added latest stuff

1 files changed, 68 insertions, 52 deletions

diff --git a/published/password-managers.txt b/published/password-managers.txt
index cc19853..e551342 100644
--- a/published/password-managers.txt
+++ b/published/password-managers.txt
@@ -1,49 +1,30 @@
-New to add:
-Bitwarden
-RememBear
-https://myki.com/download
-
 Password managers are the vegetables of the internet. We know they're good for us, but most of us are happier snacking on the [password equivalent of junk food](https://www.wired.com/story/7-steps-to-password-perfection/). For seven years running that's been "123456" and "password"—the two [most commonly used passwords](https://www.wired.com/2016/01/worst-passwords-list/) on the web.
 
 The problem is, most of us don't know what makes a good password and aren't about to remember hundreds of them every day.
 
-If you can memorize strong passwords for hundreds of sites, by all means do it. Assuming you're using [secure passwords](https://www.wired.com/2016/05/password-tips-experts/)—which is, first and foremost, shorthand for *long* passwords—this is the most secure, if slightly insane, way to store passwords. It might work for [Memory Grandmaster Ed Cooke](https://en.wikipedia.org/wiki/Ed_Cooke_(author)), but most of us are not willing to put in the effort. We need to offload that work to password managers, which offer secure vaults that can stand in for our faulty, overworked memories.
+If you can memorize strong passwords for hundreds of sites, by all means do it. Assuming you're using [secure passwords](https://www.wired.com/2016/05/password-tips-experts/)—which is, first and foremost, shorthand for *long* passwords—this is the most secure, if slightly insane, way to store passwords. It might work for [Memory Grandmaster Ed Cooke](https://en.wikipedia.org/wiki/Ed_Cooke_(author)), but most of us are not ready for that. We need to offload that work to password managers, which offer secure vaults that can stand in for our faulty, overworked memories.
+
+A password manager offers convenience and, more importantly, helps you create better passwords, which makes your online existence less vulnerable to password-based attacks.
 
-A password manager offers convenience and, more importantly, will help you create better passwords, which in turn makes your online existence less vulnerable to password-based attacks.
+*Updated September 2019: We added a few new services to the list, including Bitwarden, Remember, and Myki. We also added a section to help you keep calm and carry on should your password manager turn out to have a security flaw.*
 
 *(Note: When you buy something using the retail links in our stories, we may earn a small affiliate commission. [Read more](https://www.wired.com/2015/11/affiliate-link-policy/) about how this works.)*
 
 ###Why Not Use Your Browser?
 
-Most web browsers offer at least a rudimentary password manager. (This where your passwords are stored when Chrome or Firefox ask if you'd like to save a password.) While this is better than reusing the same password everywhere, [browser-based password managers are limited](https://www.wired.com/2016/08/browser-password-manager-probably-isnt-enough/).
+Most web browsers offer at least a rudimentary password manager. (This where your passwords are stored when Chrome or Firefox ask if you'd like to save a password.) This is better than reusing the same password everywhere, but [browser-based password managers are limited](https://www.wired.com/2016/08/browser-password-manager-probably-isnt-enough/).
 
 The reason security experts recommend you use a dedicated password manager comes down to focus. Web browsers have other priorities that haven't left much time for improving their password manager. For instance, most of them won't generate strong passwords for you, leaving you right back at "123456." Dedicated password managers have a singular goal and have been adding helpful features for years now. Ideally, this leads to better security.
 
-###Password Manager Basics
-
-A good password manager stores, generates, and updates passwords for you with the press of a button. If you're willing to spend a few dollars a month, a password manager can sync your passwords across all your devices. Here's how they work.
-
-__Only One Password to Remember:__ To access all your passwords you only have to remember one password, which the password manager uses to unlock the vault containing your all your actual passwords. Only needing to remember one password is great, but it means there's a lot riding on that one password. Make sure it's a good one.
-
-If you're having trouble coming up with that one password to rule them all, check out our guide to [better password security](https://www.wired.com/2016/05/password-tips-experts/). You might also consider using the [Diceware](http://world.std.com/~reinhold/diceware.html) method to generate a strong master password.
-
-__Apps and Extensions:__ Most password managers are systems rather than a single thing. They consist of apps or browser extensions for each of your devices (Windows, Mac, Android phones, iPhone, and tablets), which have tools to help you create secure passwords, safely store them, and evaluate the security your existing passwords. All that information is then sent to a central server where your passwords are encrypted, stored, and shared between devices.
-
-__Fixing Compromised Passwords:__ While password managers can help you create more secure passwords and keep them safe from prying eyes, they can't protect your password if [the website itself is breached](https://www.wired.com/story/collection-one-breach-email-accounts-passwords/). That doesn't mean they don't help in this scenario though. All three of the cloud-based password managers below offer tools to alert you to potentially compromised passwords. Password managers also make it easier to quickly change a compromised password and search through your passwords to ensure you didn't reuse any compromised codes.
-
-__You Should Disable Auto Form Filling:__ Some password managers will automatically fill in and even submit web forms for you. This is super convenient, but for additional security we suggest you disable this feature. Automatically filling forms in the browser has made password managers [vulnerable to attack](https://www.wired.com/story/password-manager-autofill-ad-tech-privacy/) in the past. For this reason our favorite password manager, [1Password](https://1password.com/sign-up/){: rel=nofollow}, requires you to opt-in to this feature. We suggest you do not.
-
 ###Best Overall
 
 **[1Password](https://1password.com/sign-up/){: rel=nofollow}**
 
-
 [#image: /photos/5ce876e11dc26e34f63b885c]||||||
 
-
 1Password began life as a Apple-centric password solution, but it has since broadened its offerings to include iOS, Android, Windows, and ChromeOS. There's even a command line tool that will work anywhere. There are plugins for your favorite web browser too, which makes it easy to generate and edit new passwords on the fly.
 
-What sets 1Password apart from the rest is the number of extras it offers. In addition to managing passwords, it can [act as an authentication app](https://www.wired.com/story/two-factor-authentication-apps-authy-google-authenticator/) (like Google Authenticator), and, for added security, it adds a secret key to the encryption key it uses, meaning no one can decrypt your passwords without that key. (The downside is that if you lose this key, no one, even 1Password, can decrypt your passwords.)
+What sets 1Password apart from the rest is the number of extras it offers. In addition to managing passwords, it can [act as an authentication app](https://www.wired.com/story/two-factor-authentication-apps-authy-google-authenticator/) like Google Authenticator and, for added security, it creates a secret key to the encryption key it uses, meaning no one can decrypt your passwords without that key. (The downside is that if you lose this key, no one, not even 1Password, can decrypt your passwords.)
 
 Another reason 1Password offers the best experience is its tight integration with other mobile apps. Rather than needing to copy/paste passwords between your password manager and other apps, 1Password is integrated with many apps and can autofill. This is more noticeable on iOS, where inter-app communication is more restricted.
 
@@ -55,13 +36,29 @@ The other reason I like [1Password is "Travel Mode,"](https://www.wired.com/2017
 
 *After signing up, [download the app](https://1password.com/downloads/){: rel=nofollow} for Windows, MacOS, Android, iOS, ChromeOS, or Linux. There are also browser extensions for [Firefox, Chrome, and Edge](https://1password.com/downloads/#browsers){: rel=nofollow}.*
 
-###Runner Up
+###Best Free Option
 
-**[Dashlane](https://www.dashlane.com/plans){: rel=nofollow}**
+**[Bitwarden](https://bitwarden.com/){: rel=nofollow}**
 
+Bitwarden has become a popular choice among open source software advocates, and after using it for a few months I can see why. It's free with no limits, and it's every bit as polished and user-friendly as our top pick. Did I mention it's open source? 
 
-[#image: /photos/5ce876fe3c2fcc042d070e80]||||||
+The code that powers Bitwarden is freely available for anyone to inspect, find flaws, and fix them. In theory, the more eyes on the code, the more secure it becomes. Bitwarden has also been audited by a third party to ensure it's secure. Bitwarden can also be installed on your own server, for easy self-hosting if you prefer to run your own cloud. 
+
+There are apps for Android, iOS, Windows, MacOS, and Linux, as well as browser extensions for all major web browsers, plus less common options like Opera, Brave, and [Vivaldi](https://www.wired.com/story/try-vivaldi-browser-android-chrome/) (which all support Chrome extensions). 
+
+Another thing I like is BitWarden's semi-automated password fill-in tool. If you visit a site that you've saved credentials for, Bitwarden's browser icon shows the number of saved credentials from that site. Click the icon and it will ask which account you want to use and then automatically fill in the login form. This makes it easy to switch between usernames and avoids the pitfalls of autofill we mention at the bottom of this guide. If you simply must have your fully automated form filling, Bitwarden does support that as well.
+
+Bitwarden offers a paid upgrade account. The cheapest of the bunch, Bitwarden Premium is $10/year, which gets you 1 GB of encrypted file storage, two-factor authentication with devices like YubiKey, FIDO U2F, and Duo, and a password hygiene and vault health report. Paying also gets you priority customer support.
 
+**[Bitwarden is free](https://bitwarden.com/){: rel=nofollow}**
+
+*After signing up, [download the app](https://bitwarden.com/#download){: rel=nofollow} for Windows, MacOS, Android, iOS, or Linux. There are also browser extensions for [Firefox, Chrome, Safari, Edge, Vivaldi, and Brave](https://bitwarden.com/#download){: rel=nofollow}.*
+
+###Best Full-Featured Manager
+
+**[Dashlane](https://www.dashlane.com/plans){: rel=nofollow}**
+
+[#image: /photos/5ce876fe3c2fcc042d070e80]||||||
 
 I first encountered Dashlane several years ago. Back then it was the same as its competitors, but recent updates, especially Dashlane 6, have added several features not found elsewhere. One of the best features of Dashlane is what it calls Site Breach Alerts. Dashlane actively monitors the darker corners of the web, looking for leaked or stolen personal data, and then alerts you if your information is found.
 
@@ -75,52 +72,71 @@ Dashlane Premium costs $5 per month ($60 per year). There's also Premium Plus, w
 
 *After signing up, [grab the app](https://www.dashlane.com/download){: rel=nofollow} for Windows, MacOS, Android, iOS, or Linux. There are also browser extensions for [Firefox, Chrome, and Edge](https://www.dashlane.com/download){: rel=nofollow}.*
 
-###Best Free Option
+###Best DIY Option (Self Hosted)
 
-**[LastPass](https://www.lastpass.com/pricing){: rel=nofollow}**
+**[KeepassXC](https://keepassxc.org/download/){: rel=nofollow}**
 
+[#image: /photos/5ce8771de2751d04edfcf520]||||||
 
-[#image: /photos/5ce87750b2569847a06b2c11]||||||
+Want to retain more control over your data in the cloud? Try using a desktop application like KeePassXC. It stores encrypted versions of all your passwords into an encrypted digital vault that you secure with a master password, a key file, or both. The difference is that instead of a hosted service like 1Password syncing it for you, you sync that database file yourself using a file-syncing service like [Dropbox](https://www.dropbox.com/){: rel=nofollow} or Edward Snowden's [recommended service](https://techcrunch.com/2014/10/11/edward-snowden-new-yorker-festival/): [SpiderOak](https://spideroak.com/){: rel=nofollow}. Once your file is in the cloud you can access it on any device that has a KeePassXC client.
 
+Why do it yourself? In a word: transparency. Of all the solutions on this list, only KeepassXC is open source, which means its code can, and has, been inspected for critical flaws.
 
-LastPass is one of the most popular and well-known password managers out there. It works on nearly every platform and device available, and it is the only service we recommend that offers password syncing between devices on its free plan.
+**[KeePassXC is free to use](https://keepassxc.org/download/){: rel=nofollow}**
 
-Like 1Password and Dashlane, LastPass stores your credentials and other sensitive data encrypted on its server, and you access your data through apps or browser extensions. You can choose whether LastPass can autofill forms for you, alert you about potentially compromised accounts, or search your password vault for weak passwords. Lastpass also supports two-factor authentication.
+*Download the [desktop app](https://keepassxc.org/download/) for Windows, MacOS, or Linux and create your vault. There are also extensions for [Firefox](https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/){: rel=nofollow} and [Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk){: rel=nofollow}, but not Edge. It does not have official apps for your phone. Instead, the project recommends [Keepass2Android](https://play.google.com/store/apps/details?id=keepass2android.keepass2android){: rel=nofollow} or [Strongbox for iPhone](https://itunes.apple.com/us/app/strongbox-password-safe/id897283731){: rel=nofollow}.*
 
-The main drawback to LastPass is its mixed security track record. LastPass has had a number of [high-profile, critical bugs](https://www.wired.com/2015/06/hack-brief-password-manager-lastpass-got-breached-hard/) and some data breaches. Overall though, LastPass remains a good choice for those on a tight budget.
+###Best Cloudless, Phone-Based Solution
 
-Upgrading to Premium for $3 per month ($36 per year) adds support for two-factor options like YubiKey, 1 gigabyte of encrypted file storage, priority customer service, and emergency access. Emergency access lets you grant one-time access to your vault (including all of your passwords and other data) to another LastPass user. It's intended to give a loved one access to your data in the event you cannot. You set an access delay, which means that LastPass will let you know when the person attempts to access your information and you can decline the request. If you don't decline, LastPass will grant that person access to your account after the delay. 
+**[Myki](https://myki.com/){: rel=nofollow}**
 
-There is also a $4 per month ($48 per year) family plan for up to six users.
+Myki takes a very different approach to password management, using your device to sync instead of a cloud-based server. Everything starts on your phone. You set up your account via your device and then that syncs your passwords with Myki's browser extensions running on your desktop. The sync happens through Myki's relay servers, but no data is actually stored, it just passes through en route from your phone to the browser extension.
 
-**[LastPass is free to use (with optional paid plans)](https://www.lastpass.com/pricing){: rel=nofollow}**
+On the device, Myki eschews a master password, opting instead for a six-digit PIN or fingerprint to access the mobile app. All other approvals (like pair with your browser on a laptop) are approved through the mobile app. That means the only real way to compromise Myki is for an attacker to get your phone, unlock the phone, and then unlock your Myki with your fingerprint, which is pretty unlikely. 
 
-*After signing up, [grab the app](https://lastpass.com/misc_download2.php){: rel=nofollow} for Windows, MacOS, Android, iOS, or Linux. There are also browser extensions for [Firefox, Chrome, and Edge](https://lastpass.com/misc_download2.php){: rel=nofollow}.*
+The downside side to storing everything on your phone is that if you lose your phone, you're in real trouble. Even if no one else can access your data, you can't either. For that reason you'll want to regularly make an encrypted backup of your passwords, which you can do in the browser extensions.
 
-###Best DIY Option (Self Hosted)
+Myki started out aimed at the enterprise market and that initial focus on teams of users shows in features like the password sharing. Of all the apps tested, Myki is the easiest to share login info between accounts. The one flaw is when the user you've shared with uses that password in the browser extension. Because that relies on JavaScript, the person you've shared the password with could intercept the JavaScript and see your password. The company says it's working on a solution, but frankly, it's hard to see what that could be, since every service listed does the same thing.
 
-**[KeepassXC](https://keepassxc.org/download/){: rel=nofollow}**
+**[Myki is free to use (with optional paid plans)](https://myki.com/pricing){: rel=nofollow}**
 
+###Honorary Mentions
 
-[#image: /photos/5ce8771de2751d04edfcf520]||||||
 
+[#image: /photos/5ce87750b2569847a06b2c11]||||||
 
-Want to retain more control over your data in the cloud? Try using a desktop application like KeePassXC. It stores encrypted versions of all your passwords into an encrypted digital vault that you secure with a master password, a key file, or both. The difference is that instead of a hosted service like 1Password syncing it for you, you sync that database file yourself using a file-syncing service like [Dropbox](https://www.dropbox.com/){: rel=nofollow} or Edward Snowden's [recommended service](https://techcrunch.com/2014/10/11/edward-snowden-new-yorker-festival/): [SpiderOak](https://spideroak.com/){: rel=nofollow}. Once your file is in the cloud you can access it on any device that has a KeePassXC client.
+- **[LastPass](https://www.lastpass.com/pricing){: rel=nofollow}:** LastPass is one of the most popular and well-known password managers out there. It works on nearly every platform and device available. The main drawback is its mixed security track record. LastPass has had a number of [high-profile, critical bugs](https://www.wired.com/2015/06/hack-brief-password-manager-lastpass-got-breached-hard/) and some data breaches. Overall though, LastPass remains a good choice for those on a tight budget.
 
-Why do it yourself? In a word: transparency. Of all the solutions on this list, only KeepassXC is open source, which means its code can, and has, been inspected for critical flaws.
+- **[RememBear](https://www.remembear.com/){: rel=nofollow}:** RememBear does everything you'd expect of a password manager and it has bears. Password managers are possibly the most boring software on your device, plus just the idea of them is stressful to some people. RememBear counters this by entertaining with bear puns and smoothing out anxiety with its friendly, lovable bear mascot. 
 
-**[KeePassXC is free to use](https://keepassxc.org/download/){: rel=nofollow}**
+The downside to RememBear is that it's missing a few features advanced users might want, notably two-factor authentication (RememBear support 2FA for logging into sites, but not the app itself), and a password strength checker. For beginners though, RememBear has everything you need and a clever, approachable user interface. There's a free trial that will let you test the app, but the free plan doesn't sync. A premium account will set you back $36/year, and includes syncing with end-to-end encryption, secure backups, and priority customer service. Regrettably, premium does not include an actual bear.
 
-*Download the [desktop app](https://keepassxc.org/download/) for Windows, MacOS, or Linux and create your vault. There are also extensions for [Firefox](https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/){: rel=nofollow} and [Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk){: rel=nofollow}, but not Edge. It does not have official apps for your phone. Instead, the project recommends [Keepass2Android](https://play.google.com/store/apps/details?id=keepass2android.keepass2android){: rel=nofollow} or [Strongbox for iPhone](https://itunes.apple.com/us/app/strongbox-password-safe/id897283731){: rel=nofollow}.*
+- **[NordPass](https://nordpass.com/){: rel=nofollow}:** is a brand new password manager from the well-known VPN provider, [NordVPN](https://nordvpn.com/blog/nordpass-password-manager/){: rel=nofollow}. NordPass is in fact so new it doesn't exist yet, but given NordVPN's success, we're keeping a close eye on this one. We'll update this guide when it launches and we have a chance to test it..
+
+###Password Manager Basics
+
+A good password manager stores, generates, and updates passwords for you with the press of a button. If you're willing to spend a few dollars a month, a password manager can sync your passwords across all your devices. Here's how they work.
+
+__Only One Password to Remember:__ To access all your passwords you only have to remember one password, which the password manager uses to unlock the vault containing your all your actual passwords. Only needing to remember one password is great, but it means there's a lot riding on that one password. Make sure it's a good one.
+
+If you're having trouble coming up with that one password to rule them all, check out our guide to [better password security](https://www.wired.com/2016/05/password-tips-experts/). You might also consider using the [Diceware](http://world.std.com/~reinhold/diceware.html) method to generate a strong master password.
+
+__Apps and Extensions:__ Most password managers are systems rather than a single thing. They consist of apps or browser extensions for each of your devices (Windows, Mac, Android phones, iPhone, and tablets), which have tools to help you create secure passwords, safely store them, and evaluate the security your existing passwords. All that information is then sent to a central server where your passwords are encrypted, stored, and shared between devices.
+
+__Fixing Compromised Passwords:__ While password managers can help you create more secure passwords and keep them safe from prying eyes, they can't protect your password if [the website itself is breached](https://www.wired.com/story/collection-one-breach-email-accounts-passwords/). That doesn't mean they don't help in this scenario though. All three of the cloud-based password managers below offer tools to alert you to potentially compromised passwords. Password managers also make it easier to quickly change a compromised password and search through your passwords to ensure you didn't reuse any compromised codes.
+
+__You Should Disable Auto Form Filling:__ Some password managers will automatically fill in and even submit web forms for you. This is super convenient, but for additional security we suggest you disable this feature. Automatically filling forms in the browser has made password managers [vulnerable to attack](https://www.wired.com/story/password-manager-autofill-ad-tech-privacy/) in the past. For this reason our favorite password manager, [1Password](https://1password.com/sign-up/){: rel=nofollow}, requires you to opt-in to this feature. We suggest you do not.
+
+__Don't Panic:__ Software has bugs, even your password manager. The question is not what do you do *if* your password manager discovers a flaw, but what do you do *when* your password manager discovers a flaw. The answer is, first, don't panic. Normally bugs are [found](https://www.wired.com/story/a-password-exposing-bug-was-purged-from-lastpass/), reported, and fixed before they're exploited in the wild. Even if someone does manage to gain access to your password manager's servers, you should still be fine. All of the services below only store encrypted data and none of them store your encryption key, meaning all an attacker gets from compromising their servers is encrypted data.
 
 Correction on May 28: Edited to clarify that two-factor authentication is part of all Lastpass options.
 
 ***
 ### More Great WIRED Stories
-* A dystopian vision of the future: [toxic but candy sweet](https://www.wired.com/story/dystopian-future-photo-gallery/?itm_campaign=BottomRelatedStories_Sections_5)
-* Can a test tell you which pills to pop [with just a prick](https://www.wired.com/story/baze-vitamins-review/?itm_campaign=BottomRelatedStories_Sections_5)?
-* What the [college scandal shallowfakes](https://www.wired.com/story/college-scandal-shallowfakes-reveal-about-the-rich/?itm_campaign=BottomRelatedStories_Sections_5) say about the rich
-* Melinda Gates to tech: [Wake up to women's empowerment](https://www.wired.com/story/melinda-gates-tech-women-empowerment/?itm_campaign=BottomRelatedStories_Sections_5)
-* My wild ride in [a robot race car](https://www.wired.com/story/my-wild-ride-in-robot-race-car/?itm_campaign=BottomRelatedStories_Sections_5)
-* 🎧 Things not sounding right? Check out our favorite [wireless headphones](https://www.wired.com/gallery/best-wireless-headphones/?itm_campaign=BottomRelatedStories), [soundbars](https://www.wired.com/gallery/best-soundbars/?itm_campaign=BottomRelatedStories), and [bluetooth speakers](https://www.wired.com/gallery/best-bluetooth-speakers/?itm_campaign=BottomRelatedStories)
-* 📩 Want more? [Sign up for our daily newsletter](https://www.wired.com/newsletter/?name=daily&sourceCode=BottomStories) and never miss our latest and greatest stories
+* An exclusive look inside [Apple’s A13 bionic chip](https://www.wired.com/story/apple-a13-bionic-chip-iphone/?itm_campaign=BottomRelatedStories_Sections_5)
+* WIRED's 13 [must-read books for fall](https://www.wired.com/story/2019-fall-book-list/?itm_campaign=BottomRelatedStories_Sections_5)
+* New clues show how Russia’s grid hackers [aimed for physical destruction](https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/?itm_campaign=BottomRelatedStories_Sections_5)
+* The unbuilt streets of [California's ghost metropolis](https://www.wired.com/story/california-ghost-metropolis-gallery/?itm_campaign=BottomRelatedStories_Sections_5)
+* One scientist's quest to bring [DNA sequencing](https://www.wired.com/story/one-scientists-quest-to-bring-dna-sequencing-to-every-sick-kid/?itm_campaign=BottomRelatedStories_Sections_5) to every sick kid
+* 👁 [How do machines learn](https://www.wired.com/story/how-we-learn-machine-learning-human-teachers/?itm_campaign=BottomRelatedStories_Sections_5)? Plus, read the [latest news on artificial intelligence](https://www.wired.com/category/business/artificial-intelligence/?itm_campaign=BottomRelatedStories_Sections_5)
+* 🎧 Things not sounding right? Check out our favorite [wireless headphones](https://www.wired.com/gallery/best-wireless-headphones/?itm_campaign=BottomRelatedStories), [soundbars](https://www.wired.com/gallery/best-soundbars/?itm_campaign=BottomRelatedStories), and [Bluetooth speakers](https://www.wired.com/gallery/best-bluetooth-speakers/?itm_campaign=BottomRelatedStories)