There was a time when all it took to be a great password manager was to keep your passwords in an encrypted vault. Now the best password managers give you the option to sync or keep passwords local-only, change web passwords with a click, and log in to sites for you automatically. This week, we're looking at five of the best options.
Photo by Maksim Kabakou (Shutterstock)
As the recent Dropbox data breach showed, it definitely pays to invest in a secure pass word manager. Good password managers offer the flexibility to go single-device with no web or online components at all, or the option to sync across your devices. Some log in to sites for you; others audit your passwords to make sure you're not using the same in too many places.
Yes, we are aware that LastPass was hacked last year. However, stored passwords for other sites were not stolen and the authentication hashes for master passwords were sufficiently encrypted to prevent hackers from accessing user accounts. As with every password manager on this list, it definitely pays to regularly update your master password and ensure you haven't used the same password for any other services -- just in case.
LastPass is clearly the juggernaut here, and for good reason. The service was one of the first well-rounded password managers available, making it easy to store all of your passwords either online and synced with other computers and devices, or locally on one device. LastPass makes it easy to audit your passwords, use stronger passwords in general, and even automatically change a password for you if a service has been hacked or compromised.
LastPass supports two-factor authentication for your password vault using Google Authenticator, USB devices (using a method we've outlined before) or a YubiKey, The service picked up a much-needed update in late 2013 which streamlined the UI and made it easier to use. It also sports a number of additional features including credit monitoring, secure password and document storage and sharing, notifications when a site you have an account with has been hacked, and tools to autofill forms and streamline online shopping. LastPass supports Windows, Mac, Linux, Android, iOS, Windows Phone and Blackberry, and has plugins for Chrome, Firefox, Safari, Opera and Internet Explorer. It's free to download and use, but if you want its best features and the mobile apps, you'll need to upgrade to LastPass Premium, at $US12/year. If you want to learn more about LastPass, the company told us the story behind the app last year.
Dashlane launched in beta back in 2012, and has risen to prominence since thanks to its interface (which is sharp and easy to use), simple security, easy auto-login, form auto-fill, and logging of orders from online shops. It has seen a number of updates since then, including support for two-factor authentication, the ability to share passwords with emergency contacts in case you can't access your accounts, and most recently, the ability to change multiple passwords on dozens of websites with a few clicks.
Dashlane will notify you if you have an account on a site that's hacked, and with its built-in password changer, you can have Dashlane reset the password to a new, unique and strong choice without leaving the interface. If you want to change all your passwords at once, you can do that too. The purchase tracking and digital wallet features make online purchases secure even at retailers you don't have accounts with, while secure note and document sharing gives you a place to store passwords that can't be automatically filled in. Dashlane also gives you the option to store your passwords locally only in an encrypted vault (where only you have the master key), or to sync them to your devices and access them on the web. Dashlane supports Windows, Mac, Android and iOS, and has plugins for Chrome, Firefox, Safari, and Internet Explorer. It's free to download and use, but if you want your passwords synced across devices, you'll need Dashlane Premium, at $US40/year.
If free (as in speech and as in beer) and open source are your go-to requirements for a security product, KeePass is perfect for you. Your passwords in KeePass are stored inside an encrypted database that you control, on your own system, and are never synced or uploaded anywhere unless you want to take them from machine to machine. KeePass is also a portable app, meaning it's easy to take with you and use on multiple computers, even if that machine is locked down and all you have is a thumb drive.
It has its own password generator to help you change passwords and make sure every one of them is unique and strong. Passwords database in KeePass can also be configured with multiple keys so you can share access among privileged users, and exported in plain text for quick importing elsewhere (or backups). Plus, KeePass has lots of third-party plugins and tools to extend its functionality and bring it to more devices, browsers and platforms. KeePass' auto-type functionality works in all windows and all browsers, which means that KeePass can log in to sites that other password managers can't, and can log in to applications, system dialogs and other password prompts that you'd otherwise have to copy/paste a password into.
KeePass officially supports Windows, Mac and Linux, and there are unofficial (it is open source, after all!) ports with different features available for Windows, Mac , Linux, iOS, Android and Windows Phone, including KeePass X.
1Password is well-regarded for offering a powerful and secure password manager and digital wallet in a really sharp-looking package that shines on every platform it runs on. It's flexible, easy to use, works seamlessly in just about every web browser, and packs in the features you'd expect from a premium password manager and secure document storage tool. 1Password looks great, comes with a strong password generator to help you pick good passwords every time you change one, secure notes for other passwords or notes that you want to keep private, a digital wallet for bank accounts and payment info, and a password "recipe" builder that lets you customise your passwords instead of just accepting whatever algorithm the password generator spits out at you.
1Password can be used locally only, without syncing any information to the web, or you can use it across all of your devices by syncing your encrypted vault via Dropbox, iCloud, Wi-Fi or shared network folders. You can also set up emergency contacts and share passwords with authorised users. You can even keep multiple vaults for different types of passwords. 1Password supports Windows, Mac, Android and iOS, with plugins for Chrome, Firefox, Opera and Safari. One of 1Password's stand-out features is that you get a premium product for a one-time fee -- you can download and try it out for free, or buy a single licence for $US50 (or buy a Mac and Windows licence bundle for $US70.) Mobile apps and extensions are free, but require a licence to use. If you're curious, you can read the story of 1Password here.
RoboFform has been around a long time (since 1999), and has always had a large number of dedicated users who have rallied around it, both as a great tool for form-autofill on the web, and as a password manager. Roboform gives you the option to keep your passwords and data encrypted and local, or sync to the web and across devices. It supports multiple identities, so you can autofill form information based on different users, addresses, or any other mix-and-match of data you choose. You can also take RoboForm with you on a USB drive from computer to computer.
The app's most recent major update was a few years ago, which added a great-looking interface, brought it to more browsers, and delivered both online and offline password management options. RoboForm also has bookmarking features to help you keep track of your favourite sites.
RoboForm supports Windows, Mac, Linux, Android, iOS and Windows Phone (with older versions available for platforms like the Blackberry and SymbianOS), with plugins available for Chrome, Firefox, Safari, Internet Explorer and Opera. It's free to download and use -- for the first 10 logins. If you need more (and who wouldn't?), or need to sync or access passwords on multiple devices, you'll need RoboForm Everywhere, which will set you back $US20/year for all of your devices and computers (currently, it's $US10 for the first year.)
This week's honourable mention goes out to Password Safe, otherwise known as security and privacy expert Bruce Schneier's password manager, which is another great open source option for Windows (free), Mac ($18.99), Android (Free) and iOS ($6.49). The Windows version is the official one, with the others being clones and ports by third parties. Password Safe supports two-factor authentication, and is designed to be secure, encrypted, local password storage.
Have your own favourite password manager? Tell us about it in the comments.
This story has been updated since its original publication.