When it comes to passwords, we all have a lot of them. I even have one to allow me to log in to AndroidGuys and talk to you about passwords. The most secure thing that you can do with all of those passwords is have every single one of them be different. If I’m honest, I’m pretty bad about that because I have never been willing to write my passwords down somewhere. At this point, my entire digital life would be taken to my grave with me.
However, as more and more services take security more seriously, they are asking me for more complicated passwords and at a certain point I’m going to start forgetting them (that certain point has already happened). The best way to do this would be to literally write down each password onto a page in a binder and put that binder into a safe that you have secured to the floor of your bank vault. If you don’t have a bank vault handy, password managers are a pretty good alternative.
What is a password manager? Are they safe?
Password managers are exactly what they sound like. They’re applications that securely store all of your passwords in a database so that you only have to remember one password; that of the password manager. All you have to do is have the app installed on whatever machine you plan on signing into apps/websites with and it will do all of the work for you!
There is deserved concern over whether password managers are safe because it seems ill-advised to keep all of your digital world in one place and it’s not unreasonable to think that way. Just last year LastPass was subject to a security breach that resulted in hackers getting away with user email addresses, password reminders, server per user salts, and authentication hashes, according to LastPass.
That having been said, the hackers weren’t able to secure any users’ password vaults, which are the silos/databases that contain all of the encrypted password information. Additionally, one security expert told Ars Technica that he’s so confident in LastPass’ hashing that he doesn’t even feel compelled to change his master password.
Still, it could have been much worse and given the rate of failure it’s still much better than using the same password for everything or using the still most popular password on earth, 123456.
So where does all of this leave us? Well, there are many options when it comes to password managing services and I want to quickly give a rundown of my favorites and what I like about them. I’m not going to pretend to have any knowledge as to whether each service has a secure algorithm, so we’re going to assume that they’re all equal in that regard and judge them based on ease of use, features, and overall value pertaining to cost.
LastPass, by coincidence was the last password manager that I tried of the five here. Admittedly, I was a little turned off by the fact that they have been hacked twice and had a major security flaw discovered at one point and purely on a cost aspect, I really liked that you could buy everything you needed from 1Password in one shot and be done. The subscription model is taking over everything these days and one less yearly cost is one tick of sanity that I get to keep.
However, at only $12/year LastPass is the cheapest yearly subscription on this list (apart from KeePass, of course) and the overall usabliity of their app just blew me away. Using the accessability super powers that you grant it, it can recognize whenever you’re about to type into a password field, scans the screen to see if it has information with a corresponding account, and presents you with the option to click a single button and fill in the password. Of course you’ll need to authenticate first, but since LastPass will authenticate using your fingerprint, it’s a snap and you never need to type a single letter.
As overall usability to cost is concerned, LastPass is absolutely the password manager that I would recoommend to my mom or anyone else who isn’t as technologically savvy as I am. It makes the entire process dead simple, which makes it a better experience for anyone.
KeePass was my favorite app to use, but it isn’t necessarily going to be for everyone. The reason that I like it so much is because it’s Open Source and because it lets you store the database on your own terms. I, being an IT professional, am increasingly paranoid when it comes to the storage and security of personal information. KeePass being open source means that anyone can scrutinize the code and be sure that it’s not falling into the wrong hands. Perhaps more importantly, from my perspective, is that I can store and sync the database file however I want – that means it can be stored on Dropbox or I can use any open transfer protocol (FTP, SFTP/SSH, Webdav, etc) to sync it between my phone and PC.
The major downside is that without money backing the project, there isn’t an official Android app. Since it’s an open source project, there are plenty of options in the Play Store, though, and I chose to go with KeePass2Android. It’s a fairly attractive implementation and allowed me to use the syncing option that I wanted. It doesn’t allow for fingerprint authentication and while it’s a little less convenient, that’s probably a good thing. Much like all of the paid services, KeePass offers the option to generate complex passwords for you and rates their effectiveness on a scale of bits rather than a subjective percentage scale. KeePass differs from all of the other password managers in that it doesn’t store your credit card or bank information like the others do. I don’t really want/need this feature, but maybe some people would.
First things first: I think that their pricing model is utterly ridiculous and poorly marketed. You can subscribe for a family plan for $5 per month, which includes up to 5 people and all of the apps, which is not bad. However, if you’re a single user you’ll probably not want to do this because you’ll end up spending about $60/year when the competition is generally about half that.
Well, what if you want this just for yourself? You can opt for the the “One-Time Purchase” and pay $64.99 for a lifetime license of the desktop apps (not the mobile apps), so you’ll then have an app for both Windows and Mac and nothing for your phone without dishing out another $10 (per platform). Of course, you can just buy this for your phone but it’s not going to be nearly as useful that way.
Right about now you may be starting to swing back to idea of just buying the subscription. After all, you’ve already spent $75 on something that you don’t know very much about and for some reason even though most of us only have one PC OS, you have a license for both Windows and OS X.
Once you have 1Password on your phone, though, things become a lot less stressful. As features go, it is pretty much lines up with what its competition offers. You can store nearly any kind of sensitive information: bank accounts, credit cards, drivers licenses, software licenses, secure notes, and, of course, logins (and a lot more). You can also set the application to be unlocked using your fingerprint, which is majorly convenient. There’s a little more of a learning curve for this one, which is why it fell to number three on my list.
What I really liked (before I started digging) about 1Password is that it allows you to choose to keep the database in a variety of locations. Currently the options are local storage (on your phone), WiFi Sync (sync between your PC and phone over WiFi), Dropbox, and iCloud (iOS/OS X only). For some inexplicable reason, though, when you buy the family plan you lose the option to store your database on your own terms and have to store the database in their cloud server.
At first glance, Keeper looked like it was going to be one of my favorites because of one killer feature: the ability to share entries with one click. If your family has shared accounts (eg – cable, internet, Netflix) or you’re in a situation with your job where you would need to share login credentials with coworkers, this is an excellent feature so that you never need to write down/email password information. I also really liked that after I set my account up on my phone, it offered to set up two-factor authentication whenever I signed in on a new device in the “DNA” section of the app.
What I found to be curious/concerning was how long it took for the vault to automatically relock when you left the app (and unlike other apps, didn’t give a persistent notification to remind you that it was unlocked). I also didn’t like how agressive they are with trying to upsell you to the subscription service. There is a free version of the service, but within the first few minutes of signing up for the service, they essentially prompt you to pay for it, making it look like a pay wall, and send a pop-up notification to remind me to pay for the service before my trial of the premium version ends in 30 days!
Keeper seemed to be one of the apps that was better at using its powers of accessibility to make filling in a password more streamlined. It has a small overlay that displays whenever you’re on the web that you can tap and it will try to find a place to put password information. This seemed to be a marked improvement over what other apps preferred, which is to have a special keyboard with magical password filling-in features (though it has one of those too). For $30/year Keeper is not a bad deal, especially if you need to share entries with someone, but if you’re on your own you might want to look elsewhere.
One thing that I really liked about Dashlane was that the first thing it does after you install it (besides essentially forcing you to install it on your PC) is give you suggestions of which other services you might be interested in storing in it. Among the options are Google, Twitter, Facebook, and a few popular banks. Curiously, one of those options is LastPass – I wasn’t able to find a connection between the two companies, but if you know anything tell us about it in the comments section.
As value goes, I can’t really tell you what Dashlane offers that the other guys don’t and would explain the $10/month price increase over what Keeper charges. That having been said, they have a very intuitive and easy to use app (both on the phone and the desktop).
What I didn’t like and honestly can’t explain about the service is that it somehow synced login information that I definitely didn’t give it. I don’t even remember typing some of them on my PC. Whether or not I can trust Dashlane is immaterial, it’s an invasion of privacy for them to automatically store my Facebook or Android login information. That said, considering I have no idea where they got the information from, I have to wonder what other applications are just sitting in the background watching me type…
At the end of the day I chose KeePass for myself because I like the idea of it being open-source and I really prefer to have more control over the storage of such sensitive data. 1Password had similar features, but it wasn’t nearly as easy to use as some of the other options.
LastPass is the best paid password manager that I used in that it was able to recognize when I was looking at a login field and would automatically give me a dialogue with an option to log in using existing credentials or create a new entry to work with the app/site that I was on. Like I mentioned before, LastPass is definitely the one that I would recommend for my mom and therefore anyone else who isn’t as big of a nerd as I am.