Risk
4/30/2013
12:48 PM
Dino Londis
Dino Londis
Slideshows

10 Top Password Managers

Tired of being stuck in password hell? Consider these password managers that balance security with convenience.




In 2011, IBM predictedthat in five years we will not be using passwords to access secure resources such as ATMs and PCs. Instead of entering a PIN or typing a username and password into a PC, we will simply look into a camera or speak a name into a microphone, because our eyes and voices are unique, IBM says.

[Super-strong unique passwords are pointless! Join Dark Reading Radio on Wednesday, Sep. 17, 2014 at 1 p.m. ET for a grown-up conversation about passwords with Cormac Herley of Microsoft Research.]

Biometric recognition replaces the entry point for what password managers are already doing today. Companies such as RoboForm and LastPass provide a platform that requires only one complex password to access your secure websites, credit card information and even documents that you keep inside an encrypted database. Depending on the platform, the database could be stored locally, on the company's servers or even in Dropbox.

Some password managers use browser extensions that keep your data in a local profile, syncing with a cloud server. Because the data is encrypted and transferred through a secure connection, you can be reasonably confident that your data is safe.

Other password managers keep your data on a thumb drive you carry around from computer to computer. With this approach you always know where your data is -- as long as you don't leave it in a PC and walk away.

Some products are free and charge for a mobile premium; others are subscription-based or charge single flat fee. One product, Dashlane, rewards you when you use its service by awarding points you can use to earn discounts on future purchases.

Some password managers offer two-factor authentication, requiring a smartcard as well as your password to log in. With this type of two-factor authentication, even if your password is decrypted, hackers still can't access your account -- but neither can you, if you don't have your smartcard. That's why this type of authentication is usually offered as an option; most customers prefer a less-strict password management service.

All password managers do have one thing in common: They require you to remember one complex password. But complex should not mean hard to remember; it could be a sentence, for example. If you forget your master password, after all, you can't access your data -- and since the company that developed your password manager doesn't have it, you'll have to reset all your passwords and start over.

Password managers also generate complex passwords, provide import and export tools, allow for simple notes and automatically complete online forms for more efficient online checkout. Here are 10 password manager tools worth considering.




LastPass is often the first name mentioned when people discuss password managers. Founded in April 2008, when the major contenders in end-user password management were RoboForm, 1Password and KeePass, LastPass works on virtually every operating system. On the desktop, it installs on the browser as an extension, so you might need to provide explicit permission to let it run.

LastPass automatically fills out forms, allows for import and export, and permits sharing of passwords through the Internet (a better alternative than using plain text email, which is insecure). It also lets you create and keep simple notes, generate complex passwords, and create a USB key using Google Authenticator Support.

The premium version of LastPass costs $12 a year, which buys you mobile support even for WebOS. You also get multi-factor authentication via YubiKey, which you use like a USB thumb drive. LastPass also offers a credit monitoring service that will send email alerts when your credit report is modified.

Finally, LastPass for Android has a custom input method that automatically fills in your username and password when you log into apps such as Facebook.

Price: Free for desktop, $12/year for mobile

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords




Password Genie extends beyond passwords and PINs, serving as an information management app -- especially for travelers.

"[Password Genie] serves as a mobile vault for people's personal information, from passwords and websites to insurance cards, frequent flyer information and hotel/rental car numbers," said Edward K. Barrett, VP of marketing and communications for Password Genie. "People need this information accessible from everywhere they go."

There isn't a basic version of the software -- Password Genie customers get full access to all the features. The app stores passwords and personal information so you can use auto-form fill functions to easily open secure websites. Password Genie also provides space to store personal information such as PINs, credit card information and even birthday reminders.

Password Genie is a mobile-first platform, but it does offer integration with a desktop client.

Price: $19.95/year (free 30-day trial)

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords


SplashID bills itself as the best-selling password manager, with more than one million users. Focusing on mobile, SplashID Safe supports virtually all mobile OSes: Blackberry, Android, iOS, Windows Phone, WebOS and PalmOS. It also has a client for Windows and Mac.

SplashID Safe operates differently than the browser-based plugins, requiring no installation at all. Rather, SplashData sends you a $29.95 4-GB key-shaped USB device. Simply plug the key into any computer, enter your password and SplashID Safe will launch your data. The app securely stores your usernames, passwords, account numbers, and any records you need to remember and keep secure.

The desktop and mobile versions of SplashID Safe are sold separately (you don't need to have both), and the two versions sync with each other.

Price: $19.95 for desktop, $9.95 for mobile

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords


If each password manager addresses a particular user pet peeve, Roboform's is the tedious process of entering usernames, passwords and other information to log into websites and fill out forms. RoboForm securely stores passwords, credit card and personal information on your computer only; it does not transfer data to the cloud. The app allows for multiple profiles -- handy for families and household use -- as well as alternate addresses and even pseudonyms.

The entry-level version of RoboForm is not subscription-based, while RoboForm Everywhere starts at $9.95 annually, which lets you run RoboForm on any number of computers. RoboForm2Go, an encrypted USB drive, can be used on up to three USB keys.

Price: RoboForm Desktop: $29.95 (free 30-day trial)

RoboForm Everywhere: $9.95 first year, $19.95 subsequent years

RoboForm2Go: $39.95

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords




Dashlane -- which promises instant logins and checkouts -- earned a place in Popular Science's "Best of What's New in 2012."

Offering many features that extend beyond password management, Dashlane incorporates social into its product by use of a points system that rewards you for securing passwords or storing online receipts. You can then use the points to unlock premium features, get free iOS apps and more.

Dashlane facilitates online shopping through use of easy-to-understand color-coded information, enabling users to complete online transactions by clicking a few tabs.

The basic version offers all the features of premium, but with limited support, a limited number of notes, and no mobile help. The premium account also includes all future premium features. Version 1.6 introduced Dashlane Courier, a secure way to transfer confidential data.

Dashlane is available for Windows, Mac, iPhone and Android.

Price:$4.99/month or $39.99/year

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords


Security Everywhere, made by mSeven Software, is a sync and security architecture that integrates with third-party cloud storage services. Currently it integrates only with Dropbox, but according to the company's website, support for iCloud is in development and other cloud systems are under consideration.

Security Everywhere uses industry-standard 256-bit Blowfish encryption, 256-bit SHA password hash, file compression and enforcement of minimum sync passwords to keep data safe even if your Dropbox account is compromised.

mSecure's password manager comes with 17 standard templates for Web logins, credit cards, email accounts and frequent flyer numbers. You can also create custom templates with an unlimited number of fields. The app allows you to categorize records into groups and mark favorite records for fast access.

On mobile devices, you can auto-lock the screen after a set time and set the self-destruct feature to wipe data after a set number of incorrect password attempts. You can also share records via email, SMS or clipboard, and auto-backup encrypted data to an SD card.

The password generator creates stronger passwords that include symbols, upper- and lower-case, alpha-numeric combinations and more.

mSecure runs on Windows Mac OS iOS and Android.

Price:

Desktop: $19.99

Android and iOS: $9.99

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords


KeePass, the only open-source app on our list, is a password manager for users who know their way around a PC. For example, when you install KeePass, a wizard asks you where you want to store your database. KeePass makes that database easily portable -- you can transfer it to a USB drive and connect to another PC. AES and 256-bit Blowfish encryption provide reasonable assurance that your data won't be compromised if the drive is lost or stolen. You can also keep it in the cloud provider of your choice. The mobile and desktop apps synchronize directly to Dropbox or Google Drive.

KeePass is lightweight -- it doesn't store file entries, registry keys or INI files on your PC, and it even clears the clipboard on exit when the enhanced clipboard protection option is enabled. KeePass is OSI-certified.

Open-source software for a password manager has pros and cons. On the plus side, it lets savvy users check the code to ensure the software performs as advertised and there are no backdoors. This is good for coders who like to tweak a setting or two; for example, choosing different encryption algorithms. On the other hand, granular features are not necessarily what most users want in a password manager.

KeePass is available for Windows, Mac OS X, PocketPC and Smart Devices, Windows Phone 7, iPhone/iPad, Android, BlackBerry, and Palm OS.

Price: Free (donations accepted)

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords


DirectPass, one of several security products from Trend Micro, includes the same features most password managers offer, and one the others don't: a single master password. It also provides password generation, a 256-bit AES encrypted form filler, encrypted secure notes and browser integration. Also bundled with DirectPass is a feature called Secure Browser, which is designed for online banking and financial websites.

DirectPass is available for Windows, Android and iOS.

Price: All features are free for five passwords; for unlimited passwords $9.95/year or $16.95/2 years

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords


Well-known security tool vendor Norton offers Identity Safe. Along with standard features such as support for multiple browsers, iOS and Android support, a form filler and unlimited notes, Identity Safe includes Safe Web, a browser extension that alerts you when a site might not be what it appears to be.

Norton Identity Safe is a free download, with no premium upgrade, but you'll need to link it to a new or existing Norton account.

Price: Free for desktop, iOS and Android

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords




MyLOK+ provides two-factor authentication out of the box. It does not store data in the cloud or on the PC, nor does it modify any files on the PC. The fully encrypted USB drive serves as a repository for any document format. Once you've set a master password, MyLOK+ remembers the usernames and passwords for all your websites.

MyLOK+ is available for both Windows and Mac and offers features such as a random password generator, auto-login, browser plugins, an automatic form filler and more.

One caveat: If you do not have your MyLOK+ device, you will need to know your username and password to access your sites. That means that if you use the password generator to create a random alpha-numeric string and then forget the device at home, you're essentially locked out unless you reset your passwords. Another concern for USB devices in corporate environments is that many organizations lock down USB drives in order to control and protect their intellectual property and to protect against viruses.

Price: $189

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 4   >   >>
SirDude
50%
50%
SirDude,
User Rank: Apprentice
8/31/2014 | 4:18:29 PM
sumbled upon...
Using Stumble upon I found this article... right after I found Password Locker @  pwlocker[dot]com

hit the back button to share. Trying it now, seems like it's missing some mobile functionality, but they're updating it all the time. I found their twitter handle @pwlocker and follow it for updates.

Going to give it 10 days or so as the password lists and funcitonality is pretty cool, but may close it out after that if I don't see some improvements with the mobile stuff (works well on smartphones, i'd just like to see some remembering of whom I am - have to repeat logging in over and over - although it's intergrated with Facebook, so i just log in with my FB credentials).

my 2 cents.
Jones201411
100%
0%
Jones201411,
User Rank: Apprentice
6/21/2014 | 10:59:08 PM
Recommended password manager
If you are looking for a password manager that works everywhere without installation, try "Intuitive Password" password manager. I use it all the time.
anon0241197450
50%
50%
anon0241197450,
User Rank: Apprentice
6/20/2014 | 10:35:40 AM
re: 10 Top Password Managers
I agree with you @juergenvogel19. Everybody has their own "fav password manager". For me, it will always be Password Depot. It is one of the best password managers out there. It provides best security features at an affordable cost Apart from that, it also provides other options to manage my personal data such as credit card, debit card, TAN lists etc.,. I think this piece of software deserves to be on the best password managers list. 
Markus5
50%
50%
Markus5,
User Rank: Apprentice
5/12/2014 | 5:09:55 AM
Re: Password Manager & Safe
Yes, I miss Sticky Password too in this comparison. I use them for many years.
steve82
100%
0%
steve82,
User Rank: Apprentice
5/8/2014 | 1:07:09 AM
Try "Intuitive Password" online password manager
You may try an alternative online password manager "Intuitive Password". It securely stores your passwords in the cloud, and be able to access/view them on all devices. It's free and you don't need to install any plugin to use it.
sohern
100%
0%
sohern,
User Rank: Apprentice
4/20/2014 | 11:04:06 PM
re: 10 Top Password Managers
Keyfob is another great password manager that deserves to be on this list. They have apps for Windows desktop and Windows Phone 8. They also have a web app at keyfobapp.com in case you are away from your phone and computer. It's great for storing not only passwords, but any type of sensitive information, including security questions for websites, PIN numbers, etc. There is also a password generator to help you create strong passwords for your accounts. The desktop version does password auto-fill, which is a huge timesaver.
juergenvogel19
50%
50%
juergenvogel19,
User Rank: Apprentice
3/27/2014 | 8:10:54 AM
re: 10 Top Password Managers
Password Depot deserves to be on top 10 list of password managers. I have been using it since a very long time now and it works great! I wonder why it was not included in this list. It provides so many features such as Security, Easy to Use, Easy to Understand, Clear Interface, Easy Pasword Generation, Facility to save personal Info, Super customer service, not only does it Import password list from other formats but also imports TAN lists...etc., I can go on and on about this tool because its a fantastic tool providing many features one can imagine. 

I think this link can explain much better about the features I mentioned above --> http://www.password-depot.com/overview.htm

 

 

 
spazonymous
50%
50%
spazonymous,
User Rank: Apprentice
3/20/2014 | 2:06:02 AM
This article
LOL at the ELEVEN pages it took to write this article. You think I'm gonna click on 11 pages just to see a top 10 list of password managers? FFS, just put the article on ONE page. Won't be back.
John2014
100%
0%
John2014,
User Rank: Apprentice
3/13/2014 | 10:15:40 PM
An alternative password manager
Try "Intuitive Password". It's a comprehensive online password manager that meets your needs. There is a free version available.
anon9786219702
50%
50%
anon9786219702,
User Rank: Apprentice
2/19/2014 | 1:28:52 AM
re: 10 Top Password Managers
Thanks for your recommendation, Efficient Password Manager is really an excellent program! You deserve to own! http://www.efficientsoftware.net/passwordmanager/
Page 1 / 4   >   >>
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2382
Published: 2014-11-20
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.

CVE-2014-3625
Published: 2014-11-20
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVE-2014-8387
Published: 2014-11-20
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.

CVE-2014-8493
Published: 2014-11-20
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.

CVE-2014-8767
Published: 2014-11-20
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?