The 6 best password managers

Look to these top password managers for Windows, MacOS, iOS and Android to make your online life easier and more secure.

1 2 Page 2
Page 2 of 2

It’s important to keep these vulnerabilities in perspective. All software has bugs, and security software is no exception. The most important consideration when choosing which software to use is whether vulnerabilities are patched soon after they’re discovered. LastPass has passed this test.

lastpass 01 Tim Ferrill

LastPass screen to select which website to log into

LastPass offers a free and premium pricing tier for consumers, with the premium service costing $2 per month. Users of the free edition get many of the basics you’d expect from a cloud-based service including plugins for multiple browsers and access from any of your devices. The free version even supports multifactor authentication, using a variety of options including LastPass Authenticator and Google Authenticator. And while mobile device support used to be limited to Premium subscribers, LastPass users can now synchronize with their mobile apps using the free service.

Premium users gain the ability to share credentials with family members. The Shared Family Folder feature allows a single user to share with up to five other users, including users with free accounts. The downside is that Premium subscribers are limited to a single shared folder, and permissions are managed at the folder level, which isn’t as fine-grained as some of the competition. Users wanting more control over sharing will need to look into LastPass Families.

LastPass supports several forms of two-factor authentication. I’ve already mentioned that both LastPass Authenticator and Google Authenticator are supported with free accounts, providing simple integration using a mobile device. LastPass Authenticator can be used to receive push notifications in the event of an authentication attempt, allowing you to confirm the authentication request from your mobile device. Premium accounts gain support for Yubikey, a USB hardware authentication device, and Sesame, a software authentication tool run from a USB storage device, as well as support for desktop fingerprint readers in Windows.

If you need simple password management, you can’t go wrong with a free LastPass account. For more granular credential sharing and mobile device support, both LastPass Premium and LastPass Families are bargains at $2 and $4 (for up to six users) monthly.

RoboForm

RoboForm is a popular password manager and form filler. It falls short of the leading password managers on a few counts, but it has been closing the gap. RoboForm Everywhere, the premium tier, offers synchronization across multiple platforms, a web app, two-factor authentication, and sharing capability. RoboForm Everywhere is licensed annually for $23.88, though licenses can be purchased for longer time periods at a discount. RoboForm also offers a Family license for $47.75 per year which enables support for up to five users.

TOTP-based two-factor authentication is now supported in RoboForm, marking a major improvement over the last time we looked at the solution. RoboForm also supports secure sharing of credentials: Individual records can be shared, or a single shared folder can be created along with the ability to manage permissions for the users you’re sharing with. To maintain the security of shared credentials RoboForm does require the user you’re sharing with to have a RoboForm account of their own. Your best bet if sharing is a critical component would be to go with RoboForm Family.    

SplashID Safe

SplashData has been in the password manager business for years. Its product, SplashID, has been particularly popular on mobile devices. Currently SplashID supports access through the web and client apps for Windows, Mac, iOS, Android, BlackBerry 10, and Windows Phone.

Where other password managers are either local or cloud-based, SplashID supports either option. SplashID has simplified its licensing structure somewhat in version 8. A basic SplashID account is free but limits you to one device and doesn’t allow sharing or backup. A SpashID Pro account allows you to synchronize your password vault for $1.99 per month or $19.99 per year. SplashID Pro supports unlimited devices, synchronization over the Internet or Wi-Fi, sharing, and automated backup. It also comes with customer support.

Businesses or families can leverage TeamsID, which offers many of the same features as SplashID, but is geared toward groups. TeamsID adds an admin panel that allows you to control who has access to each record, either by assigning a record to an individual user or a group of users. TeamsID costs $3 monthly per user.

SplashID has at least one feature we wish all the cloud-based services would implement: the ability to configure a login as local only, giving you the ability to prevent your most sensitive data from being stored on the Internet. The idea is that if you have certain login information or other sensitive data you don’t trust to the Internet, you can prevent this information from being uploaded to SplashID’s servers.

SplashID Safe supports two methods of sharing login information. When sharing with a user who has a SplashID cloud account, the login information is imported directly into their account. Users without a SplashID cloud account will receive an email containing a link to securely retrieve the information. Links to shared information are secured with a password (which can be included in the email or shared using another method), valid for only 24 hours, and expire after the first use.

Two-factor support in SplashID provides an extra layer of security only when registering a new device (not on each login), requiring you to enter a six-digit code sent via email. While a registered device paired with a password technically meets the definition of two-factor authentication (something you have and something you know), it’s not quite on a level with services offering support for Google Authenticator or other two-factor methods. SplashID Safe offers a pattern unlock feature as an alternative to a master password, which works just fine on mobile devices, but feels a little strange in the web browser.

Other contenders

It’s always nice when a security product is backed by a brand synonymous with computer security, and Symantec’s Norton Identity Safe certainly has that factor in its favor. Identity Safe has another plus: It’s completely free. You can choose from a number of free password managers, but none are cloud services operated by a software vendor with a level of trust built up over decades. Norton Identity Safe used to be part of a Norton security suite, but it’s now a stand-alone service with a web front end and clients for iOS and Android.

KeePass isn’t the only open source password manager. There’s also Password Safe, currently available for Windows in both installable and portable versions, and for Linux in a beta version. Password Safe is not nearly as feature-rich or mature as KeePass, and I’d be hard-pressed to give you a reason to use it over its big brother. That said, Password Safe is a viable alternative, and if all you need is a local password manager, the decision may come down to which program you find easier to use. The result may be Password Safe.

Buttercup as an open-source alternative to keep an eye on. Now in version 1.10, Buttercup is a more polished option than either Password Safe or KeePass, at least in terms of user interface. Our only hesitation with Buttercup last time around was a lack of mobile support, which is now a non-issue, with clients for both Android and iOS.

Keeper is a full-featured password manager supporting multiple client platforms including Windows, MacOS, iOS, Android, and Windows Phone. Security features include two-factor authentication and secure sharing. Keeper offers two pricing tiers, starting with an Unlimited account that provides unlimited password storage, access to the Keeper web app, secure sharing, and access to the support team for $2.50 per month. Keeper Family supports up to five users, provides 10GB of secure file storage, and offers a streamlined sharing experience.

Trend Micro Password Manager has a free option that supports only five passwords. Trend Micro’s subscription service, which costs $14.95 for one year or $24.95 for two years, supports an unlimited number of passwords and devices. Desktop clients are available for Windows and MacOS, and mobile clients are available for iOS and Android. While there’s nothing wrong with Password Manager, it doesn’t match other competitors in features or polish.

This story, "The 6 best password managers " was originally published by InfoWorld.

1 2 Page 2
Page 2 of 2
SUBSCRIBE! Get the best of CSO delivered to your email inbox.