Q: I saw PCWorld’s lists for the best password managers, and your top picks were for cloud-based services. Wouldn’t a locally stored password database be more secure?
A: One of our top password managers is BitwardenRemove non-product link, which supports the setup of a locally stored database as a paid feature. It’s not the default way to use the service, so it takes a bit more elbow grease and vigilance to maintain, but it’s an option. That said, let’s dig into the security of local files versus cloud-stored files.
In a vacuum, a locally stored password database generally carries less risk of being discovered and then potentially shared or cracked. Compared to a set of passwords living on a cloud-based server, local storage gives you full control over where the file is stored and how it’s backed up, plus the devices that access it.
But once you take into account the real world, locally stored password databases have their own weaknesses. Devices get stolen or lost. Shared gadgets only remain as secure as each person who uses them. People have human moments (even the most careful folks!) and can fall for a bad link that opens up remote access by malicious third-parties.
Other dangers exist for locally stored password databases as well. You can’t fall back on a password recovery system if you forget your master password, and you must be vigilant with backups lest you lose the file through accidental deletion or drive failure. Should you need to access your password file remotely, you’ll face even greater problems—opening up your home network to the wider internet comes with its own can of security-related worms.
In the end, no bulletproof solution exists for protecting sensitive information. Most people need to just start using a password manager, period—all too many friends and family still create weak passwords, reuse existing passwords, and store them in plain text documents. Don’t let perfect be the enemy of good.
Welcome to Ask an Expert, where we tackle your questions about PC building. Have your own burning concern? Shoot us an email at firstname.lastname@example.org.