You have lots of options for password managers, and when it comes to your security, you want the best possible tool for the job. Let’s take a look at some of the most popular password managers and compare them side-by-side so you can pick the one that’s right for you.
Photo by Sergay Nivens
Considering the security required for a password manager, you have a surprising number of choices here. We spent some time with all of them, then picked the following five because they hit the sweet spot between reliability, features, security and support (and not surprisingly, the best five were those picked in our last password manager Hive Five). With that said, we’ll also talk about some of the other options at the end too. Let’s start by taking a look at the basic feature set of our top five choices. In this table, 3P indicates support via a third-party app, not the original developer. (If you’re on a mobile device and can’t read the whole table, click here to see it in graphic form.)
Feature | LastPass | Dashlane | KeePass | 1Password | Roboform |
---|---|---|---|---|---|
Windows | Yes | Yes | Yes | Yes | Yes |
Mac | Yes | Yes | Yes | Yes | Yes |
Linux | No | No | Yes | No | No |
Chrome | Yes | Yes | No | Yes | No |
Firefox | Yes | Yes | No | Yes | No |
Opera | Yes | No | No | Yes | No |
Safari | Yes | Yes | No | Yes | No |
Internet Explorer | Yes | Yes | No | No | No |
Windows Explorer | Yes | No | No | Yes | No |
Android | Yes | Yes | Yes (3P) | Yes | Yes |
iOS | Yes | Yes | Yes (3P) | Yes | Yes |
Windows Phone | Yes | No | No | No | No |
BlackBerry | Yes | No | No | No | No |
Password strengh report | Yes | Yes | Yes | Yes | Yes |
Automatic password changing | Yes | Yes | No | Yes | No |
Password generator | Yes | Yes | Yes | Yes | Yes |
Security alerts | Yes | Yes | No | Yes | No |
Secure password sharing | Yes | Yes | Yes | Yes | No |
Two-factor authentication | Yes | Yes | Yes (3P) | No | Yes |
Form filling | Yes | Yes | Yes | Yes | Yes |
Security notes | Yes | Yes | Yes (3P) | Yes | No |
Syncing | Yes | Yes | Yes | Yes | No |
Features aren’t everything — usability, support and security also matter. These are the basic features that each of these password managers offer:
- Password generation: The only secure password is one you can’t remember, and you need a different one for every account you use — which means a password generator comes in really handy. All of the password managers on this list will do that for you when you sign up for a new account on a web site.
- Form filling: Every password manager here will also fill out your name, address, and other information automatically on other sites. This option isn’t specifically related to passwords, but hey, it’s super-handy.
- Secure password sharing: Each of the password managers here support sharing passwords securely with other people. They each handle this a little differently, but if you need to share a password with a co-worker or family member, this feature is one of the easiest (and most secure) ways to do so.
- Secure Notes: If you want to store extra passwords for Wi-Fi networks or any personally identifiable information, all of these password managers include a secure notes section.
Next, let’s take a look at how each of these password managers differ — and what they charge — to help you pick the one that’s right for you.
LastPass
LastPass has long been a household favourite here at Lifehacker, but that doesn’t necessarily mean it’s the best manager for you. Let’s take a quick run through its feature set:
- Browser extensions and a dedicated Mac app: With browser extensions, you can use LastPass with just about any browser out there, without the need for an extra app on your computer. Once you get it set up, your login and password information are saved securely on LastPass’s servers, and you can access them from any computer which has the extension installed. The Mac app adds a few more features to the extensions, including a faster search and a better way to browse your passwords outside your browser.
- Mobile apps: If you do a lot of browsing on your phone or tablet, you can take your LastPass passwords with you. The apps themselves are free, but they require a LastPass Premium account ($US12/year) to actually use. LastPass is available on Android and iOS like everything else on this list, but you can also get it on Windows Phone and Blackberry.
- Password audits: LastPass will scan your vault to check for weak passwords and help you create more secure ones. It will also show you a score on the screen so you can quickly see how strong the bulk of your passwords are.
- Automatic password changes: After a site gets hacked, it’s generally advisable to change your password for that service (and any other service on which you used the same password). LastPass keeps a database of hacks around the web and will alert you when you have an account that’s been compromised. From there, you can change your password with just a click.
- Two-factor authentication: LastPass supports two-factor authentication through services like Google Authenticator, Grid, YubiKey and more.
Where LastPass fails: LastPass is free if you’re only using it on your computers, but the extra features and mobile apps do cost $US12/year. That might sound like a lot over the course of your life, but with a subscription system you’re more likely to get more features and better support. That said, even after a much-needed update, the interface is still a bit clunky, and it takes a while to get the hang of. Likewise, LastPass stores your (encrypted) passwords in the cloud, which some might not be comfortable with, but this is done in a fashion that’s quite secure and keeps them safe from hackers. LastPass has been very good about notifying users immediately if an incident occurs, and if you have two-factor authentication enabled you should be safe in the case of any password breaches.
Who LastPass is for: LastPass is a great all-around solution for people who just want to keep their passwords safe. It has enough advanced features, even in the free version, to make it worthwhile for most power users. LastPass’ real appeal, though, is the fact that anyone can get started using it really quickly (provided they can navigate the clunky UI). With the exception of mobile access, most of LastPass’ best features are available for free, so if you don’t need to get your passwords on the go, it’s easily your best option. LastPass also has the widest mobile support of all the password managers, with apps on Android, iOS, Windows Phone and Blackberry, so if you’re not an Android or iOS user, it’s your best bet.
Dashlane
Where LastPass fails a bit in basic interface, Dashlane truly excels. It’s packed with a lot of features and is incredibly easy to use, even if you’re not the most computer-savvy person out there. Here’s what you’ll get with Dashlane:
- Browser extensions, Windows and Mac apps: Dashlane works primarily from its desktop apps, but browser extensions allow you to integrate that data into your browser too. This means that you can set up Dashlane to store your data and sync online if you want, or keep it locally if you don’t want those passwords going anywhere. Unlike LastPass, you’ll need the Windows or Mac apps installed to use the browser extensions.
- Mobile apps: If you want to use the free mobile apps, you’ll have to shell out for a subscription. Dashlane’s is $US40/year.
- Password audits: Dashlane has a handy security score screen where you can check for weak or duplicate passwords, then automatically change them in a click if a hack is reported. Likewise, Dashlane will alert you if a security breach is reported.
- Automatic password changes: One of Dashlane’s more impressive features is the Password Changer. Just log into your Dashlane account, click the checkboxes next to any passwords you want to change, and Dashlane will automatically change them on each individual site, all at once.
- Two-factor authentication: Dashlane supports two-factor authentication through Google Authenticator.
- Digital Wallet: Dashlane’s digital wallet stores all your credit card information, then automatically saves receipts and screenshots of your online purchases. If you’re using the mobile apps, that information goes with you too.
Where Dashlane fails: If you want features like syncing and web access to passwords, Dashlane is quite costly pricey at $US39.99/year. However, you do get a lot of bang for your buck, and the app is constantly being updated with new features and security improvements.
Who Dashlane is for: If you’re willing to pay the $US39.99/year for Dashlane, it’s definitely one of the easiest password managers to use. The breach notifications, consistent UI and range of features makes it a better entry-level password manager than LastPass if you’re willing to shell out the cash. The automated, bulk password changes also make it a great choice for anyone who doesn’t want to spend the time altering passwords.
KeePass
KeePass is the only truly free option that’s any good, and it’s also open source, which is immediately appealing to a lot of people. That said, KeePass works a lot differently than some of the more modern options. KeePass stores all your passwords locally, and doesn’t have a syncing service — though you can sync your passwords through Dropbox with a plug-in. Beyond that, its feature set is drastically different to your other options.
- Official Windows, Mac, and Linux apps: KeePass is officially available on Windows, Mac, and Linux. It integrates with your system to fill out passwords not just online, but everywhere else on your computer as well. KeePassX is a clone that alters the look and feel of the original a bit, if you’re looking for something different.
- Unofficial mobile apps: Officially, the KeePass team doesn’t make any mobile apps, but since it’s open source, other people have. You can find a massive list of various ports for iOS, Android, Blackberry and more here. Just remember that you’ll need to manually sync your passwords to your mobile device, since KeePass won’t do it for you.
- Portability: KeePass doesn’t require installation on your system, which means you can carry it around on a USB stick from computer to computer easily.
- Plug-ins add tons of features: Besides being free and open source, the truly unique thing about KeePass is the support for plug-ins. With them, you can completely alter how KeePass works. This includes adding syncing through service like Google Drive or Dropbox, adding enhanced search, creating password strength reports and many more.
Where KeePass fails: KeePass is a decidedly more hands-on password manager than the other options here, which means it’s not as simple as something like Dashlane. It would be hard to recommend KeePass to anyone who isn’t computer literate, even though it is the only completely free option. KeePass also doesn’t have the handy security alerts and automatic password changing features of some of the other paid options.
Who KeePass is for: If you’re willing to put in the effort to set it up, KeePass is incredibly powerful and well supported. Since it offers offline access and gives you complete control of your encrypted passwords, it’s perfect for anyone who doesn’t want to keep their data stored on a third-party server. If you’re the tinkering type who likes to really customise your software, KeePass is definitely worth trying.
1Password
Like LastPass and Dashlane, 1Password takes the “simple is better” approach to a password manager and sports the best-looking software suite of the bunch. While it might look the same as its rivals at first glance, it has its own special twist on the password manager approach. It includes:
- Windows and Mac apps, with integrated browser extensions: 1Password works similarly to Dashlane: you need the desktop app installed, but you can easily integrate it into your browser with extensions for Chrome, Firefox, Safari and Opera. The nice thing about 1Password is the fact you can use it locally only, or sync to the web if you want to use it across devices. You can sync through Dropbox, iCloud, Wi-Fi or shared network folders. You’ll need to download a single licence of the desktop apps for a one-time fee of $US50.
- Mobile apps: 1Password has free apps available on iOS and Android. Uniquely, you can download and use these apps for free without paying for the desktop companion, but you won’t get the syncing features.
- Password audits: 1Password will take a look at all your existing passwords, then audit them for duplicates, weak passwords and old passwords. The Watchtower service will monitor your passwords and alert you to any breaches that require you to change your password right away.
- Two-factor authentication: Instead of supporting a variety of two-factor authentication services, 1Password acts as its own authenticator if you’re a paid user of the apps. This allows you to generate one-time passwords for a variety of services. It does not support two-factor authentication to access your 1Password account, though, which is a pretty big downside.
- Digital wallet: 1Password includes a digital wallet that organises and securely stores any personal information you want. You can set it up to store credit cards, IDs, passport numbers, and just about anything else.
Where 1Password fails: While it’s the only password manager on here that offers a one-time payment option, the $US50 entry fee to use 1Password is a bit high for some people. Thankfully, there is a demo available if you just want to check it out. While most people are only using Windows, Mac, iOS and Android, the lack of support for other operating systems does limit its usage a little. The lack of a two-factor authentication method is also a pretty big security hole and a major disadvantage compared to your other options.
Who 1Password is for: If you’re a fan of good design, 1Password is easily the best looking password manager on this list. It’s constantly getting updates and new features, so you know that your $US50 is well spent. If the thought of paying an annual subscription for Dashlane or LastPass is a turn off, 1Password’s the way to go.
Roboform
Roboform has been around for a long time, and while it’s not the most innovative password manager out there, it does its primary job very well. It has:
- Windows, Mac and Linux apps: Roboform is available on all the major platforms, including on a USB stick, which makes it easy to transfer from computer to computer. The apps themselves integrate right into Chrome, Firefox, Internet Explorer and Safari. Like 1Password, you can sync your password in the cloud or store your passwords locally only.
- Mobile apps: Roboform is available for Android, iOS and Windows Phone for free.
- Start page: If you log into the same sites every day, Roboform has a handy start page where you can easily log into a bunch of different sites at once.
Where Roboform fails: Roboform is easily the least feature-packed on this list, and at $US9.95/the first year and $US19.95/every year after, it’s hard to justify why you’d pick Roboform over something like LastPass. If you’re only interested in the desktop version and not the syncing features, you can grab the Windows or Mac apps for a one-time fee of $US29.95. Roboform has been around a long time and has a incredibly good history of solid security. For a password manager, that’s a very important thing.
Who Roboform is for: Roboform’s lack of advanced features have one very specific advantage: it’s incredibly easy to use. It generates passwords, logs you into sites, and that’s it. There’s no extra fluff, no wasting time checking password security (assuming you’re already up to snuff), or anything else. If you’ve been using strong passwords for a while, Roboform is a nice, barebones option that does just what it’s supposed to do and nothing else.
Other, Lesser-Known Options
As we mentioned at the start of this post, there are a lot of different password managers in existence. Most don’t stray too far from the feature set of the above five though, and many are held back by extreme pricing models or platform availability. That said, if none of the above work for you, these may be worth checking out:
- Password Safe: Password Safe was created with the help of security technologist Bruce Schneier, so you know it’s one of the most secure password managers out there. That comes at the cost of convenience. The free version of Password Safe is only available on Windows (The Mac clone is $18.99), and it doesn’t integrate with browsers. Heck, it doesn’t even create passwords for you, it’s simply a vault. But it’s a very secure vault.
- Keeper: Keeper does the basics of a password manager and adds in a handy file vault as well. The pricing is a bit on the higher side though, with a single device costing $US10/year and multiple devices running you $US30/year.
- PasswordBox: PasswordBox is a free password manager that has all the features you’d expect, but it’s hard to recommend at the moment as it’s in a transitional period after being bought out by Intel Security. On paper, that sounds like a good thing, but it’s difficult to gauge what software support will be like from here on out.
Whichever one you pick, just remember: it doesn’t really matter which you chose, but pick one. If you aren’t using a password manager, you’re more vulnerable than you think.
Comments
20 responses to “Lifehacker Faceoff: The Best Password Managers, Compared”
I don’t get the first table, maybe i’m reading it wrong.
Lastpass is definitely available for Windows and IE:
https://lastpass.com/misc_download2.php
Lastpass for windows installer will install lastpass to every browser on your system.
Lastpass for applications stores logins from other applications that are not browsers.
Lastpass Pocket, Lastpass IE Anywhere and Lastpass Portable are all solutions for using lastpass on untrusted computers (like internet cafes or at work). Lastpass Pocket gives you full offline access storing an encrypted database on your USB key.
Also Lastpass Sesame is available for all linux distributions, allowing you access to your vault with support for 2FA. So it’s available for linux as well.
I read it the same way. I was thinking that if it wasn’t available for IE, what the hell was I using?
Was going to point this out but you beat me to it. LastPass has had Windows desktop support for a while now.
Thanks for the corrections everyone, table updated
As above please get your facts right.
Lastpass has a windows installer, runs in Windows, linux and Internet Explorer.
Windows installer (covers IE)
https://lastpass.com/download/cdn/lastpass_x64.exe
Linux installer
https://lastpass.com/lplinux.php
My referral Link
https://lastpass.com/f?361586
In your feature table, you list “Secure password changing” as a feature. Did you mean “Secure password sharing”?
I’ve always wanted a good password manager, but never found one that really does everything.
I feel like a password manager has to do absolutley everything, otherwise it just defeats the purpose.
For example, A password manager won’t be able to log into Steam accounts, Battle.Net, or pretty much every other desktop application with a log in. I’m sure things like Adobe accounts would be affected too. Basically it only works for browsers (and some OS things).
Obviously this is useful but if I’m going to completely forgo passwords and rely on one of these I need it do do everything.
Then there’s the question of security. Yes all of these are hard (or impossible) to crack… But a simple keylogger which grabs your master password is going to ruin your life. It’s kind of an “all eggs in one basket” thing, it’s much safer but the risk is still there and the severity of a breach is much worse.
I tried lastpass once and I noticed that it wouldn’t even work for my bank (in Chrome) because the bank opened a popup window. I assume this is specifically to stop malicious extensions but it also stopped lastpass. That being said, it was a while ago and could have been a bug.
Also how do password managers deal with 2-factor authentication… will I be prompted to enter in my gmail 2 factor code anyway? I may as well log in myself.
LastPass (with a subscription) and probably some others on the list will work with desktop applications just fine, including battle.net and Steam.
You rarely need to enter your master password. When you do, it’s usually in a browser extension that a keylogger won’t be able to link to your particular password service. Many of the password services above also support two-factor authentication, meaning even if a keylogger did get your password, it’s useless without the time-sensitive code.
Popup windows work fine with LastPass, I’ve never had any issues. Maybe check the domain the popup is on and compare with the domain you saved your credentials against, some sites use multiple domains. In LastPass at least there’s a way to map multiple domains together, meaning a login for one is regarded as a login for all of them. For example, kotaku.com.au, gizmodo.com.au, lifehacker.com.au all use the same account, so you can map them all to be treated as the same site.
Password managers won’t do 2FA for you, you still have to enter it yourself. Google only asks me for two-factor authentication once a month and remembers the device I logged in with. Even if you’re being prompted for 2FA at every login, it’s still going to be quicker and safer to let a password manager remember your password and regenerate it regularly than to remember it yourself.
Thanks for the reply, maybe it’s come a long way since the last time I tried it (would have been at least 2 years ago).
Might give it another go. The pop up windows and desktop apps was the main thing holding me back
I can’t say for sure if the problem you had has been fixed but it might be worth giving it a crack to see how it is now. Just a reminder that you do need the subscription with LastPass to be able to use the desktop app.
For the Roboform, depending on the criteria used to create the table, there are some errors:
– Linux IS supported with extensions for Chrome, Firefox and Opera;
– Chrome, Firefox, Opera, Safari and Internet Explorer ARE supported, with extensions or via standalone program (hence the reference to the criteria adopted);
– Windows Phone IS supported;
– Security Notes IS supported;
– Sync IS supported.
Reference: http://www.roboform.com/platforms
KeePass supports browser integration, there’s ChromeIPass and FirefoxIPass plugins for it. Also you can set passwords to expire after a certain date too.
One thing to also note, the Android app Keepass2Android installs a custom keyboard, so you select your entry, and get specific buttons for Username and Password. SOOOOOOOO very handy as some apps (I’m looking at you PayPal) don’t support copy and paste.
1Password gained 2factor support this week.
https://blog.agilebits.com/2015/01/29/1password-4-1-0-538-for-windows-gets-totp-more-control/
Very late to the game, but definitely a positive step. All sites should support the option for 2FA.
KeePass is my favourite as I don’t want it to interact with the browser nor any soft automatically. I feel more secure about using it manually and only specifically when I need too.
GateKeeperpro.com has a great Next Gen account manager with 2fa, remote disconnect, monitoring… the whole nine yards…
As noted before (and Angus was going to follow up on this) – Lifehacker’s password dialog box seems to defeat LastPass and I have to clunk through its UI to get Lifehacker details filled in very regularly.
To @memeweaver I know you wrote this comment about a year ago but I just read it today. I’m trying to decide which to use myself, LastPass or 1Password or somewhere inbetween. You comment however interested me, and wondered what Angus was actually going to follow up on! You statet ” LifeHacker’s password dialog box” defeats LastPass. I’m curious what you meant by that, only being an in front of Screen person in animation, or used to be pre-Broken bones and Emmy wins, now…well, maybe silly, but what did you mean by that, LH’s password dialogue box defeating LastPass, since I was just about to but the thing. Thanks!
And one of LifeHacker’s other bugs is erratically not attaching replies to the correct comment, so please @gio-m read my other comment.
I actually encountered this again trying to login to respond.
LifeHacker pops up a separate dialog box to re-enter login details, and LastPass Autofill won’t work with that. I have to manually track through the LastPass menus to extract my details and post them to that box.
This is the *only* site I have an account with that presents this problem. So no follow up was ever done (or at least reported on).
Just tried to start using Dashlane after the Dropbox breach forced me to changed all of my passwords, and unfortunately it seems like their password changer is no longer working/ available. Might want to update this article.