Password Safes

Information Security Guideline

1. Introduction

  • 1.1 Password Safes (or Password Managers) are computer applications that provide a secure place to store and access the passphrases/passwords for different login environments. Password Safes are simple to use because they can be accessed with a single master passphrase/password.
  • 1.1 This guideline has been issued by the Chief Information Officer to supplement the Passphrase and Password Protection standard. Compliance with this guideline is recommended, but not mandatory. Questions about this guideline may be referred to information.security@ubc.ca.

2. Master Passphrases/Passwords

  • 2.1 The master passphrase/password used to protect the Password Safe must be strong; otherwise the security of the safe and all of its contents are at risk. Refer to the Passphrase and Password Protection standard for information on how to design a secure passphrase/password.
  • 2.2 The master passphrase/password must be changed at least annually.
  • 2.3 Users are responsible for remembering the master passphrase/password. If it is lost or forgotten, UBC cannot recover or bypass it.

3. Types of Password Safes

  • 3.1 Picking a Password Safe can be tricky. Here is a summary of the available options:

    §TypeDescriptionNotes
    3.1.1StandaloneThese are installed on the desktop or on your mobile device as an application.With these services, the data is accessible no matter if an internet connection is available or not. However, if the device is lost or the database corrupted, then the only way to recover the data will be through a backup copy.
    3.1.2Web-basedThese are accessible through a web browser and are stored online as part of a cloud service.With these services, the data is not susceptible to database corruption or loss of the device. However if the site is inaccessible or no Internet connection is available, then the passwords will not be accessible.
    3.1.3Web Browser-basedMost web browsers have the ability to “Remember this password” for secure login sites.Using these services is not recommended. Browsers are subject to constant attack and there are known vulnerabilities that can expose passwords stored in browsers. Many password safes now offer to import the browser passwords lists.
    3.1.4MixedNewer services offer a dual environment, with device-based apps that are synched to the cloud.These combine the benefits of standalone and web-based systems.

4. Current Leading Password Safes

  • 4.1 Below are some of the industry-leading/popular products. For departmental/faculty use of a password manager, a Privacy Impact Assessment (PIA) must be completed prior to use. A PIA is not required for personal use.

    §NameDescriptionMore Information
    4.1.11PasswordApps for Mac, iOS, Windows, Android, and web A password manager, digital vault, random password generator, form filler and secure digital wallet. 1Password remembers all your passwords for you, and keeps you safe behind the one password that only you know. Monthly fee.1Password Tour
    Type: Web-based 
    Encryption: AES-256
    4.1.2BitwardenAvailable for Windows, macOS and Linux, as well as iOS and Android mobile operating systems An open source password manager and secure password generator that includes secure data transmission and unlimited vault items and devices. Free for personal use, with paid premium subscription features such as advanced MFA options, security reports and password sharing for families. Business plans for team and enterprise use (including a self-host option) are also available.Bitwarden website
    Type: Mixed 
    Encryption: AES-256
    4.1.3DashlaneAvailable for Windows, Mac, Linux, Chromebook, iOS and Android, with web extensions for Chrome, IE, Edge, Firefox, Safari, Opera, Linux and Chromebook. Add or import passwords, or save them as you browse the web. Supports autofill and face ID. A premium subscription service is available that includes unlimited device sync, automatic backup, secure sharing and universal two-factor authentication support.Dashlane Features
    Type: Mixed 
    Encryption: AES-256
    4.1.4KeePassAvailable for Windows, Mac OS X and Linux, as well as iOS, Android, Windows and BlackBerry mobile operating systems. A popular open-source, cross-platform, desktop-based password manager. It stores all passwords in a single database (or a single file) that is protected and locked with one master key. The database can be stored on a cloud drive (e.g. Workspace), which is then accessible across multiple devices.KeePass Help Center
    Type: Standalone. Can be used as Mixed. 
    Encryption: AES-256
    4.1.5RoboFormAvailable for Windows, Mac, iOS, and Android. Another password manager, as well as a tool to automatically fill in online forms. RoboForm stores information locally, rather than in the cloud. A subscription service is available, RoboForm Everywhere, which will upload a User's data to the cloud and make it available across multiple platforms.RoboForm Tutorials
    Type: Standalone. Can be upgraded to Mixed. 
    Encryption: AES-256

Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems

Passphrase and Password Protection standard

Setting up a password manager

Guideline Last Revised: 2023-01

Page last updated on January 26, 2026

Office of the CIO

6356 Agricultural Road
Vancouver, BC Canada
V6T 1Z2
604 822 3634
E-mail ubc.cio@ubc.ca

Related Sites

Need Help?

Urgent Message An exclamation mark in a speech bubble. Bluesky The logo for the Bluesky social media service. Bookmark A bookmark in a book. Browser A web browser window. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Time A clock. Chats Two speech clouds. E-commerce Cart A shopping cart. Facebook The logo for the Facebook social media service. Help A question mark in a circle. Home A house in silhouette. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Locked A locked padlock. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Pencil A pencil indicating that this is editable. Telephone An antique telephone. Play A media play button. Plus A plus symbol indicating more or the ability to add. Print A printer pushing out a piece of paper. Search A magnifying glass. Settings A single gear. Arrow indicating share action A directional arrow. Speech Bubble A speech bubble. Star An outline of a star. Twitter / X The logo for the X (aka, Twitter) social media service. User A silhouette of a person. Vimeo The logo for the Vimeo video sharing service. Youtube The logo for the YouTube video sharing service.