The 6 best password managers

Look to these top password managers for Windows, MacOS, iOS and Android to make your online life easier and more secure.

1 2 Page 2
Page 2 of 2

I’ve previously omitted Keeper from this list because it’s a crowded field and I didn’t feel like there were any significant features setting Keeper apart from the likes of 1Password, Dashlane and LastPass. The honest truth is Keeper is right up there with the best password managers available. In fact, Keeper’s mobile apps are the most reviewed and most used (in the Google Play store Keeper has over 10 million installs, while the next closest competitor has roughly half that, Apple doesn’t share install numbers but Keeper has 110,000 reviews, while the second-place finisher has closer to 15,000). Usage numbers certainly aren’t the whole story, but the disparity in numbers is telling.

ferrill pw keeper Keeper Security

Keeper BreachWatch screen

Keeper checks all the boxes I would consider major feature requirements including on-device encryption, comprehensive support for 2FA including TOTP and U2F hardware keys, and secure sharing. Keeper offers a free version, which gives you unlimited password and form data storage and access to one device. If you share credentials a lot with family members you should really consider the family plan, which gives you password management for up to five users for $59.99 a year.

Note that Keeper offers a couple of add-ons to its password manager, including a secure messenger, a dark web monitoring service, and secure file storage. Each add-on comes with additional cost or can be bundled for $59.97 annually for individuals or $119.98 annually for families.

LastPass

LastPass might be the most popular password manager in this review due to a rich set of features, support for a wide range of mobile platforms, and straightforward licensing, not to mention aggressive marketing. Unlike KeePass, LastPass is decidedly cloud-centric, using its own cloud service to store user information and synchronize data.

lastpass LastPass

LastPass dashboard

The sheer popularity of LastPass makes it a tempting target for people with malicious intent and the skillset to match. Over the last several years LastPass has acknowledged multiple security incidents, including compromised user emails and password reminders, though its encrypted user vaults were not compromised. The more recent security issues were due to a vulnerability in the LastPass browser plugin. In the win column for customer privacy, LastPass has also recently rebuffed government attempts to obtain user data, stating that they couldn’t access the requested data if they wanted to.

It’s important to keep these vulnerabilities in perspective. All software has bugs, and security software is no exception. The most important consideration when choosing which software to use is whether vulnerabilities are patched soon after they’re discovered. LastPass has passed this test.

LastPass offers a free and premium pricing tier for consumers, with the premium service costing $3 per month on an annual contract. Users of the free edition get many of the basics you’d expect from a premium cloud-based service including plugins for multiple browsers and access from any of your devices. The free version even supports MFA, using a variety of options including LastPass Authenticator and Google Authenticator. And while mobile device support used to be limited to Premium subscribers, LastPass users can now synchronize with their mobile apps using the free service.

Premium users can share credentials with more than a single user. The Shared Family Folder feature allows a single user to share with up to five other users, including users with free accounts. Premium subscribers may create multiple shared folders and manage folder permissions, providing only the appropriate level of access to shared users.

LastPass supports several forms of two-factor authentication. I’ve already mentioned that both LastPass Authenticator and Google Authenticator are supported with free accounts, providing simple integration using a mobile device. LastPass Authenticator can be used to receive push notifications in the event of an authentication attempt, allowing you to confirm the authentication request from your mobile device. Premium accounts gain support for Yubikey, a USB hardware authentication device, and Sesame, a software authentication tool run from a USB storage device, as well as support for desktop fingerprint readers in Windows.

If you need simple password management, you can’t go wrong with a free LastPass account. For more granular credential sharing and mobile device support, both LastPass Premium and LastPass Families are bargains at $3 and $3 (for up to six users) a month with an annual contract.

RoboForm

RoboForm is a popular password manager and form filler. It falls short of the leading password managers on a few counts, but it has been closing the gap. RoboForm Everywhere, the premium tier, offers synchronization across multiple platforms, a web app, two-factor authentication, and sharing capability. RoboForm Everywhere is licensed annually for $23.88, though licenses can be purchased for longer time periods at a discount. RoboForm also offers a Family license for $47.75 per year which enables support for up to five users. A free license is also in the cards for RoboForm now, though you don’t get synchronization or 2FA, which is mostly standard across the board.

TOTP-based 2FA is now supported in RoboForm, marking a major improvement over the last time we looked at the solution. RoboForm also supports secure sharing of credentials: Individual records can be shared, or a single shared folder can be created along with the ability to manage permissions for the users you’re sharing with. To maintain the security of shared credentials, RoboForm requires the user you’re sharing with to have a RoboForm account of their own. Your best bet if sharing is a critical component would be to go with RoboForm Family.

Other contenders

SplashID Safe

SplashID Safe has been on our list of viable options for a while now, but its limited support for 2FA (email and SMS are the only options) makes it hard to recommend it. SplashID offers free accounts for users who don’t need to sync, while SplashID Pro enables multiple devices and backup. SplashID Pro can be had for $1.99 a month or $19.99 a year and offers a couple of slick options that do make it stand out: WiFi-based synchronization and the ability to mark a login as local only, preventing that data from being pushed out to the cloud.

Password Safe

KeePass isn’t the only open-source password manager. Password Safe is currently available for Windows in both installable and portable versions, and for Linux in a beta version. Password Safe is not nearly as feature-rich or mature as KeePass, and I’d be hard-pressed to give you a reason to use it over its big brother. That said, Password Safe is a viable alternative, and if all you need is a local password manager, the decision may come down to which program you find easier to use. The result may be Password Safe.

Buttercup

Buttercup is another open-source alternative to keep an eye on. Now in version 1.15, Buttercup is a more polished option than either Password Safe or KeePass, at least in terms of user interface. Our only hesitation with Buttercup last time around was a lack of mobile support, which is now a non-issue with clients for both Android and iOS. Like its open-source brethren, Buttercup uses local storage for your password vault, but supports cloud tools like Dropbox to synchronize among devices.

This story, "The 6 best password managers " was originally published by InfoWorld.

Copyright © 2019 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Get the best of CSO ... delivered. Sign up for our FREE email newsletters!