Managing passwords is a pain. If they are too simple your accounts could be compromised, but creating long complicated passwords that you (and by you I mean me) forget to write down which leaves you resetting them over and over again.
That was my pattern for the longest time, forget a password, create a new password, forget that password and so on. I was in an endless circle of resetting passwords. I used my pets names, sports teams, tech terms, and even the names of people I didn’t like. I still couldn’t keep my passwords straight.
What is a password manager and why do you need one?
Password managers exist largely due to our inability to create our own complex passwords because we know we won’t remember them. A password manager will not only create different passwords for every site you visit, but they will also remember those passwords and then enter them for you.
So why do you need one? You need a password manager because hackers, malware and phishing attacks have become more sophisticated, which means your passwords will be easier to compromise. And unless you have an amazing memory and can remember the 30 different passwords you created, you need a third party that can help you save yourself from all of the bad actors that spend their time trying to steal your money or worse your identity.
How do Password Managers work?
The most common type of password managers are the ones that install a browser plug-in to manage password creation, capture and entry. Once either you or the password manager has created a password, it will then save your login credentials for the site the password was created for.
Each time you visit that site, the password manager will automatically fill in your credentials. Most programs should be able to detect when a change to a password has been made and send you a prompt to add that new password to the manager.
Depending on the program you choose, the password manager may alert you when it identifies passwords that aren’t as complex as they need to be. Once you have been alerted, you can either change the password yourself or allow the password manager to create a new one for you. Regardless if you or the program changes the password, once changed it will be updated.
Most password managers will also auto-fill stored data and add personal data to online forms for you. If you have stored credentials and personal details that you have shared with the password manager program, it will pull that data to complete the form. How much of the web form is completed depends on how many personal data the program can access.
Some may provide options to store payment methods; it is not advisable to allow any site that stores your credit card information and address information. While it is convenient, it can also lead to your data being compromised.
Most of the password management programs including all of the ones included in this review can store your data both on your devices and the cloud. They also all use some of the toughest encryption technology around. This means you can feel confident that passwords and other data that you upload to these providers will keep your devices and data stores in the cloud safe.
Cloud or Local? Which one is best?
Most people would agree that keeping things local is better. Local is stored on your device, and you can keep your personal date more secure as it doesn’t require the internet to store it. But if you have a quality antivirus software on your system, the cloud is more convenient. It makes it easier to sync your devices and make sure you never miss an update.
Improvements in how we encrypt data creates something close to an equalizer when it comes to storing data on the cloud or storing it locally. While few can work as both, what you choose will come down to what you think is the most secure option.
Password Manager Comparisons
KeePass is the only free password manager on our list. It is free at every level from consumer options to enterprise solutions. If you want a password manager that requires minimal interaction, and that only demands your attention when something urgent occur, KeePass isn’t for you. When most of us hear “free,” we assume that the free software works identically to the paid password manager.
But that is not the case with KeePass; it is an open source password manager that allows you to configure the program using plug-ins. Now if you are a programmer or just someone who likes to figure things out on their own, KeePass is awesome. But if you are more hands off, it may benefit you to use a paid password manager.
If you decide that KeePass is for you, the next step is to install it on Windows, Mac, and Linux platforms. KeePass also has the distinction of being the grandfather (or grandmother) of all of the other password managers. It has been a free open source project that has stood the test of time. While it has several spinoffs and a substantial number of ports to several platforms, KeePass still remains open source and the customizations are endless.
But with customization comes work, and KeePass can be frustrating it you are new to open source projects. You will have to do everything yourself, so if you aren’t tech-savvy, you may want to pass on KeePass.
Authentication is key when you are choosing a password manager, and while most will require you to create a master password that controls who can access your password manager, KeePass uses a different system. They use a Composite Master Key system that can help us ay or all of three authentication methods. The three options they can use include a master password, Windows user account, and key files.
When you enter your master password KeePass will rate it based on complexity. The will also look for passwords that are considered bad and compare those password to the one you are creating. If they tell you it is strong, then you should pat yourself on the back.
By adding a key file as authentication, you can increase your security exponentially. Not only would someone need to figure out your master password, but they would also need to sneak in and take your USB drive, which makes it a great way to keep your passwords under lock and key.
There is also the option that allows you to authenticate using your Windows account. It will prove to KeyPass that you are on your Windows account and that you know the password to log into your account.
Adding new passwords is a manual process. While some of the other providers will integrate with your chosen browser, which allows them to capture and store the passwords you enter on various sites, KeePass doesn’t integrate with any browsers. This means you will be entering all of your existing passwords on your own.
- Works well for tech savvy users
- Free for enterprise or consumers
- It works well on Windows
- If you aren’t tech savvy you may get frustrated
- You have to enter password manually
- Doesn’t integrate with browser
KeePass is absolutely 100% free for all users. That being said if you don’t have a lot of extra time, or you lack the skill or will to try a DIY password manager, KeePass may not be the right choice. It works best for people who have at least a base level of technical aptitude. The site looks like it is still in the early days of the internet, but it is one of the most reliable and popular password managers.
Users of KeePass love it. But it does have one huge downside it doesn’t integrate with browsers, so you have to enter each password manually, which is kind of a drag.
Originally a Mac password manager, 1 Password now provides management services for both Windows and Andriod as of 2014. As with many products that originally focus on one platform, the new Windows and Android versions are lagging a bit behind the original Mac version.
In the beginning, the pricing can seem a little complicated, but once you understand it, you will appreciate the pricing more. You only pay once, and then 1Password is yours for as long as you want it to be. When you purchase a license for a specific platform, that license can then be shared with six people who are on the same platform.
Android and iOS licenses are currently free. For Windows and Mac, the price is $49.99 each or you can bundle them for $69.99.
1Password added two-factor authentication for both Mac and Windows in early 2015. Prior that it didn’t exist with either platform which left customers perplexed and concerned about the level of security 1Password provided.
But now you don’t need to worry; you can now enable two-factor authentication on everything from Facebook to Gmail. You can rest better at night knowing that you have an extra layer of protection.
It is easy to save passwords with 1Password, once you set up the 1Password app you can install the 1Password browser extension. Once installed you will be prompted to “Save Login” when you accept 1Password will save your username and password.
If you are signing up for a new account you can use 1Password to generate a strong random password. You will need to leave the password field blank during the sign-up process; then you will click the 1Password button in your browser and hover over the password generator. You can change the settings for your password, once you are done click Fill, and your new password will be filled in the password field.
- Options for Windows, Android, Mac and iOS
- Create complex passwords during new account set-up
- Offers two-step verification
- When you buy 1Password you will have a lifetime subscription
- You cannot recover your master password if you forget it
- Limited support
- No options for Windows phone
Sticky Password not only integrates with the majority of web browsers, but it also plays well with iTunes, Dropbox, Google Talk and Skype. It is one of the most diverse password managers on the market. In addition, it will also import data from its competitors, like Robo Form. You can also create files for any information you want to keep private.
One sad thing about Sticky Password, other than it kind of leaves you feeling like something around you is sticky, is the lack of a Mac version. I mean you can get it for Blackberry, so maybe it’s time to consider adding one for Mac users as it already works with Windows, iOS devices, and Android devices.
Sticky, works like the majority of password managers, it syncs all of your passwords and keeps encrypted copies on its server. If you like to keep your data locally you can use a desktop version by downloading the Windows Sticky Password Desktop.
You are required to enter your master password every time you log into the Sticky Password app. If you like you can configure Sticky so its response to the presences of a USB drive or Bluetooth device. But that is not authentication; it is just a different login method.
Sticky has a fingerprint authentication options that works with iOS and Android devices that support the technology. While it is available it is still in the fine-tuning phase, as there are some glitches with the Touch ID logic, so you may notice some changes as it gets less sticky.
Because of the depth of its browser extensions, Sticky Passwords makes it easy for you to add passwords. It will prompt you to add existing passwords and offer to create new complex passwords if you are setting up a new account.
You can also use the USB drive to log into your saved sites, and you can save your current passwords. You can’t access your passwords online, but the USB option is a viable solution if you want to access them.
Sticky Passwords also provides web form filling, so it will enter your personal data into online forms for you. You can choose what personal information you want to share, and you can create multiple entries if you have more than one username attached.
- Syncs across multiple devices
- Can Sync using Wi-Fi outside of the cloud
- Offers web form filling
- You can use Touch ID on iOS and Android devices
- You cannot access your passwords online
- There is no pure two-factor authentication
LastPass (and let me just get it out of the way, I use LastPass) is one of the most popular password managers because it not only has a great free version, it also has a feature-packed version that is only $12 per year. With updated browser extensions you don’t even need to install a hard version of LastPass to use it.
When it comes to password managers LastPass, in my opinion, is one of the best. With the free version offering more features than some paid password management options, it is the most robust free password manager around. The free version has also upgraded the way it syncs. Where it used to only sync with devices of the same type, now you can sync with all of your devices. This was a feature that was only available in the paid version, they have since added it to the free version.
LastPass will ask every user to verify your email address when you sign up, but as many of us know from experience, that is not the best way to keep your passwords or personal data secure. That is why we recommend that you use the multifactor authentication provided by LastPass.
You need to open Account Settings, and then from there, you can add multifactor authentication option. The free version does support Google Authenticator, but it can also support authentication using the Toopher and Transakt apps. Which makes it easier than copying a one time code. You can choose to reject or accept a connect when using the Toopher and Transakt apps, which makes it easier to authenticate.
You can choose specific devices as trusted, which means when you log in from that device you just need the master password. If you use the mobile device restriction, no login from mobile devices will be accepted unless it is your device.
Once all of your current passwords are stored with LassPass the next step you need to take is evaluating each password. You will want to look for weak passwords and either create a new, more complex password manually or allow LastPass to create a complex password for you.
By clicking the Security Challenge icon, and entering your master password, you can let LastPass determine which passwords are strong and which ones they deem as weak. Once the analysis is done, you have the option to update the weak passwords or allow LastPass to update them.
- Offers cross-browser and cross-platform options with both free and paid versions
- Password changes are automated
- Offers multifactor authentication
- New sharing center feature added
- No customer service other than email
- Password settings when using the default password generators need additional security
Originally known as PasswordBox, True Key is a reboot and rebranding of the popular and innovative password manager. When it comes to biometrics and multifactor authentication, True Key under Intel is hard to beat. True Key has centered its focus on authentication more than any of their closest competitors.
This focus makes it one of the most forward thinking password managers when it comes to the use of biometrics, they have integrated both touch ID and face recognition into their password management software, which makes it easier than before to protect all of the passwords that True Key stores.
True Key starts off by requiring you to enter both a master password and a trusted device. Every attempt to log in from other devices also requires an additional level of authentication. Unlike some of the other multifactor authentication options, True Key allows you to authenticate using Touch ID (fingerprints) or facial recognition.
If you want to take your authentication to an even higher level, you can set the facial recognition program to require you to shake your head from side to side. You can also use additional factors using the My Factors page. You can choose at the Basic level to add either a master password or face recognition as authentication. It is required that you choose only two factors, the trusted device is not included in the factors you can select.
You can also use Touch ID on iOS devices as a factor. If you find yourself away from home without a trusted device, you can use email as a verification method.
None Shall Password
True Key requires you to create a master password to get started, but if you are really over master passwords, you can easily create one, then promptly forget it. By using facial recognition and a second device. You can also use fingerprint authentication on iOS devices.
Adding passwords is something that True Key detests. It feels you can sign into your devices using fingerprint, devices and facial recognition. Passwords are so passe True Key is focused on its devices and biometric options.
One thing that True Key has seemed to lose in the flurry around biometrics is some of the features that can add some additional value. Adding popular features like form fillers, and extensions that work with the Safari browsers would enhance the product and add a level of convenience.
- It is one of the best multifactor authentication programs
- Allows you to use face recognition to log in
- Touch ID can be enabled on iOS devices
- Syncs with a variety of platforms
- No auto web fill option
- Require creation of a master password
When it comes to password managers, Dashlane is one of the most popular programs among users. It has a sleek modern interface and provides a superior user experience by making things easy.
Dashlane 4 is everything you love about the product, it has a fresh look and is now even easier to use.
Armed with an automated password changer that can handle more popular sites than its previous version it is our favorite password manager. You can also take advantage of new advanced features like secure sharing and emergency access. It also adds a new Universal Two-Factor authentication protocol from FIDO, the Fast Identity Online Alliance, which is a pretty sweet addition to an already highly capable product.
You should always make your master password the strongest it can be. While Dashlane has requirements that include a password that is eight characters, has one number and one upper and one lower case letter, you should strive to create a more complex password. Using simple passwords will most likely leave you with a master password (which protects all of your passwords) that is less than useful.
You can also use two-factor authentication with Dashlane. You can set the program to require a second factor every time you log in, or you can set it to require it when you log into new devices. While Dashlane supports Google Authenticator, Due Mobile (free) and Twilio Authy, which lets you just snap a QR code displayed by Dashlane with your authenticator app to connect with the device. On iOS devices, you can use Touch ID.
After you have established two-factor authentication on your smartphone you can register U2F keys. Once you have set up your key, or keys, you can log in using your master password, then enter the U2F key. Known as Universal 2nd Factor, is an open authentication standard designed to simplify and add strength to two-factor authentication by using USB devices that are specialized.
Dashlane pops up when you click in a password field. It offers you the option to allow it to create a password for a new account or change one for an existing account. Once you allow it to create your password, it will store it in the password manager automatically.
If you have control issues, which isn’t a bad thing, you can click the browser toolbar and take over the password generator button. You can then set the password length and choose your characters, like letters, numbers or symbols. Dashlane doesn’t have time to figure out lower and uppercase, it’s way too busy making passwords, so adding an uppercase letter doesn’t matter. Dashlane has followed the pattern of creating 12 character passwords that rely on just letters and digits.
- You can save your password on a device or in the Dashlane cloud
- Dashlane 4 has a sleeker interface and is easier to use than previous versions
- Offers advanced form fill option
- Two-factor authentication that includes FIDO U2F
- No options for Blackberry or Windows phone
- Requires creation of a master password
If you are in the market for an easy to use password manager that is also reliable, Keeper is a good choice. It’s so easy to use that even people who struggle with technology can set it up and use it like they are the biggest tech nerd around. But you should remind them that they really aren’t tech savvy before they destroy your smart home.
Keeper is great at managing your passwords, it captures them with ease, and it will help you create new one’s when you need to. You can even sync your passwords across platforms which let you access them from anywhere. It also takes care of your personal data, keeping it safe until you need to enter it into an online form.
And it keeps your files and photos, along with your passwords, safe by storing it in a secure device.
Multifactor authentication is designed to keep you protected from all of the people who spend their days trying to get into your files. And Keeper is a huge supporter of proper authentication. So much so that it supports five different methods of two-factor authentication. Two of them are designed for businesses; the other three are designed for home use.
If you are looking for authentication options for you, business Keeper supports RSA SecureID tokens and Duo Security. Both of these options can be accessed on the business version of Keeper.
If you don’t have a business, but you do have a smartwatch Keeper DNA is a good solution. It sends a notification to your watch when your master password is entered. If you were the one who entered it you just need to tap the Keeper app to let it know it was you.
Keeper is also compatible with Google Authenticator, and for devices that offer Touch ID fingerprint access, Keeper can support that too.
When you click on the lock icon in a password field Keeper is there. While it’s there, it automatically generates a 12 character password. While some people may not want a longer password, it is important to remember that size doesn’t really matter. It is the complexity of the password that keeps your files safe.
Once you have your password created, the Keeper app will store it in the Keeper Vault. The Vault lets you manage and organize your passwords, and it, well it keeps them in a virtual vault. One thing about Keeper that I am not fond of it that you cannot assign a password to a folder at the time Keeper captures it. You have to go back into the Vault and edit the record and enter the folder name.
Sharing passwords is not a good idea. But Keeper lets you share when you need to. You can share files, passwords, and folders. But just make sure that you can fully trust the person you are sharing with. And if you don’t, or you get suspicious you can revoke the share.
- Works with all platforms, browsers, and Linux
- Offers two-factor authentication
- Provides secure password and folder sharing
- The Keeper Vault adds an additional layer of security
- You can’t import passwords from competitors
- Lacks drag and drop options
You can never be too safe when you are online. And the truth is that too many of us create simple passwords out of convenience. The most popular password is literally the word password. Which is the worst password you could create, that is why you need a password manager. I use LastPass (this is not an endorsement just a fact) and since I started using it my life is so much easier. It creates passwords that I couldn’t possibly remember, but I don’t have to. It stores all of my passwords and the sites associated with them, and they populate my usernames and passwords when I log in.
If you want to keep your online presence safe, you need more than a good antivirus program, you also need a password manager. Most of them have a free version, so you really have no excuse to not add one. I promise once you do, you will never keep a list of your passwords on a piece of paper you can’t find again.