The Best Password Utilities That Don't Store Your Data In The Cloud

After LastPass' servers went through a possible security breach this morning, many of you are looking for an alternative password solution. Here are some of our favourite programs out there that will store your passwords without syncing them to the cloud.

LastPass has long been our favourite any-browser, any-OS password solution, and its password generation features are great for creating super-secure passwords, but it stores all of your passwords on their servers — which make them vulnerable if their servers somehow get compromised. While there's no evidence that anything was necessarily taken, some of you may be rethinking your decision to store your passwords online. If you'd like to look at other options, here are some great programs that will keep all your passwords stored safely on your local machine.

KeePass

Pros: It's open source, available for tons of different platforms, and has some pretty great plug-ins available. You can automatically generate passwords, automatically fill in information, and import and export your database into a number of different formats. If you want to store information other than passwords, it also has a great "secure notes" feature that lets you store any data you want, while keeping it secure in its database.

Cons: While there are some specialised apps like KeeFox out there for better browser integration, KeePass' browser integration has always left a little bit to be desired. Where LastPass works seamlessly with almost every browser and OS out there, you need to work a little harder to get KeePass to play nicely with whatever software you're running.

1Password

1Password was long a favourite of Mac and iPhone users, but it now has Windows and Android versions available, making it a good cross-platform option for storing all your passwords locally.

Pros: Like the other options, it stores your passwords and can automatically fill them and log you into your favorite sites on the web. Not only can you store passwords with 1Password, but you can store credit card information, software licenses, and other important documents for quick access. It also has official builds for iOS and Android, which is nice if you do a lot of browsing on your phone.

Cons: The big downside to 1Password is its hefty $US40 price tag, which some may find worth it for its polish - but don't think you need to pay that much money just for the security, as open source options like KeePass are just as good.

Note: Both KeePass and LastPass support syncing your passwords between your machines with Dropbox, which while convenient, presents the same problem as LastPass. When you sync items to the cloud, they end up on someone else's servers and out of your control. As such, using one of these programs and syncing the data over isn't all that different from using LastPass in the first place, so if you're looking to avoid that issue entirely, we recommend against the Dropbox syncing features of these programs.

Keeper

Keeper is less popular and well-known than KeePass and 1Password, but it's probably one of your better options if you want to sync your passwords between devices.

Pros: Keeper is available on nearly every desktop and mobile platform out there, and allows you to sync passwords over Wi-Fi between devices — meaning you can sync your passwords without ever putting them on a central server that could get hacked. It's also very nicely organized for tons of different data beyond passwords, like credit cards, software licenses, or other private information.

Cons: Like 1Password, Keeper isn't cheap — it says on its website that it's $US30, but after installing you find out that it is, in fact, $US30 a year — which may be worth it to you for the convenience of Wi-Fi syncing, but it's important to know going in. Also, if you want to keep your data off their servers, you have to sync over Wi-Fi — there isn't an easy wired option for your computers that don't have Wi-Fi.

LastPass Pocket

LastPass Pocket is a small application that gives you full offline access to your LastPass passwords, so when LastPass gets overloaded or has issues (like it is today as a result of the breach), you can still access them. Now, we know this doesn't solve the main problem of having them in the cloud at the first place, but it bears mentioning for those of you that want to keep using LastPass, since it at least solves the problem of losing LastPass functionality when the servers go down or have problems.

There are a ton of different password managers out there, and a lot of them are pretty great, but these are a few popular ones that we think are good replacements if you're tired of LastPass. If you have your own suggestions that we didn't mention, share them with us in the comments.


Comments

    One small addition: if you use LastPass, and have a recent version of their browser plugin, all you have to do to be sure to have local access is to

    a) Click on the plugin icon once logged in
    b) Select "Tools -> Update sites"

    This will store a copy of your password database locally. Such a database can be deleted at will, with the "Empty local cache" function in the same menu.

    Most of LastPass users did not lose access when server went down since one copy of the database is usually stored locally.

    The master passwords for LP are encrypted. If you have a strong password (and if you're a regular Hacker of the Life then you should have) then there isn't anything to worry about. That's the whole point of encryption.

    Also 1Passwords dropbox syncing is pretty secure, because your info is encrypted on drop box and you still need to type your master password to access it.

    So to get to it first your dropbox account then your 1password master password would both have to be compromised.

    I've been using Pins on Windows for the best part of 10 years;

    http://www.mirekw.com/winfreeware/pins.html

    It's free and secure, and the program is just a single standalone executable 400KB in size.

    There is no fancy auto-form-population/browser integration. It can lauch hyperlinks and that is about as advanced as it gets.

    The pins database is also just a single file.

    I use it to store absolutely everything.
    Bank Accounts / Credit Cards nos
    Brokerage accounts
    Serial numbers of various hardware i have purchased (TVs / Cameras / Computers)
    Software license regtistration information
    Injections I have had / and dates (Hepatitis B / Havrix etc)
    Drivers License / Passport info
    etc.

    It is essentially my one stop shop for absolutely everything ; and not reliant on servers/browsers etc etc.

    I also sync my secure pins database to dropbox ; which keeps track of versions for me.

    I use Password Safe and simply sync the password file between my computers. I actually prefer its lack of browser integration for the same reason I don't use the browser's built in password managers - I don't want anyone automatically logging in as me if they happen to get their hands on my machine. It does have an auto-type function to enter the username/password if you'd rather not copy and paste.

    I haven't tried either, but there appears to be an iPhone port (with Dropbox support) as well as an Android port.

    I have been using Passpack for a while on my Windows PC's, at work and my Linux laptop.

    Passpack is encrypted in the cloud and if you loose your key, not even Passpack can help you.
    So even if the Passpack servers are compromised the hacker would still have the very daunting task of decryption.

    I also use a Yubikey for 2 factor OTP authentication

    I use keepass at work, and it's really effective - especially since it comes in a portable version. I have a folder with the program/database on the server and just link it from everwhere, so it works fine with whatever remote access(terminal server/vpn) and backup system (offsite and tape) you already have. As convenient as a web based service and you keep control over every copy of the password database.

    It wasnt really a 'breach'. They detected some abnormal uploading from one of their servers. They forced a master password change just to be 100% sure users are secure. I wouldn't stop using it because of this incident.

      +1
      Every - EVERY - service can fail once!

Join the discussion!

Trending Stories Right Now