Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/30/2013
12:48 PM
Dino Londis
Dino Londis
Slideshows
100%
0%

10 Top Password Managers

Tired of being stuck in password hell? Consider these password managers that balance security with convenience.
Previous
1 of 11
Next


In 2011, IBM predictedthat in five years we will not be using passwords to access secure resources such as ATMs and PCs. Instead of entering a PIN or typing a username and password into a PC, we will simply look into a camera or speak a name into a microphone, because our eyes and voices are unique, IBM says.

[Super-strong unique passwords are pointless! Join Dark Reading Radio on Wednesday, Sep. 17, 2014 at 1 p.m. ET for a grown-up conversation about passwords with Cormac Herley of Microsoft Research.]

Biometric recognition replaces the entry point for what password managers are already doing today. Companies such as RoboForm and LastPass provide a platform that requires only one complex password to access your secure websites, credit card information and even documents that you keep inside an encrypted database. Depending on the platform, the database could be stored locally, on the company's servers or even in Dropbox.

Some password managers use browser extensions that keep your data in a local profile, syncing with a cloud server. Because the data is encrypted and transferred through a secure connection, you can be reasonably confident that your data is safe.

Other password managers keep your data on a thumb drive you carry around from computer to computer. With this approach you always know where your data is -- as long as you don't leave it in a PC and walk away.

Some products are free and charge for a mobile premium; others are subscription-based or charge single flat fee. One product, Dashlane, rewards you when you use its service by awarding points you can use to earn discounts on future purchases.

Some password managers offer two-factor authentication, requiring a smartcard as well as your password to log in. With this type of two-factor authentication, even if your password is decrypted, hackers still can't access your account -- but neither can you, if you don't have your smartcard. That's why this type of authentication is usually offered as an option; most customers prefer a less-strict password management service.

All password managers do have one thing in common: They require you to remember one complex password. But complex should not mean hard to remember; it could be a sentence, for example. If you forget your master password, after all, you can't access your data -- and since the company that developed your password manager doesn't have it, you'll have to reset all your passwords and start over.

Password managers also generate complex passwords, provide import and export tools, allow for simple notes and automatically complete online forms for more efficient online checkout. Here are 10 password manager tools worth considering.

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
<<   <   Page 5 / 5
HonzaD206
50%
50%
HonzaD206,
User Rank: Apprentice
1/7/2015 | 4:16:03 PM
Enterprise password manager
All of those are personal password managers, but what if you need to securely share passwords with somebody else?? Within the team?? Try Vaultier.org. It is server based encrypted storage. BTW... there is free community version available.
Andre RobertoD871
50%
50%
Andre RobertoD871,
User Rank: Apprentice
7/16/2015 | 7:57:21 PM
A different approach to a Password Manager
Hi guys, there is a password manager called Ninja Password (ninjapassword.com) that is very different from everything else out there because it actually does not store your passwords anywhere. What it does instead is generate your password on the fly whenever you need it based on an hashing algorithm that takes into account the the websites domain, a personal PIN number and a random user ID that it generates. If you use that same user ID in other devices it will sync your settings and list of websites for you, which in handy these days. The catch is that you cannot choose your own password but stick with the one it generates for you. You can setup the strength of your password (length, use of special chars, etc.), but that's it. Now, the most awesome thing about it is that it has no registration, no e-mails, no names, no addresses, no credit cards, nothing. It is completely private.
Ray James
50%
50%
Ray James,
User Rank: Apprentice
11/2/2015 | 9:24:38 AM
Thank you
Thank you for suggesting these top 10 password managers, it's always interesting to see what is available on the market and comparing this to what I use. Password management and security is such a complex issue and needs a critical approach. I've been using Nervepoint Access Manager which is brilliant, and recently they launched single sign on via their partner Hypersocket. I have been using this combined, a password reset service with single sign on. Definitely worth a try. 
ms70_300
50%
50%
ms70_300,
User Rank: Apprentice
8/16/2017 | 11:57:59 AM
Do you have any updates?
I've been looking for password managers for Windows 10 and come across a few including new ones like #1 Password Manager (https://www.microsoft.com/store/apps/9n0cqdt7zwqv)

Does it look good to you?

Thank you
<<   <   Page 5 / 5
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).