Less well known than some of its commercial rivals, Sticky Password by Lamantine Software (the name refers to the company’s alleged support for endangered manatees) is a robust and intuitive password manager that integrates well with supported operation systems and browsers. Offering better security than LastPass, and a more seamless mobile experience than FOSS alternative KeePass, Sticky Password has a lot going for it.
Pricing and Features
Like LastPass, Sticky Password works on a freemium payment model. The primary advantages of using the Premium service is the ability to sync devices using either the cloud or WiFi, priority support, cloud storage of passwords, and helping to support endangered Manatees.
Premium subscriptions cost $19.99 per year, or $99.99 for a lifetime license.
Features of Sticky Password include:
- Auto-generation of secure passwords
- Auto form-field completion
- Import existing passwords from your browser, KeePass, LastPass or RoboForm Everywhere, Dashlane, Kaspersky Password Manager, 1Password
- Multi-factor authentication (for devices, not individual websites)
- Biometrics authentication (on mobile devices with fingerprint scanners)
- Cloud syncing across devices (optional)*
- Cloud storage of passwords (optional)*
- Local WiFi syncing across devices (optional)*
- Cloud backup (optional)*
- Saving endangered manatees*
* Premium service only. The rest of this review assumes use of the Premium service.
Aesthetics, usability and customer support
Although not as flash looking as, say LastPass, the Sticky password website is cleanly laid out and easy to navigate, with lots of relevant information, and a blog to keep users updated on the latest developments. Users can also login to the website to access their account information.
The app uses a very similar design to the website, and is similarly easy to use.
Technical support is available via a good FAQ, a 19 page PDF guide, and by Live Chat (which answered our questions quickly and seemed knowledgeable, although it is not available 24/7.) Premium users can also priority-email the technical support team, which again answered our queries quickly.
Security and Privacy
Sticky Password is a closed source commercial product, and as such we simply have to trust that its software does what it says it does. Other than that, however, Sticky Password’s dedication to security and privacy impresses us.
For a start, by default the master password is saved only in your head. This does mean that if you lose it then… oops!… but this far more secure than any system that permits password recovery (such as LastPass.)
Although Sticky Password does support syncing of data using the Cloud, we love the ability to securely sync local WiFi only via, which means that no data need be sent across (or stored on) the internet.
Regardless of how the password databaseis synced (or not), it is encrypted/decrypted locally on your device using the industry standard AES-256 encryption algorithm. An encryption key is derived from the Master Password using the password-based key derivation function PBKDF2, which applies a pseudorandom one-directional function cryptographic hash to the unique Master Password, together with a cryptographic salt (random data) in several thousands of cycles (iterations). This approach prevents
any unwarranted retrieval of the Master Password. Further details on Sticky Password’s white paper.
As long as a strong Master Password is used (and which is not divulged to anyone), this should be a very secure setup. Those worried about keyloggers can input passwords via the built-in virtual keyboard, which can be handily accessed via a keyboard shortcut.
By default, simply knowing your username and Master Password is sufficient to access your passwords from other devices, but you can increase security with two-factor authentication (one-use PINs sent to your email address)
We would like to know why the Android app needs all these permissions…
Using Sticky Password (desktop)
Sticky Password is available on the desktop for Windows and Mac OSX, although unfortunately not Linux. We tested the Windows version.
Sticky Password integrates with an impressive list of browsers, including Opera, Pale Moon, and Sea Monkey
The desktop app allows you easily view and manage your saved passwords
If you visit a website for which you have login details saved, Sticky Password will enter these and log you in automatically (if more than one login is registered for that website you are offered a choice.) If no existing logins are found, Sticky Password will offer to save a new entry for that site
Secure Memos allows you to store private information other than website login details. One problem we did find when importing our KeePass data is that entries which contained both login information and notes were simply converted to notes, and the login information was lost during the process. You should therefore carefully verify that all necessary information is imported when changing over from another password manager
Identities allows you provide information that Sticky Password can use to automatically fill in web forms for you
A very funky feature is the ability to drag this crosshair (which pops up when you hover your mouse pointer over the Sticky Password notification bar icon) to an app, and Sticky Password will offer to fill in login information from an existing entry, or create a new one. We found this worked well on most apps we tried (but not all)
Sticky Password on the desktop generally impressed us. It integrated well with our browsers, and provides all the features we need from a password manager in an easy to manage and intuitive to use way.
The only things missing are biometric login and two-factor authentication for websites. These features are probably not a major concerns for most people, although with fingerprint scanners becoming increasingly common on laptops, and more and more services pushing 2FA, demand for these features is only likely to grow…
Using Sticky Password (mobile)
Mobile apps are available for iOS and Android. We tested the Android version.
Similar to the desktop app, the mobile app allows you easily manage your passwords, Identities (for filling in forms), and Secure Memos
Integration with other Android apps needs to be enabled. Plugins are available for Firefox and Dolphin, and a “Floating Sticky Window” autofill helper can be used for all other apps.
In supported browsers Sticky Password works pretty much exactly as on the desktop, and will offer to fill in or generate new passwords login and forms. If your phone sports a fingerprint scanner you can use biometric authentication instead of having to enter your Master Password whenever you access your passwords. Alternatively, you can setup a PIN or Pattern lock
The “Floating Sticky Window” runs alongside your other apps, and allows quick access to your passwords, or will generate new secure passwords. These are automatically saved to the clipboard, ready to paste into any app. As the above warning indicates, however, this feature does involve some sacrifice of privacy in exchange for convenience
If you use a supported browser, then Sticky Password works fantastically well in mobile form (and we recommend using the FOSS Firefox browser anyway). The “Floating Sticky Window” helper app works fine, and allows you access your passwords from all your apps, but would be a pain to use as your primary means of accessing passwords while surfing the web.
Fortunately, most browsers have a built-in password manager that can save passwords imported from Sticky Password, which should minimize this problem.
- Does most things password related
- Imports saved passwords from many sources (but check everything is imported properly!)
- Easy to use
- Great browser integration
- Good mobile app (especially if you use a supported browser)
- WiFi-only backup
- Strong encryption
- “Crosshair” desktop app unlock
- Supports an impressive list of desktop browsers
- No Master Password recovery (good for security, but don’t forget it!)
- Good technical support
We weren’t sure about
- No 2FA or biometric support for individual websites (fingerprint scanners are supported in the mobile app)
- Android app asks for a lot of permissions – we would at least like to see these explained
- Closed source
- No Linux support
Sticky Password is a good password manager. It is intuitive to use, integrates well with browsers on the desktop, and as long as you use a supported browser, works seamlessly on mobile devices. Users married to the idea of using an unsupported browser such as Chrome will find the experience less seamless on mobile devices, but Sticky Password’s solution is still more elegant than that of FOSS competitor KeePass2Android.
Although less fully featured than LastPass, Sticky Password does not introduce security vulnerabilities by offering a password recovery feature, and we loved its sync by WiFi-only feature….