ExpressVPN

5 Best Password Managers

The human brain has not evolved well to memorize multiple complex strings of alphanumeric characters, but luckily for us this is exactly the sort of thing computers are great at! The best solution to remembering secure passwords, then, is to let technology do the heavy lifting.

Password manager programs do pretty much what it sounds like – they generate strong random passwords for each website and service you use, and store them in a way that allows easy recovery when you need them. Most password managers also offer cross-platform compatibility and synchronization features, so you can access your stored passwords from any device that you use.

Best Password Manager Summary

Rank Provider Grade Starting Price Link

1

KeePass

Read Review >
Free Visit Site >

2

Sticky Password Logo

Read Review >
$19.99/yr Visit Site >

3

LastPass Logo
Read Review >
$12/yr Visit Site >

4

1Password Logo

Read Review >
$49.99 Visit Site >

5

Firefox Logo
Read Review >
Free Visit Site >

Winner

KeePass

 

  • PROS
  • Open Source
  • Free
  • Strong security
  • Good open source community support
  • Customizable and expandable through wealth of plugins
  • CONS
  • A little fiddly to setup
  • Mobile integration is a bit awkward
  • No biometric support

The biggest headache that all of the commercial password managers face is that the free and open source (FOSS) alternative is very good. KeePass may look a little rough around the edges, and requires a little bit of setting up, but it is very secure, works flawlessly, integrate well with most desktop browsers (through plugins), and is very customizable and expandable (through the use of plugins.) KeePass’ mobile integration works, but is somewhat clunky compared to some commercial products, and this is arguably the best reason to use a closed source product instead

Try Out the Best Password manager today!

Visit KeePass »

2nd place

Sticky Password

 

  • PROS
  • Strong security
  • WiFi-only sync optionMulti-factor authentication (for devices, not individual websites)
  • Great mobile integration (with fingerprint scanner support)Good import options
  • Supports lots of desktop browsers
  • “Crosshair” desktop app unlock
  • CONS
  • Closed source

Sticky Password is a great desktop solution that impressed us with its ability to sync over WiFi and its support for a ridiculous number of browsers. Its security measures also appear to be very tight. Given these solid foundations, the fact that Sticky Password works brilliantly on mobile devices (especially for Firefox mobile users) may be a compelling reason to choose this over its FOSS rival.

Visit Sticky Password »

3rd place

LastPass

 

  • PROS
  • Multifactor authentication (including various biometric options)
  • Real time credit card monitoring to prevent unauthorized use (US customers only)
  • LastPass Sentry (monitors the PwnedList database of 24 million publicly leaked usernames and passwords for details belonging to LastPass users)
  • Great mobile integration
  • CONS
  • Closed source
  • Security weaknesses
  • It’s been hacked… twice!

LastPass is a very slick and intuitive password manager that sports a wealth of funky features. It also works great on mobile devices, and integrates well with most popular mobile browsers.  In fact, in terms of everyday use and functionality, LastPass is the best password manager that we have reviewed. However… in order to achieve this high level of functionality, LastPass has made some security compromises (most notably by implementing password recovery.) Not only has it allowed its servers to be hacked twice, but these compromises now mean that the hackers may be able to decrypt the stolen data. LastPass is therefore a good choice for more ordinary tech-shy users who would otherwise not bother using a password manager at all, but should be avoided by the more security conscious out there.

.

Visit LastPass »

4th place

1Password

 

  • PROS
  • Strong securityWiFi-only sync option
  • Watchtower (security audit for weak or duplicated passwords etc.)
  • Good desktop browser integration (for popular browsers only)
  • Diceware passphrase generation
  • Great documentation30 day free trial + 30 day money back guarantee (but not as unlimited as claimed)
  • CONS
  • Closed source
  • Pricey
  • Clunky mobile integration
  • No 2FA or biometrics support (except for fingerprint scanner on iOS devices)

Despite being rather expensive and closed source, we enjoyed using 1Password on the desktop. The app has some funky and very handy features, and we found its browser integration intuitive and non-invasive. Maybe it’s just us, but we are particularly taken with the ability to generate Diceware passphrases! There is no getting away from the fact, however, that 1Password is rather expensive, which when combined with clumsy mobile implementation means that it struggles to justify its high cost when compared to free and open source rival, KeePass.

Visit 1Password »

5th place

Firefox Built-in Password Manager

 

  • PROS
  • If you use Firefox then you already have it!
  • FreeOpen source
  • Strong local security
  • Almost completely transparent in use
  • CONS
  • Firefox Sync does not appear to work with Master Password enabled, making cross-device/platform password syncing very insecure
  • Not nearly as fully featured as “proper” password managers

Most modern browsers include some password management functionality, but open source Firefox stands out because it provides the option to securely encrypt them behind a master password. On a single computer this works very well, but we were unable to sync across devices or platforms without disabling the master password, making Firefox useless for syncing passwords securely.

Visit Firefox »

Password Manager Considerations

The future of online security is likely to reside in biometric devices (such as fingerprint and retina scanners). For the time being, however, using strong passwords is the single most important thing that any of us can do to improve our chances of not have important accounts hacked, and our data/money/private pics etc., stolen.

Unfortunately, this is easier said than done, as using passwords that are genuinely strong, but that you are actually likely to remember, is very difficult (to the point of being not realistically possible.)

  • A strong password should consist of a long* string of random characters, and should include letters (both cases), numerals, spaces, and symbols. * A password 10 characters long has a 40-bit hex key, while one 64 characters long has a 256-bit hex key. Passwords should be at least 10 characters long.
  • You should use a completely different password for each important website – if you use the same password across multiple websites and accounts , and if a hacker can obtain your password from any one of these, then he or she has a golden key to all your other accounts that use the same password. This is an important tactic used by criminals who hack into low security accounts, and then use the passwords uncovered from these to access more critical accounts (such as bank accounts).

Given this difficulty, it is little surprise that most people simply give up and use passwords such as ‘123456’ or ‘password’. Even slightly more secure passwords, such the name of your cat, kids, or your spouse’s date of birth, can often be uncovered through tactics such as social engineering and basic research (this kind of information is often published on people’s own Facebook page or LinkedIn profile!)

This is why using a password manager is such a good idea!

Potential pitfalls

The biggest downside of using a password manager is there is a single point of failure – if an adversary gains access to your master password then he or she gains access to all your passwords. It also means that it (usually) very important that you do not forget your master password!

Good security is therefore of vital importance when choosing a password manager. Things to be wary of include:

  • Any solution that does not encrypt passwords client-side (i.e. on your own computer or device)
  • Storing passwords on a centralised server – even assuming these are encrypted, if hackers (or the NSA) can access the server then they have direct access to all passwords stored on it, and if the encryption/security measures used to protect the passwords prove to not effective as thought, then a large number of passwords will be compromised
  • Password recovery – the safest place to store a master password is in your head, and only in your head! Although convenient, any master password recovery system will introduce weaknesses

You should also be aware that syncing to mobile devices, while incredibly useful, is a security risk, because all mobile platforms are inherently insecure (for all sorts of reasons.) For many of us this is trade-off we are willing to make, but we strongly suggest that the more paranoid out there stick to storing passwords on their desktop computers only (and throw away your smart phone, don’t use the internet, etc.)

Conclusion

Given that weak passwords are the biggest problem when it comes to online security, and given that it is realistically impossible to use strong passwords effectively if we rely on our own fallible grey matter, using a password manager is the single most important thing you can do to improve your online security (at least until biometric authentication methods become more common, but these are likely to introduce their own security concerns.)

As usual, we default to recommending the open source option (KeePass), which is excellent, but the less tech-savvy, those wanting better mobile integration, or those wanting biometric support, may want to consider using a commercial alternative.

Please note that this list is based on password managers we have reviewed so far.  We are well aware that there are more popular password managers out there. After a short break we will perform another round of reviews, updating this article accordingly.

Update September 2016: News of two new high-profile hacks in which huge numbers of passwords have been dumped online demonstrates the importance of using unique strong passwords for every website that you have an account with. Please see Dropbox and Brazzers Passwords Hacked for more details.

Summary

Rank Provider Grade Starting Price Link

1

KeePass

Read Review >
Free Visit Site >

2

Sticky Password Logo

Read Review >
$19.99/yr Visit Site >

3

LastPass Logo
Read Review >
$12/yr Visit Site >

4

1Password Logo

Read Review >
$49.99 Visit Site >

5

Firefox Logo
Read Review >
Free Visit Site >

Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage


7 responses to “5 Best Password Managers

  1. Hi Douglas,

    I am looking for a secure (not likely to be hacked), reliable (not likely to handover or sell my data) and free password manager. Since this article is a little bit out-of-date, based on your actual experience which password manager would you recommend today (if any)?
    And is there any connection between KeePass and KeePassX that you know of? If yes, which one do you consider to be better and why?

    Thank you in advance

    1. Hi johnyy,

      I always recommend KeePass. It is very secure, and it is fully open source (and being free is a nice bonus!). If you haven’t already, then please check out my KeePass Review. FWIW, KeePass is what I use personally.

      KeePassX started life as a Linux port of KeePass, but has grown into an independent cross-platform password manager. Like KeePass, KeePassX is fully open source, and it uses standard KeePass 2 database files (.kbdx). I have not used KeePassX, personally, so cannot comment on its merits compared to KeePass. I do hope to review it in the near future, however. Given that both programs are free and can be used to open the same password files, why not try them both to see which you prefer. As far as I am aware neither program has any major security weaknesses, but neither has been fully independently audited either.

  2. You can’t be serious that you are recommending Firefox’s built in manager over and above Roboform. The fact that this application isn’t even in your list shows you must have some gripe against them.

    For sure KeyPass is world class but there are things that Roboform does – form filling for example, broswer integration, etc without any convoluted addins or process for getting it working. For teh record I do not work for Roboform but have used their product along with LastPass and KeyPass for years and have yet to find a product to better it.

    1. Hi Stuart,

      At the bottom of this article I have clearly stated,

      “Please note that this list is based on password managers we have reviewed so far. We are well aware that there are more popular password managers out there. After a short break we will perform another round of reviews, updating this article accordingly.”

      The simple fact is that I have not yet reviewed Roboform. After doing five straight password manager reviews in succession, I need a short break before reviewing more (including Roboform and Dashlane). One I have done these reviews I will update this article.

      1. Hi Douglas,

        If you are planning to write a new post for password managers, I will suggest you to have a look on “Enpass Password Manager” too.

        Enpass has really some unique features over other existing password managers in market.

        1. Free Desktop version without any charges and limitation. Only Mobile versions are chargeable with in-app purchase of 9.99$.
        2. Free Browser Extensions support for Chrome & Firefox for Windows. Very soon available for Mac and Linux as their RC version has already been released.
        3. No Subscription cost as we do not store any data on our cloud.
        4. Native app available for Linux Platform.
        5. Unlike other proprietary password managers, Enpass’s security model is implemented by trusted, Open Source and peer reviewed SQLCipher Engine giving 100% encryption to data.
        6. Widest range of cloud options for syncing data as it supports Dropbox, iCloud(Apple devices only), Google Drive, OneDrive, Box and WebDAV/OwnCloud.
        7. Imports data from 21 other popular password managers.

Leave a Reply

Your email address will not be published. Required fields are marked *