The 6 best password managers

Look to these top password managers for Windows, MacOS, iOS and Android to make your online life easier and more secure.

1 2 Page 2
Page 2 of 2

LastPass may be the most popular password manager in this review, due to a rich set of features, support for a wide range of mobile platforms, and straightforward licensing, not to mention aggressive marketing. Unlike KeePass, LastPass is decidedly cloud-centric, using its own cloud service to store user information and synchronize data.

The sheer popularity of LastPass makes it a tempting target for people with malicious intent and the skill set to match. Over the last three years LastPass has acknowledged multiple security incidents, including compromised user emails and password reminders, though its encrypted user vaults were not compromised. The more recent security issues were due to a vulnerability in the LastPass browser plugin.

It’s important to keep these vulnerabilities in perspective. All software has bugs, and security software is no exception. The most important consideration when choosing which software to use is whether vulnerabilities are patched soon after they’re discovered. LastPass has passed this test.

LastPass offers a free and Premium pricing tier for consumers, with the Premium service costing $1 per month. Users of the free edition get many of the basics you’d expect from a cloud-based service including plugins for multiple browsers and anywhere access. But the free version even supports multifactor authentication, using a variety of options including LastPass Authenticator and Google Authenticator. And while mobile device support used to be limited to Premium subscribers, LastPass users can now synchronize with their mobile apps using the free service.

lastpass IDG

LastPass is a cloud-centric password manager with an abundance of features and mobile clients.

Premium users gain the ability to share credentials with family members. The Shared Family Folder feature allows a single user to share with up to five other users, including users with free accounts. The downside is that Premium subscribers are limited to a single shared folder, and permissions are managed at the folder level, which isn’t as fine-grained as some of the competition. Users wanting more control over sharing will need to look into LastPass Teams or LastPass Enterprise.

LastPass has a somewhat confusing array of pieces. Downloading the basic installer for Windows provides browser plug-ins, an import tool (for migrating from another password vault or spreadsheet), and a shortcut to the LastPass web app, all in addition to the desktop client. Premium subscribers also have access to LastPass for applications, which provides increased utility by allowing you to automatically log into desktop applications such as Skype or a corporate VPN client.

LastPass supports several forms of two-factor authentication. I’ve already mentioned that both LastPass Authenticator and Google Authenticator are supported with free accounts, providing simple integration using a mobile device. LastPass Authenticator can be used to receive push notifications in the event of an authentication attempt, allowing you to confirm the authentication request from your mobile device. Premium accounts gain support for Yubikey, a USB hardware authentication device, and Sesame, a software authentication tool run from a USB storage device, as well as support for desktop fingerprint readers in Windows.

If you need simple password management, you can’t go wrong with a free LastPass account. For more granular credential sharing and mobile device support, LastPass premium will be the best $1 you spend each month.

RoboForm

RoboForm is a popular password manager and form filler. It falls short of the leading password managers on a few counts, but has been closing the gap. RoboForm Everywhere, the premium tier, offers synchronization across multiple platforms, a web app, two-factor authentication, and sharing capability. RoboForm Everywhere is licensed annually for $19.95, though licenses can be purchased for longer time periods at a discount.

Users looking for enhanced security can use SMS-based One-Time Passwords (OTP) with RoboForm by enrolling their phone. However, other multifactor authentication options are absent. RoboForm does support sharing credentials, though there are some key limitations. Individual records can be shared, or a single shared folder can be created along with the ability to manage permissions for the users you’re sharing with, but you can’t share from the web app, and users must have a RoboForm account to receive shared credentials.

One feature RoboForm offers that’s on par with LastPass is the ability to handle application-based logins, not just those in your web browser. This has the potential to be a killer feature under the right circumstances, particularly for users who must manage logins to multiple apps for cloud services or corporate tools.

SplashID Safe

SplashData has been in the password manager business for years. Its product, SplashID, has been particularly popular on mobile devices. Currently SplashID supports access through the web and client apps for Windows desktop, Windows, MacOS, iOS, Android, BlackBerry 10, and Windows Phone.

Where other password managers are either local or cloud-based, SplashID supports either option. SplashID has simplified its licensing structure somewhat in version 8. A basic SplashID account is free, but limits you to one device and doesn’t allow sharing or backup. A SpashID Pro account allows you to synchronize your password vault for $1.99 per month or $19.99 per year. SplashID Pro supports unlimited devices, synchronization over the Internet or Wi-Fi, sharing, and automated backup. It also comes with customer support.

Businesses or families can leverage TeamsID, which offers many of the same features as SplashID, but is geared toward groups. TeamsID adds an admin panel that allows you to control who has access to each record, either by assigning a record to an individual user or a group of users. TeamsID costs $2 monthly per user for the Family Addition, or $3 monthly per user for the Business edition.

SplashID has at least one feature we wish all the cloud-based services would implement: the ability to configure a login as local only, giving you the ability to prevent your most sensitive data from being stored on the Internet. The idea is that if you have certain login information or other sensitive data you don’t trust to the Internet, you can prevent this information from being uploaded to SplashID’s servers.

SplashID Safe supports two methods of sharing login information. When sharing with a user who has a SplashID cloud account, the login information is imported directly into their account. Users without a SplashID cloud account will receive an email containing a link to securely retrieve the information. Links to shared information are secured with a password (which can be included in the email or shared using another method), valid for only 24 hours, and expire after the first use.

Two-factor support in SplashID provides an extra layer of security only when registering a new device (not on each login), requiring you to enter a six-digit code sent via email. While a registered device paired with a password technically meets the definition of two-factor authentication (something you have and something you know), it’s not quite on a level with services offering support for Google Authenticator or other two-factor methods. SplashID Safe offers a pattern unlock feature as an alternative to a master password, which works just fine on mobile devices, but feels a little strange in the web browser.

Other contenders

It’s always nice when a security product is backed by a brand synonymous with computer security, and Symantec’s Norton Identity Safe certainly has that factor in its favor. Identity Safe has another plus: It’s completely free. You can choose from a number of free password managers, but none are cloud services operated by a software vendor with a level of trust built up over decades. Norton Identity Safe used to be part of a Norton security suite, but it’s now a stand-alone service with a web front end and clients for Windows, iOS, and Android.

KeePass isn’t the only open source password manager. There’s also Password Safe, currently available for Windows in both installable and portable versions, and for Linux in a beta version. Password Safe is not nearly as feature-rich or mature as KeePass, and I’d be hard-pressed to give you a reason to use it over its big brother. That said, Password Safe is a viable alternative, and if all you need is a local password manager, the decision may come down to which program you find easier to use. The result may be Password Safe.

Another open source password manager, Buttercup, is in early development at the time of this review. Expectations with “pre-release” software should be kept in check, but Buttercup is arguably a more polished option than either Password Safe or KeePass, at least in terms of user interface. The biggest downside to Buttercup at this point, other than the pre-release status, is that it’s limited to desktop operating systems (Windows, MacOS, and Linux).

Keeper is a full-featured password manager supporting multiple client platforms including Windows, MacOS, iOS, Android, and Windows Phone. Security features include two-factor authentication and secure sharing. Keeper offers two pricing tiers, starting with an Individual account that provides unlimited storage, access to the Keeper web app, secure sharing, and access to the support team for $29.99 per year. Keeper Family supports up to five users, provides 10GB of secure file storage, and offers a streamlined sharing experience.

Trend Micro Password Manager has a free option that supports only five passwords. Trend Micro’s subscription service, which costs $14.95 for one year or $24.95 for two years, supports an unlimited number of passwords and devices. Desktop clients are available for Windows and MacOS, and mobile clients are available for iOS and Android. While there’s nothing wrong with Password Manager, it doesn’t match other competitors in features or polish.

This story, "The 6 best password managers " was originally published by InfoWorld.

1 2 Page 2
Page 2 of 2
SUBSCRIBE! Get the best of CSO delivered to your email inbox.