TechWeb

10 Top Password Managers

May 01, 2013 (07:05 AM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=240153906


In 2011, IBM predicted that in five years we will not be using passwords to access secure resources such as ATMs and PCs. Instead of entering a PIN or typing a username and password into a PC, we will simply look into a camera or speak a name into a microphone, because our eyes and voices are unique, IBM says.

Biometric recognition replaces the entry point for what password managers are already doing today. Companies such as RoboForm and LastPass provide a platform that requires only one complex password to access your secure websites, credit card information and even documents that you keep inside an encrypted database. Depending on the platform, the database could be stored locally, on the company's servers or even in Dropbox.

Some password managers use browser extensions that keep your data in a local profile, syncing with a cloud server. Because the data is encrypted and transferred through a secure connection, you can be reasonably confident that your data is safe.

Other password managers keep your data on a thumb drive you carry around from computer to computer. With this approach you always know where your data is -- as long as you don't leave it in a PC and walk away.

Some products are free and charge for a mobile premium; others are subscription-based or charge single flat fee. One product, Dashlane, rewards you when you use its service by awarding points you can use to earn discounts on future purchases.

Some password managers offer two-factor authentication, requiring a smartcard as well as your password to log in. With this type of two-factor authentication, even if your password is decrypted, hackers still can't access your account -- but neither can you, if you don't have your smartcard. That's why this type of authentication is usually offered as an option; most customers prefer a less-strict password management service.

All password managers do have one thing in common: They require you to remember one complex password. But complex should not mean hard to remember; it could be a sentence, for example. If you forget your master password, after all, you can't access your data -- and since the company that developed your password manager doesn't have it, you'll have to reset all your passwords and start over.

Password managers also generate complex passwords, provide import and export tools, allow for simple notes and automatically complete online forms for more efficient online checkout. Here are 10 password manager tools worth considering.




LastPass is often the first name mentioned when people discuss password managers. Founded in April 2008, when the major contenders in end-user password management were RoboForm, 1Password and KeePass, LastPass works on virtually every operating system. On the desktop, it installs on the browser as an extension, so you might need to provide explicit permission to let it run.

LastPass automatically fills out forms, allows for import and export, and permits sharing of passwords through the Internet (a better alternative than using plain text email, which is insecure). It also lets you create and keep simple notes, generate complex passwords, and create a USB key using Google Authenticator Support.

The premium version of LastPass costs $12 a year, which buys you mobile support even for WebOS. You also get multi-factor authentication via YubiKey, which you use like a USB thumb drive. LastPass also offers a credit monitoring service that will send email alerts when your credit report is modified.

Finally, LastPass for Android has a custom input method that automatically fills in your username and password when you log into apps such as Facebook.

Price: Free for desktop, $12/year for mobile

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords




Password Genie extends beyond passwords and PINs, serving as an information management app -- especially for travelers.

"[Password Genie] serves as a mobile vault for people's personal information, from passwords and websites to insurance cards, frequent flyer information and hotel/rental car numbers," said Edward K. Barrett, VP of marketing and communications for Password Genie. "People need this information accessible from everywhere they go."

There isn't a basic version of the software -- Password Genie customers get full access to all the features. The app stores passwords and personal information so you can use auto-form fill functions to easily open secure websites. Password Genie also provides space to store personal information such as PINs, credit card information and even birthday reminders.

Password Genie is a mobile-first platform, but it does offer integration with a desktop client.

Price: $19.95/year (free 30-day trial)

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords




SplashID bills itself as the best-selling password manager, with more than one million users. Focusing on mobile, SplashID Safe supports virtually all mobile OSes: Blackberry, Android, iOS, Windows Phone, WebOS and PalmOS. It also has a client for Windows and Mac.

SplashID Safe operates differently than the browser-based plugins, requiring no installation at all. Rather, SplashData sends you a $29.95 4-GB key-shaped USB device. Simply plug the key into any computer, enter your password and SplashID Safe will launch your data. The app securely stores your usernames, passwords, account numbers, and any records you need to remember and keep secure.

The desktop and mobile versions of SplashID Safe are sold separately (you don't need to have both), and the two versions sync with each other.

Price: $19.95 for desktop, $9.95 for mobile

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords




If each password manager addresses a particular user pet peeve, Roboform's is the tedious process of entering usernames, passwords and other information to log into websites and fill out forms. RoboForm securely stores passwords, credit card and personal information on your computer only; it does not transfer data to the cloud. The app allows for multiple profiles -- handy for families and household use -- as well as alternate addresses and even pseudonyms.

The entry-level version of RoboForm is not subscription-based, while RoboForm Everywhere starts at $9.95 annually, which lets you run RoboForm on any number of computers. RoboForm2Go, an encrypted USB drive, can be used on up to three USB keys.

Price: RoboForm Desktop: $29.95 (free 30-day trial)

RoboForm Everywhere: $9.95 first year, $19.95 subsequent years

RoboForm2Go: $39.95

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords




Dashlane -- which promises instant logins and checkouts -- earned a place in Popular Science's "Best of What's New in 2012."

Offering many features that extend beyond password management, Dashlane incorporates social into its product by use of a points system that rewards you for securing passwords or storing online receipts. You can then use the points to unlock premium features, get free iOS apps and more.

Dashlane facilitates online shopping through use of easy-to-understand color-coded information, enabling users to complete online transactions by clicking a few tabs.

The basic version offers all the features of premium, but with limited support, a limited number of notes, and no mobile help. The premium account also includes all future premium features. Version 1.6 introduced Dashlane Courier, a secure way to transfer confidential data.

Dashlane is available for Windows, Mac, iPhone and Android.

Price:$4.99/month or $39.99/year

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords




Security Everywhere, made by mSeven Software, is a sync and security architecture that integrates with third-party cloud storage services. Currently it integrates only with Dropbox, but according to the company's website, support for iCloud is in development and other cloud systems are under consideration.

Security Everywhere uses industry-standard 256-bit Blowfish encryption, 256-bit SHA password hash, file compression and enforcement of minimum sync passwords to keep data safe even if your Dropbox account is compromised.

mSecure's password manager comes with 17 standard templates for Web logins, credit cards, email accounts and frequent flyer numbers. You can also create custom templates with an unlimited number of fields. The app allows you to categorize records into groups and mark favorite records for fast access.

On mobile devices, you can auto-lock the screen after a set time and set the self-destruct feature to wipe data after a set number of incorrect password attempts. You can also share records via email, SMS or clipboard, and auto-backup encrypted data to an SD card.

The password generator creates stronger passwords that include symbols, upper- and lower-case, alpha-numeric combinations and more.

mSecure runs on Windows Mac OS iOS and Android.

Price:

Desktop: $19.99

Android and iOS: $9.99

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords




KeePass, the only open-source app on our list, is a password manager for users who know their way around a PC. For example, when you install KeePass, a wizard asks you where you want to store your database. KeePass makes that database easily portable -- you can transfer it to a USB drive and connect to another PC. AES and 256-bit Blowfish encryption provide reasonable assurance that your data won't be compromised if the drive is lost or stolen. You can also keep it in the cloud provider of your choice. The mobile and desktop apps synchronize directly to Dropbox or Google Drive.

KeePass is lightweight -- it doesn't store file entries, registry keys or INI files on your PC, and it even clears the clipboard on exit when the enhanced clipboard protection option is enabled. KeePass is OSI-certified.

Open-source software for a password manager has pros and cons. On the plus side, it lets savvy users check the code to ensure the software performs as advertised and there are no backdoors. This is good for coders who like to tweak a setting or two; for example, choosing different encryption algorithms. On the other hand, granular features are not necessarily what most users want in a password manager.

KeePass is available for Windows, Mac OS X, PocketPC and Smart Devices, Windows Phone 7, iPhone/iPad, Android, BlackBerry, and Palm OS.

Price: Free (donations accepted)

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords




DirectPass, one of several security products from Trend Micro, includes the same features most password managers offer, and one the others don't: a single master password. It also provides password generation, a 256-bit AES encrypted form filler, encrypted secure notes and browser integration. Also bundled with DirectPass is a feature called Secure Browser, which is designed for online banking and financial websites.

DirectPass is available for Windows, Android and iOS.

Price: All features are free for five passwords; for unlimited passwords $9.95/year or $16.95/2 years

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords




Well-known security tool vendor Norton offers Identity Safe. Along with standard features such as support for multiple browsers, iOS and Android support, a form filler and unlimited notes, Identity Safe includes Safe Web, a browser extension that alerts you when a site might not be what it appears to be.

Norton Identity Safe is a free download, with no premium upgrade, but you'll need to link it to a new or existing Norton account.

Price: Free for desktop, iOS and Android

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords




MyLOK+ provides two-factor authentication out of the box. It does not store data in the cloud or on the PC, nor does it modify any files on the PC. The fully encrypted USB drive serves as a repository for any document format. Once you've set a master password, MyLOK+ remembers the usernames and passwords for all your websites.

MyLOK+ is available for both Windows and Mac and offers features such as a random password generator, auto-login, browser plugins, an automatic form filler and more.

One caveat: If you do not have your MyLOK+ device, you will need to know your username and password to access your sites. That means that if you use the password generator to create a random alpha-numeric string and then forget the device at home, you're essentially locked out unless you reset your passwords. Another concern for USB devices in corporate environments is that many organizations lock down USB drives in order to control and protect their intellectual property and to protect against viruses.

Price: $189

RECOMMENDED READING:

Twitter Two-Factor Authentication: Too Little, Too Late?

Want Stronger Passwords? Try Bad Grammar

6 Password Security Essentials For Developers

5 Ways To Solve The Password Reset Problem

8 Ways To Avoid Getting Your Life Hacked

7 Tips To Toughen Passwords