What I Use: Dashlane (Premium)

In January, I expressed my frustration with the sad state of the passwordless experiences in Bitwarden and 1Password, two of the top-rated standalone password managers. As I noted a few weeks back, security is a rabbit hole from which there is no beginning, no end, and no escape, a topic that can easily consume you because there's so much to learn, and getting it wrong can have disastrous consequences.

But after speaking to two security experts---both of whom verified my experiences and shared my frustrations, I stepped back and reevaluated what it was I was trying to achieve. And what it came down to was something I think of as an "online account security checklist," something that would be not just helpful and accurate, but also understandable to the mainstream users who are most at risk by ignoring or improperly configuring the security of their accounts.

I'm still working through the checklist, which is complicated in part because our online accounts evolve to support new security technologies all the time, and they do so in haphazard, unpredictable ways. For example, part of the impetus for my recent security push was the more formal support in Windows 11 version 23H2 for passkeys, the most recent and promising way for us to secure our online accounts. But this technology is so poorly and inconsistently implemented when it's used at all that it's only introduced an additional layer of complexity. And on the other end of the spectrum, the airline JetBlue emailed its customers less than a week ago to tell them that it finally supports the most basic forms of two-step authentication, a basic (and baseline) account protection. This is something it should have implemented several years ago, given how much personal and financial information the company stores for its customers. That's just irresponsible.

But we can't despair. As I keep pointing out, online account security is too important to ignore, and it's on us to make sense of this mess. Properly securing online accounts can be both difficult and inconvenient, causing us to give up. So the goal is to somehow bridge that divide, to secure our accounts in a way that provides effective security while still being convenient. And it all starts with the most basic (and maybe most important) of online account security tools, the password manager.

And the advice there is simple enough: Use a password manager. Use only one password manager. Configure all of your desktop web browsers and mobile devices to use only that password manager for autofill. Any password manager is better than no password manager or multiple password managers, even one that's built into your chosen web browser.

Beyond that, I have some advice you're free to ignore based on your own needs and wants. For example, I prefer standalone password managers to those built into a browser because they tend to be more portable, meaning that they work across all the platforms I use or may want to use in the future and aren...