.
8) Targeted Ransomware
Another important cybersecurity trend that we can’t seem to ignore is targeted ransomware. Especially in the developed nations’ industries rely heavily on specific software to run their daily activities. These ransomware targets are more focused today in 2023 including examples like the Wanna Cry attack on the National Health Service hospitals in England corrupted more than 70,000 medical devices. Though generally, ransomware asks to threaten to publish the victim’s data unless a ransom is paid still it can affect the large organization or in case of nations too.
9) State-Sponsored Cyber Warfare
There won’t be any stoppage between the western and eastern powers in attempts to find superiority. The tension between the US and Iran or Chinese hackers often creates worldwide news though the attacks are few; they have a significant impact on an event such as elections. And with more than 70 elections bound to be held this year, criminal activities during this time will surge. Expect high-profile data breaches, key infrastructure like airlines grounding planes due to internal software compromises, etc. as top cybersecurity trends for 2023.
10) Insider Threats
Human error is still one of the primary reasons for data breaches and cyber security issues and service tickets, up to 75% of all reported in fact according to the most recent 2022 statistics. Any employee having a grudge or just a bad day at their employer or intentional loophole can bring down a whole organization with millions of stolen data. One example of this in 2022 was an official Report by Verizon that a documented data breach gives strategic insights on cybersecurity trends that 45 percent of total attacks were directly or indirectly made by the employees. Creating a culture of more awareness within premises to safeguard data in every way possible is truly the primary goal today in 2023 as well as the future.
Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly.
The vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.
Attackers can exploit this vulnerability to obtain hashed passwords stored in the Security Account Manager (SAM) and Registry, and ultimately run arbitrary code with SYSTEM privileges.
SeriousSAM vulnerability, tracked as CVE-2021-36934, exists in the default configuration of Windows 10 and Windows 11, specifically due to a setting that allows ‘read’ permissions to the built-in user’s group that contains all local users.
As a result, built-in local users have access to read the SAM files and the Registry, where they can also view the hashes. Once the attacker has ‘User’ access, they can use a tool such as Mimikatz to gain access to the Registry or SAM, steal the hashes and convert them to passwords. Invading Domain users that way will give attackers elevated privileges on the network.
Because there is no official patch available yet from Microsoft, the best way to protect your environment from SeriousSAM vulnerability is to implement hardening measures.
Mitigating SeriousSAM
According to Sky Houston, CTO at GeeksByTheHour, there are three optional hardening measures:
Delete all users from the built-in users’ group — this is a good place to start from, but won’t protect you if Administrator credentials are stolen.
Restrict SAM files and Registry permissions — allow access only for Administrators. This will, again, only solve part of the problem, as if an attacker steals Admin credentials, you will still be vulnerable to this vulnerability.
Don’t allow the storage of passwords and credentials for network authentication — By implementing this rule, there will be no hash stored in the SAM or registry, thereby mitigating this vulnerability completely.
When using GPOs for implementation, make sure the following UI Path is Enabled:
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials for network authentication
Despite the fact that the last recommendation offers a good solution for SeriousSAM, it may negatively impact your production if not properly tested before it is pushed. When this setting is enabled, applications that use scheduled tasks and need to store users’ hashes locally will fail.
Short on time? Here’s the best password manager for Windows in 2021:
? Dashlane — Unbreakable security with an excellent Windows app, intuitive browser extensions for Chrome, Firefox, Edge, IE, Opera, Brave, and Safari, and lots of extras like Windows Hello compatibility, a VPN, a one-click password changer, dark web monitoring, and 1 GB of secure storage.
I tested the most popular password managers on the market to find the best ones for Windows computers in 2021 — ones that are highly encrypted, have intuitive Windows integrations, can sync across multiple devices, are compatible with biometric functions like Windows Hello, and are excellent at generating, saving, and auto-filling passwords.
Unfortunately, a lot of third-party password managers are ineffective, buggy, and lack essential features — and many of them offer no improvements over browser-based password managers (which are already really bad besides the multiple security vulnerabilities).
But after two months of testing and comparing all of the top password managers on the market today in 2021, I managed to find a few products that really stood out in terms of security, ease-of-use, and overall value.
Summary of the best password managers for Windows in 2021:
1.? Dashlane — Best overall Windows password manager in 2021.
2.? 1Password — Incredibly easy to use (and great for families).
5. LastPass — Good free plan with advanced security on premium plan.
How GeeksByTheHour Rated the Best Password Managers for Windows in 2021:
Security. I tested each password manager’s ability to maintain high-level security with two-factor authentication (2FA), password auditing, and bank-grade encryption. I also gave extra points to password managers with zero-knowledge protocols and additional security options including biometric scanning.
Features. I tested each feature and made sure they all functioned as intended. I looked for features such as dark web scanning, encrypted sharing, and data storage to ensure each feature adds to the functionality of the program.
Customer Service. I tested each company’s live chat, phone, and email support services to guarantee that customers would be able to get support whenever they need it. I also read through the products’ FAQs, knowledge bases, and chat forums to see whether or not they were useful.
Ease of Use. My list only includes products that provide an easy user experience, cross-platform support, intuitive interfaces, and secure browser extensions.
?1. Dashlane — Best Overall Windows Password Manager in 2021
Dashlane is my favorite Windows password manager in 2021 — it comes with high encryption, makes auto-filling on Windows very easy, and has standout features like a one-click password changer and a VPN.
The Dashlane Windows app is very intuitive, and it took only a few minutes for me to set up and use the password vault — all of Dashlane’s features were easy for me to figure out, from importing my passwords into the Dashlane vault to installing the browser extension to setting up fingerprint authentication.
Dashlane also has:
Unlimited password storage.
Multi-device sync.
Password sharing.
One-click password changer.
Virtual private network (VPN).
Password strength auditing
Dark web monitoring.
Emergency access.
Secure storage (1 GB).
My favorite Dashlane feature is the one-click password changer. After Dashlane audited my entire password vault, I could automatically replace weak passwords with strong ones on a number of websites. With most password managers, you have to change your weak passwords manually, one at a time. Dashlane, on the other hand, does this automatically across 300+ popular sites — a huge time saver!
Dashlane is the only password manager on my list that offers a VPN. When I tested Dashlane’s VPN, it provided me with an encrypted internet connection with almost no slowdown. Using Dashlane’s VPN, I could access geo-restricted content and stream videos in HD without any lag, even when I was connected to servers across the ocean from me — great for users who want to view content that’s unavailable in their countries.
Dashlane Free lets you store up to 50 passwords on 1 device. Dashlane Essentials adds unlimited password storage, unlimited password sharing, and coverage for up to 2 devices. Dashlane Premium includes unlimited devices, a VPN, advanced 2FA, dark web monitoring, and encrypted storage. Dashlane also offers a family plan that adds up to 5 licenses and a family management dashboard.
Bottom Line:
Dashlane is my favorite password manager for Windows. Dashlane is very secure (it has strong encryption, 2FA, password strength auditing, and dark web monitoring), it’s user-friendly and intuitive, and it comes with a lot of extra features — including a one-click password changer, a VPN, Windows Hello compatibility, 1 GB encrypted storage, and more. Dashlane’s free plan includes a free trial of Dashlane Premium, and all Dashlane purchases come with a 30-day money-back guarantee.
?2. 1Password — Best for Easy Password Management
1Password is secure, user-friendly, and has a lot of additional tools — making it a great choice for Windows users who are looking for a password manager that’s easy to use yet also feature-rich.
During my tests, the 1Password desktop app worked smoothly on Windows, allowing me to easily generate, organize, and share passwords. I was also happy to learn that 1Password is compatible with Windows Hello, so I could use my fingerprint and face ID to quickly access my password vault (1Password also supports Windows Hello companion devices like fingerprint readers or USB keys on older devices without facial recognition technology).
1Password comes with the following features:
Unlimited password storage.
Multi-device sync.
2FA.
Password sharing.
Password security auditing.
Dark web monitoring.
Account recovery.
Encrypted storage (1 GB).
I really like 1Password’s password security auditing feature — while this feature isn’t unique to 1Password, I was impressed with how easy it was for me to check which of my passwords were weak, duplicates, or compromised in a security breach. I also think it’s very cool that 1Password’s security auditing feature monitors credit card expiration dates, notifying you whether any of your cards are expiring soon and need to be replaced with new ones.
1Password offers two plans — 1Password Personal includes unlimited passwords on unlimited devices, 2FA, password sharing, password auditing, dark web monitoring, and 1 GB of encrypted file storage, and 1Password Families adds a shared vault, coverage for up to 5 users, and account recovery. 1Password is also the only password manager on this list that lets you add as many users as you want under 1 plan — which makes 1Password particularly great for families or households with lots of people.
Bottom Line:
1Password is a user-friendly Windows password manager with lots of features — it’s a particularly good choice for beginners and non-technical users as well as large families (1Password lets you add as many users as you want to its family plan). 1Password has high-security features like strong encryption, 2FA (including compatibility with Windows Hello), password security auditing, dark web monitoring, secure password sharing, account recovery, and more. You can try out all of 1Password’s premium features with a 14-day free trial.
?3. RoboForm — Best for Advanced Form-Filling
RoboForm has a really good form-filling tool — it’s very accurate at auto-filling all sorts of web forms, from simple ones like Facebook and Instagram logins to very complicated ones like online shopping, banking, and accounting forms.
The RoboForm Windows app and the RoboForm browser extension are both easy to install and use — RoboForm’s intuitive interface and easy-to-use customization options make it a good choice for non-technical users.
There are 8 different templates that RoboForm can automatically fill out, including forms for addresses, banks, automobiles, and passports. In my testing, RoboForm completed each test web form in just one click, filling out all of my information in appropriate fields with zero errors.
RoboForm also includes:
Unlimited passwords across unlimited devices.
Windows application logins.
2FA.
Password auditing.
Emergency access.
Secure folder for sharing passwords.
Secure bookmarks storage.
Secure notes storage.
RoboForm is one of the rare password managers to offer application logins — meaning you can save and auto-fill logins for your Windows applications, like Skype and iTunes.
We also really like RoboForm’s secure notes storage, which made it easy for me to save and share important information such as safe lock combinations, internet passwords, passport information, and even secret family recipes!
We also like RoboForm’s password auditing tool — it checks the strength of passwords using the “zxcvbn” algorithm, which is an open-source algorithm that many cybersecurity experts, including myself, believe is the most accurate password strength tool available today.
RoboForm Free offers unlimited logins, password auditing, secure password sharing, application logins, and bookmarks storage. With RoboForm Everywhere, you also get multi-device sync, 2FA, emergency access, and cloud backup. RoboForm Everywhere Family is the same, but it covers up to 5 users.
Bottom Line:
RoboForm has excellent form-filling capabilities — it accurately fills out even the most advanced web forms with one click. RoboForm also comes with lots of additional features, like 2FA, application logins, bookmarks storage, and more. You can try out RoboForm with a 30-day free trial, and all RoboForm purchases come with a 30-day money back guarantee.
4. Keeper — Best for Additional Security Features
Keeper comes with a wide range of high-security features — it uses 256-bit AES encryption, has a variety of multi-factor authentication options, and is Service Organization Controls (SOC 2) compliant, which means that Keeper regularly undergoes security audits to ensure that all user data is 100% safe.
The Keeper Windows app is really good — it has a clean, modern, and well-organized interface, all the features are easily accessible, and everything works exactly as promised. That said, I wasn’t too impressed with Keeper’s browser extension — it’s good for auto-saving and auto-filling passwords, but it doesn’t have some of the advanced functionality of other browser extensions like Dashlane’s or 1Password’s.
Keeper also has:
Dark web monitoring (BreachWatch).
Encrypted chat (KeeperChat).
Password security auditing.
Secure storage (10 GB).
Emergency access.
Biometric login with Windows Hello.
I really like Keeper’s dark web monitoring feature which searches the dark web for breached logins and passwords, alerting users if their credentials have been compromised. While some top competitors also scan the dark web for compromised credentials, I think Keeper does a particularly good job at detecting security breaches — during my tests, Keeper alerted me that one of my emails had been breached, which most competing password managers failed to catch!
Keeper’s free plan comes with unlimited passwords, but only on 1 device. Keeper Unlimitedoffers unlimited passwords on unlimited devices, 2FA, emergency access, password security auditing, and more. You can upgrade to the Keeper PlusBundleto add dark web monitoring and secure file storage. And the Keeper MaxBundleis where you also get the encrypted messaging app.Keeper also has a range of family options.
Bottom Line:
Keeper is a highly secure password manager with a lot of additional features — including dark web monitoring, 10 GB of secure storage, multi-factor authentication, an encrypted chat, and password security auditing. Keeper has lots of different plans to choose from, both for individuals and families, and you can try all of Keeper’s premium features with a 30-day free trial.
5. LastPass — Best Free Windows Password Manager
LastPass has a good free plan for Windows users that offers unlimited password storage on an unlimited number of devices for a single user. LastPass is also one of the only free password managers to include password sharing — you can share unlimited passwords, but only with 1 other user.
Both LastPass’s Windows app and browser extensions performed well during my tests — I had no problems using all of the provided features, and I found it very easy to generate, save, fill out, and share logins (but some of LastPass’s browser extensions have limited functionality).
LastPass Free has:
Unlimited password storage on unlimited devices.
One-to-one password sharing.
Account recovery.
Password auditing.
Automatic password changer.
What I like the most about LastPass is that it offers several options to recover your account in case you forget your master password — for instance, LastPass can send a recovery code to your mobile phone, or you can restore a previous master password up to 30 days after setting up a new master password.
While LastPass Free is good, LastPass Premium is even better, adding features like one-to-many password sharing, dark web monitoring, emergency access, and 1 GB of storage. LastPass Families is the same as Premium, adding coverage for up to 6 users.
Bottom Line:
LastPass has a good free plan for Windows users. LastPass Free comes with unlimited password storage on an unlimited number of devices for one user, plus password sharing with one other user, 2FA, account recovery, and password auditing. The premium version of LastPass adds advanced features like password sharing with multiple users, dark web monitoring, emergency access, and cloud storage. You can try LastPass with a 30-day free trial.
COMPARISON OF THE BEST PASSWORD MANAGERS FOR WINDOWS
Comparison of the Best Password Managers for Windows
Password Manager
Windows Hello Compatibility
Password Breach Monitoring
Included VPN
Encrypted Storage
Free Version
1.?Dashlane
Yes
Yes
Yes
1 GB
50 passwords on 1 device
2.?1Password
Yes
Yes
No
1 GB
No
3.?RoboForm
Yes
No
No
No
Unlimited passwords on 1device
4. Keeper
Yes
Yes
No
10 GB
Unlimited passwords on 1 device
5. LastPass
Yes
Yes
No
1 GB
Unlimited passwords on unlimited devices
Password Managers for Windows — Top 4 Frequently Asked Questions:
Why can’t I just use the Chrome/Firefox/Edge password manager?
Can I sync my Windows passwords with Android/iOS/Mac devices?
Are these password managers secure?
Can I use these password managers with Windows Hello?
1. Why can’t I just use the Chrome/Firefox/Edge password manager?
While your browser’s built-in password manager may be convenient, it’s just not that good — it only works on the browser, it doesn’t sync across devices, it can’t share passwords, the auto-filling functions are not good, and it won’t audit your password vault.
Unlike browser-based password managers, the products I’ve recommended here generate strong, unbreakable passwords, accurately auto-fill logins and various web forms, provide additional features like password sharing, password auditing, and dark web monitoring, and work across all browsers, devices, and operating systems.
2. Can I sync my Windows passwords with Android/iOS/Mac devices?
Definitely! One of the great things about third-party password managers is that they offer functionality on almost every device, browser, and operating system.
For example, with all of the password managers listed here, you can install the mobile app on an iPhone, the desktop app on a PC, and the Android app on a tablet — and all of your logins and encrypted files will be synced up between each of your devices.
3. Are these password managers really secure?
Absolutely! I only recommend password managers that use zero-knowledge protocols — ensuring that all data is encrypted before it gets to the password manager’s servers. This one-way encryption makes it impossible for the company to access any user data.
Also, the encryption methods these password managers use are virtually unbreakable.They’re the same encryption methods used by banks, major tech corporations, and even by the military.
Even if somebody hacked your computer and found your master password, they wouldn’t be able to access your passwords because they would fail the two-factor authentication test that all of these password managers have.
In short, all of these password managers are the most secure options today in 2021 but Dashlane takes the #1 Prize for 2021 in our testing.
4. Can I use these password managers with Windows Hello?
Dashlane, 1Password, LastPass, Keeper, and RoboForm are all compatible with Windows Hello.
Dashlane was the easiest for us, my family and friends during GeeksByTheHour extensive testing to set up with Windows Hello. After toggling a couple of settings, I was able to access my password vault with just my fingerprint — no master password needed!
