Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/30/2013
12:48 PM
Dino Londis
Dino Londis
Slideshows
100%
0%

10 Top Password Managers

Tired of being stuck in password hell? Consider these password managers that balance security with convenience.
Previous
2 of 11
Next


LastPass is often the first name mentioned when people discuss password managers. Founded in April 2008, when the major contenders in end-user password management were RoboForm, 1Password and KeePass, LastPass works on virtually every operating system. On the desktop, it installs on the browser as an extension, so you might need to provide explicit permission to let it run.

LastPass automatically fills out forms, allows for import and export, and permits sharing of passwords through the Internet (a better alternative than using plain text email, which is insecure). It also lets you create and keep simple notes, generate complex passwords, and create a USB key using Google Authenticator Support.

The premium version of LastPass costs $12 a year, which buys you mobile support even for WebOS. You also get multi-factor authentication via YubiKey, which you use like a USB thumb drive. LastPass also offers a credit monitoring service that will send email alerts when your credit report is modified.

Finally, LastPass for Android has a custom input method that automatically fills in your username and password when you log into apps such as Facebook.

Price: Free for desktop, $12/year for mobile

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords

Previous
2 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
<<   <   Page 5 / 5
HonzaD206
50%
50%
HonzaD206,
User Rank: Apprentice
1/7/2015 | 4:16:03 PM
Enterprise password manager
All of those are personal password managers, but what if you need to securely share passwords with somebody else?? Within the team?? Try Vaultier.org. It is server based encrypted storage. BTW... there is free community version available.
Andre RobertoD871
50%
50%
Andre RobertoD871,
User Rank: Apprentice
7/16/2015 | 7:57:21 PM
A different approach to a Password Manager
Hi guys, there is a password manager called Ninja Password (ninjapassword.com) that is very different from everything else out there because it actually does not store your passwords anywhere. What it does instead is generate your password on the fly whenever you need it based on an hashing algorithm that takes into account the the websites domain, a personal PIN number and a random user ID that it generates. If you use that same user ID in other devices it will sync your settings and list of websites for you, which in handy these days. The catch is that you cannot choose your own password but stick with the one it generates for you. You can setup the strength of your password (length, use of special chars, etc.), but that's it. Now, the most awesome thing about it is that it has no registration, no e-mails, no names, no addresses, no credit cards, nothing. It is completely private.
Ray James
50%
50%
Ray James,
User Rank: Apprentice
11/2/2015 | 9:24:38 AM
Thank you
Thank you for suggesting these top 10 password managers, it's always interesting to see what is available on the market and comparing this to what I use. Password management and security is such a complex issue and needs a critical approach. I've been using Nervepoint Access Manager which is brilliant, and recently they launched single sign on via their partner Hypersocket. I have been using this combined, a password reset service with single sign on. Definitely worth a try. 
ms70_300
50%
50%
ms70_300,
User Rank: Apprentice
8/16/2017 | 11:57:59 AM
Do you have any updates?
I've been looking for password managers for Windows 10 and come across a few including new ones like #1 Password Manager (https://www.microsoft.com/store/apps/9n0cqdt7zwqv)

Does it look good to you?

Thank you
<<   <   Page 5 / 5
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27605
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a &quot;schwache Sandbox.&quot;
CVE-2020-27606
PUBLISHED: 2020-10-21
BigBlueButton before 2.2.8 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2020-27607
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or tr...
CVE-2020-27608
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
CVE-2020-27609
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.