Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/30/2013
12:48 PM
Dino Londis
Dino Londis
Slideshows
100%
0%

10 Top Password Managers

Tired of being stuck in password hell? Consider these password managers that balance security with convenience.
Previous
1 of 11
Next


In 2011, IBM predictedthat in five years we will not be using passwords to access secure resources such as ATMs and PCs. Instead of entering a PIN or typing a username and password into a PC, we will simply look into a camera or speak a name into a microphone, because our eyes and voices are unique, IBM says.

[Super-strong unique passwords are pointless! Join Dark Reading Radio on Wednesday, Sep. 17, 2014 at 1 p.m. ET for a grown-up conversation about passwords with Cormac Herley of Microsoft Research.]

Biometric recognition replaces the entry point for what password managers are already doing today. Companies such as RoboForm and LastPass provide a platform that requires only one complex password to access your secure websites, credit card information and even documents that you keep inside an encrypted database. Depending on the platform, the database could be stored locally, on the company's servers or even in Dropbox.

Some password managers use browser extensions that keep your data in a local profile, syncing with a cloud server. Because the data is encrypted and transferred through a secure connection, you can be reasonably confident that your data is safe.

Other password managers keep your data on a thumb drive you carry around from computer to computer. With this approach you always know where your data is -- as long as you don't leave it in a PC and walk away.

Some products are free and charge for a mobile premium; others are subscription-based or charge single flat fee. One product, Dashlane, rewards you when you use its service by awarding points you can use to earn discounts on future purchases.

Some password managers offer two-factor authentication, requiring a smartcard as well as your password to log in. With this type of two-factor authentication, even if your password is decrypted, hackers still can't access your account -- but neither can you, if you don't have your smartcard. That's why this type of authentication is usually offered as an option; most customers prefer a less-strict password management service.

All password managers do have one thing in common: They require you to remember one complex password. But complex should not mean hard to remember; it could be a sentence, for example. If you forget your master password, after all, you can't access your data -- and since the company that developed your password manager doesn't have it, you'll have to reset all your passwords and start over.

Password managers also generate complex passwords, provide import and export tools, allow for simple notes and automatically complete online forms for more efficient online checkout. Here are 10 password manager tools worth considering.

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 4 / 5   >   >>
pwndecaf
50%
50%
pwndecaf,
User Rank: Apprentice
5/6/2013 | 1:51:57 PM
re: 10 Top Password Managers
I'm sick of reading asinine complaints about slide shows whenever one is posted.
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
5/3/2013 | 7:37:09 PM
re: 10 Top Password Managers
Thank you for chiming in! Laurianne
SkyRanger
50%
50%
SkyRanger,
User Rank: Apprentice
5/3/2013 | 12:25:04 PM
re: 10 Top Password Managers
Laurianne, InformationWeek rocks! Keep up the great work as you are very relevant for me (format and all) and one of my favorites websites worth visiting in my very busy life. Thanks, SkyRanger
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
5/2/2013 | 6:31:46 PM
re: 10 Top Password Managers
Hi Leo. As Editor in Chief of InformationWeek, I work hard to please our readers. Right here, we are having a useful, critical discussion about password tools -- even getting additional ideas for readers, from readers. That is the sort of discussion I love to see.

I value honest feedback on what we are doing right and wrong, as well. Not sure what you are referencing re. New Year's resolutions -- mine involved exercise.

Many of our readers tell us they like apps/tools slideshows because they offer a convenient package of links along with guidance, in a digestible format. I am sorry you don't like slideshows, and to be honest, you're not alone. Some people do not care for the slideshow format. I can respect that. I don't like every dish at my favorite restaurant. I hope you will find other content that is appealing and valuable to you on our site.

Laurianne McLaughlin
InformationWeek
Leo Regulus
50%
50%
Leo Regulus,
User Rank: Apprentice
5/2/2013 | 3:56:04 PM
re: 10 Top Password Managers
Really, really, really GROSS.

It is now the second quarter of the new year.

Information Week only had one important New Year's Resolution this year. '"No Slide Show Articles with out a prominent 'View-as-one-page' link." How's that working out for you so far?

On my side of the fence, as Client/customer, You aren't doing well at all. Nearly every issue, you violate me with one of your Slide Show articles.

Please, re-examine your priorities. You do know how to do it - 'View as Single Page' link. It just isn't that hard and speaks volumes about your respect and concern for your Client / Customers.

Also, when I have to skip articles, I do not get to see your advertisers' messages.
SkyRanger
50%
50%
SkyRanger,
User Rank: Apprentice
5/2/2013 | 12:07:47 PM
re: 10 Top Password Managers
Keepass is a nice tool for the freebie seekers. However, it lacks in features compared to RoboForm. I couldn't be happier with my purchase. Great for PC's or thumb drive users. I use the thumb drive at work AND nothing is installed on the PC (leaves no trace). Feature rich: biometric fingerprint authentication, Microsoft document login, popup login, secure notes, secure contacts, etc.
~ I first encrypt the thumbdrive (password protected to unlock the drive). Once I launch the app from the thumbdrive (it integrates with Firefox, Chrome, Opera or Explorer), I have to enter a password one more time from the browser before it will allow me to use it. It can also timeout if you forget to retrieve it at the end of the day.
I also selected to sync the passwords using the online RoboForm server but you can just as easily make the default as the thumbdrive or the one installed at home on your browser.
beergas
50%
50%
beergas,
User Rank: Apprentice
5/2/2013 | 1:31:05 AM
re: 10 Top Password Managers
LastPass still my fave. Works w/ most sites, free, unlimited. lots options. Win 8 x64 Pro in both modes.
RB
50%
50%
RB,
User Rank: Apprentice
5/2/2013 | 12:14:57 AM
re: 10 Top Password Managers
I don't understand why eWallet did not make your list. It has excellent support and runs on Windows, Mac OS, Android, IOS, Windows Phone and Blackberry. All data is DES encrypted. Syncing can be done via USB internal WIFI home network or via the cloud,
ShawnHa
50%
50%
ShawnHa,
User Rank: Apprentice
5/1/2013 | 10:15:18 PM
re: 10 Top Password Managers
I haven't been successful at finding a Password safe for multi-roles & multi-users :(
For example local admin password for PC is stored with Service Desk, Infrastructure & Apps Support roles all having access to the password. The SQL server's password is accessible to Infra & Apps but not SD. Citrix is only accessible to Infra....and the IT Manager has God-access to all.
Is there non-web-based software with these features out there??
stevew928
50%
50%
stevew928,
User Rank: Strategist
5/1/2013 | 8:18:56 PM
re: 10 Top Password Managers
I think you forgot one of the best and oldest, Password Wallet by Selznick. I've been using it since my Palm Pilot days. I think there is a version for just about every platform and it has quite a few sync options.
<<   <   Page 4 / 5   >   >>
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6852
PUBLISHED: 2019-11-20
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
CVE-2019-6853
PUBLISHED: 2019-11-20
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
CVE-2013-2092
PUBLISHED: 2019-11-20
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php.
CVE-2013-2093
PUBLISHED: 2019-11-20
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
CVE-2015-3166
PUBLISHED: 2019-11-20
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as d...