BITS Pilani ACM Student Chapter Logo
BITS Pilani Logo
All Articles
Cybersecurity

Trust Issues with Sticky Notes

A comprehensive guide to password managers, covering browser-based, cloud-based, and desktop-based options with their security implications and recommendations.

RV
Rakshita Vijay
June 12, 2025
11 min read
Trust Issues with Sticky Notes

Need a password? Going with '#123#', 'PASSWORD', or 'password123' is practically a canon event in everyone's digital life. Alternatively, recycling the same password across accounts is another crowd-pleaser.

The issue is simple: we don't know how to create a strong password, and if we do, we cannot remember it. So, most of us default to the easiest options, and a few slightly more enlightened souls rely on Google to autogenerate passwords. These get automatically saved to Google Passwords (which most of us trust without question) and we use them later, hoping the administrator hasn't gotten his grubby little hands on our credentials...

See a pattern yet?

It's the same story everywhere: we assume, we trust - but do we really know what's safe?

That's where password managers (not Google's :P) come in. While they may sound cumbersome and inefficient, they are your best bet at storing your passwords at a non-volatile location with significantly reduced risk.

Most are easily accessible - available in application and website form - affording around-the-clock access and syncing across devices. So instead of scribbling your passwords down on sticky notes and taping it to the backside of your keyboard, you can rely on PMs to handle your passwords with the care they deserve.

What exactly comes to your mind when you hear the words 'password manager'?

Some might visualize a vault, others may envision an encrypted folder, but one of the things I look for in a PM? The ability to generate passwords - because honestly, the energy it takes to log each one manually is enough to make me reconsider going back to 'password123#'!

A good PM should do the heavy lifting, not make you feel like a data entry clerk. But which password manager to choose is the million-dollar question.

Password managers come in many forms: some are open source - offering transparency and community-driven security, while others are proprietary - managed by private companies. This distinction can influence your trust and security choices.

Let's run through the different types of PMs available at our disposal, each with its own strengths - and quirks - depending on how, where, and why you use them.

The three major types of PMs are: browser-based, cloud-based, and desktop-based [7].

They differ in how passwords are stored, the flexibility offered for data storage, and - most importantly - the likelihood of causing headaches down the line. Whether cloud or desktop-based, your password manager is unlocked with just one master password; so make it a long, unique passphrase and keep it safe. Never store it online, and if you write it down, hide it well. Some managers even offer a memory-jogging prompt, just in case. Other key factors to consider are platform compatibility, pricing model, and backup & recovery options - arguably some of the most crucial pieces in the arsenal we are building.

Kicking off with browser-based password managers, the simplest sibling: typically offered as free extensions or plugins integrated with your browser, they score the highest on the ease-of-use scale, but come with an all-time low on security, poor export/import capability, and hard to move data. They rely on the system's base layer authentication key (the pattern or alphanumeric text used to log-in), but lack a dedicated 'master key' of their own. This compromises your passwords further because of their auto-saving capability, allowing access to any Tom, Dick and Harry who happened to peek over your shoulder when you tried - and failed - to stealthily enter in your system passcode.

Take Google's built-in password manager, for instance: it does support two-factor authentication (2FA) for an extra layer of protection; however, its security controls are still tied to your Google account as a whole, which means that if your main account is compromised, your stored passwords could be at risk.

As if the loss of nearly all security wasn't enough, browser-based PMs don't offer the luxury of customizing passwords to specific lengths or advanced autofill capabilities, beloved features in both cloud-based and desktop-based PMs. They're also restricted to passwords, and sometimes addresses and payment info - there are no custom fields or attachments.

Sadly, if your account is accidentally deleted (or lost), recovery or version history is not available on most browser password managers. However, recent models have introduced limited recovery options.

And if you haven't noticed yet, they work so long as you are using the same browser [4]. The second you switch to a different one, it throws up its hands, pops open a soda, and chills in the backseat - the designated UselessFriend™. This constrained cross-browser support forces you to either manually re-upload all of your passwords, or suffer the consequences of choosing a browser-based password manager.

Given these limitations, many users may seek a more robust solution - one that offers flexibility, security, and - most importantly - compatibility across all platforms.

So, onto greener pastures we go: Cloud-based PMs, the overachieving middle child - always syncing, always updating, always showing up on every device it's open on. They store your passwords on a secure server in the cloud, affording round-the-clock access regardless of device, location, or network. Convenient and scalable (performance stays steady no matter the user base), they can handle everything from passwords and notes to files, credit cards, and 2FA secrets, just in case you're managing five Netflix logins and a secret recipe for Coca-Cola.

Corporate espionage aside, their compatibility extends to accommodate even structured vaults, folders, and tags, operable on a freemium or subscription-based pricing model, like Bitwarden and Bitwarden Premium respectively. However, your data's security depends on the provider's security practices, and accessibility is dependent on internet and service availability. Sadly, this means that if your Wi-Fi is having an identity crisis, your passwords are too.

On the plus side, they are available as browser extensions on most operating systems, with features like automated backups, password history, password sharing, and account recovery options.

However, while cloud-based managers excel at accessibility and convenience, some users prioritize maximum security and local control - even if it means sacrificing a bit of ease.

If control is what gets you going (no judgement here :P), then your type of PM is the unsung hero, the stoic pillar of the house: a desktop-based password manager. With local encryption and offline storage, these standalone applications are among the most secure PMs available - their reach doesn't even extend to the other user accounts on the same computer! By default, they don't sync across devices, but you can change those settings manually. You control the storage, but at the cost of convenience, which is a shame. They support custom fields, attachments, and pretty much everything you can think of - pertaining to a password manager, of course.

A downside of these buggers is that the user gets saddled with extra responsibility - to oversee the syncing and local backups and whatnot, but to the PM's credit, things are kept relatively simple and focused, so you're not juggling a circus of unnecessary features, just a few simple acts.

When it comes to platform compatibility, it's a bit of a toss-up. Some desktop managers work smoothly across all major OSs (shoutout to KeePassXC), while others - like some desktop versions of Keeper, 1Password, and NordPass - are pickier, working on Windows alone, frustrating many MacOS users out there. But worry not! At the end of this article, I've attached a list of different password managers, along with their types and compatibility, so enjoy, and happy password management!

But what about when you need passwords on the go? Device compatibility becomes an increasingly important factor - especially for those of us juggling laptops, tablets, and phones like it's a three-ring circus. To my dear "handheld devices over bulky laptop" readers, prepare for a sad plot twist: most desktop-based PMs treat mobile phones like a distant cousin they don't really want to interact with at a marriage. Only when a boisterous, pushy uncle (a third-party app) shows up do they finally relent and reluctantly allow you access to your passwords.

Aside from mobile quirks, desktop managers have other perks and quirks worth noting: they are mostly free, so you can rest easy, but be warned: infuriating donation-ware or one-time purchase pop-ups may hinder your usage, based on the PM. A feature that stands out is the ability to export database files for easy migration, and - if you're the type who likes to tinker or keep backups - this flexibility can be a real lifesaver. With all this flexibility comes a word of caution: with great power comes great responsibility; so make sure you're storing and sharing those exported files securely, or you might end up with more drama than a family reunion.

If you're still with me (and your brain isn't scrambled like a CAPTCHA), it's time to peek under the hood and see what powers these vaults. We've seen that password managers can be accessed either through web interfaces (browser extensions or web apps) or as standalone applications (desktop or mobile apps), but what problems does that flexibility come with? Web access is super convenient, but it can expose you to browser bugs or phishing. Standalone apps usually pack more features and stronger local encryption. Thus, depending on your habits, you might switch between both or stick to what fits best.

Now that you know the main types, it's important to consider whether a password manager is open source or proprietary. Here's how they stack up:

According to TeamPassword [6], open-source managers let everyone peek under the hood - their code is out in the open for security experts and curious minds to poke around in, inspect, and audit. This transparency helps build trust with the ideology that a system is "secure if everything about it, except the key, is public knowledge". It's like having a vault with glass walls: everyone can see what's inside, but only you have the combination. Open-source managers let you keep your friends close, and your code closer - publicly, that is. Most open-source options are free or have a solid free core, with extra features available for a price.

Proprietary PM companies, on the other hand, operate on the principle of 'security by obscurity', theorizing that if the code is kept out of the hands of the general public, it is less likely that an unscrupulous individual will find a vulnerability and exploit it. Thus, they have a greater responsibility for identifying and fixing the vulnerabilities themselves. With proprietary managers, you're trusting the vendor to keep your secrets safe - so you're basically putting all your eggs into Davy Jones's locker, and hoping Jack Sparrow doesn't crack it open.

Additionally, proprietary PMs do give you a better deal than the 100 souls Davy Jones asked in exchange for Sparrow's life - just a subscription or a one-time payment!

This said, it is believed that resolution of security issues is faster when it comes to OS code, as their dev team spends their time fixing bugs rather than identifying them, which is later verified by the users themselves.

Ultimately, the best password manager depends on your priorities and use case - whether that's convenience, security, or your threat model (individual vs. enterprise, high-risk professions, etc.). Each type has its own perks, so choose the one that doesn't make you vault over hoops just to get your keys!

To wrap things up, as promised, here's a curated list of password managers - along with a few key highlights to help you pick your perfect digital guardian: *

  1. RoboForm: 9.8/10 a) Cloud-based & Desktop-based; Proprietary b) Notable features: Advanced form filling, secure sharing, budget-friendly, strong autofill

  2. Keeper: 9.7/10 a) Cloud-based & Desktop-based; Proprietary b) Notable features: Dark web monitoring, secure file storage, biometric login, cross-platform

  3. 1Password: 9.6/10 a) Cloud-based & Desktop-based; Proprietary b) Notable features: Travel mode, secure vaults, teams, emergency access, cross-platform

  4. NordPass: 9.5/10 a) Cloud-based & Desktop-based; Proprietary b) Notable features: Zero-knowledge encryption, user-friendly, emergency access, data breach monitoring, cross-platform

  5. Bitwarden: 9.5/10 a) Browser-based, Cloud-based, & Desktop-based; Open source b) Notable features: Unlimited free plan, self-hosting, secure sharing, cross-platform, emergency access

  6. Dashlane: 8.9/10 a) Cloud-based; Proprietary b) Notable features: VPN, dark web monitoring, password changer, secure sharing, cross-platform

  7. KeePassXC: ~9.0/10 a) Desktop-based; Open source b) Notable features: Offline, local storage, strong encryption, TOTP codes, cross-platform via third-party apps

  8. KeePass: ~8.8/10 a) Desktop-based; Open source b) Notable features: Offline, local storage, plugin support, strong encryption, cross-platform via third-party apps

  9. Proton Pass: ~8.8/10 a) Cloud-based; Partially Open source b) Notable features: Privacy focus, modern UI, encrypted vault, cross-platform

  10. Enpass: ~8.5/10 a) Cloud-based & Desktop-based; Proprietary b) Notable features: Local storage option, data breach monitoring, cross-platform

  11. Zoho Vault: ~8.5/10 a) Cloud-based; Proprietary b) Notable features: Team management, secure sharing, business focus, cross-platform

  12. Sticky Password: ~8.5/10 a) Cloud-based & Desktop-based; Proprietary b) Notable features: Lifetime license, secure sharing, cross-platform, biometric login

*: This list was curated by Perplexity AI based on extensive analysis of leading expert sources, user reviews, and web-based data

Citations:

[1] "some desktop based password managers that only work on windows - Google Search." https://tinyurl.com/dbpmonwindows

[2] V. R. Aravamudhan, "Considerations while choosing a Password Manager," Medium, Dec. 31, 2021. https://avijayr.medium.com/considerations-while-choosing-a-password-manager-77c15da855a9

[3] S. Gilbertson, "6 Best Password Managers (2025), Tested and reviewed," WIRED, Mar. 26, 2025. [Online]. Available: https://www.wired.com/story/best-password-managers/

[4] A. Zawalnyski, "What Are The Different Types Of Password Manager?: Understand the different types of password managers available, and how they are suited to different business use-cases.," Expert Insights, Nov. 13, 2023. [Online]. Available: https://expertinsights.com/password-managers/what-are-the-different-types-of-password-manager

[5] A. Bhatnagar, "Is Google Password Manager safe? [2024]," cloaked, Apr. 16, 2024. https://www.cloaked.com/post/is-google-password-manager-safe

[6] K. Bhaduri, "Open-Source vs. Closed-Source Password Managers: Which is Right for You?," TeamPassword, Feb. 21, 2025. https://teampassword.com/blog/open-vs-closed-source-password-managers

[7] A. Hutchinson, C. W. Munyendo, A. J. Aviv, and P. Mayer, "An Analysis of Password Managers' Password Checkup Tools," in ACM, Honolulu, HI, United States of America, May 11, 2024, pp. 1-7. doi: 10.1145/3613905.3650741.

RV

WRITTEN BY

Rakshita Vijay