The Best Password Managers

best-password-managers-640px.jpg

How many passwords do you need to remember? Most of us have dozens of online accounts, including accounts we use every day such as email, social networks and shopping sites as well as long-forgotten sites we’ve used exactly once.

The cardinal rule of password safety is not using the same password across sites, lest you risk a snowballing breach of all your accounts. But combining that principle with cardinal rule number two—creating complicated passwords that aren’t easily guessable—results in the near-impossible task of remembering dozens of random strings of characters. And that in turn makes it hard to keep the third cardinal rule: never writing your passwords down.

Spoiler alert: I have been guilty of breaking all of these rules. I have a simple password I’ve used for multiple accounts, and when I’ve come up with complex passwords, I write them down (coded, at least) in a memo on my Notes app.

In short, I’m the perfect candidate for a password manager.

Secure all your passwords

Password managers are handy browser plugins that encrypt and store passwords for your various online accounts, all protected by a master password that is the only thing you need to remember.

Though your browser itself has a built-in password manager that can store and autofill passwords for sites you visit, it doesn’t get around a larger issue – that many people are still using passwords that can be easily cracked, either because they’re weak or reused at swathes of sites across the web.

What’s more, unless you remember to sign out of your browser at the end of every session, your accounts can be easily compromised by anyone with access to your computer.

To that end, Google Chrome has the safest password manager, requiring Google login with the option of two-factor authentication; while Firefox and Edge have the option of putting a master password; and Safari doesn’t have any sign-in at all, so that anybody using it can access your logins, and open your list of saved passwords to see which accounts can be auto-filled (and if you don’t have a password protecting your Mac, they can then elect to “show passwords” in that same screen). 

However, browser password managers just haven’t evolved much beyond simple add-ons designed for convenience rather than security, whereas dedicated password managers not only generate strong passwords whenever you sign up for new accounts (or to update any “123456” efforts still sticking around), but also request your master password at the start of each web session and additionally offer two-factor authentication.  

Creating a strong master password

Strong passwords aren’t necessarily the incomprehensible strings of characters you might think. Password crackers employ cracking dictionaries, testing dictionary words and common passwords at thousands of guesses or more per second, including well-known substitutes such as “5” for “s.”

In 2013, a group of tech reporters from Ars Technica cracked 14,800 encrypted passwords in a few hours using similar techniques. Even a brute-force attack (such as trying all possible combinations of letters) at thousands of guesses per hour could break an seven-character password in nine days.

To come up with your own tough-to-guess passwords:

  • Use at least 12 characters; this increases the number of possible combinations and lengthens the time needed for a brute force attack.
  • Use upper and lowercase letters, numbers and symbols.
  • Combine a few different words that aren’t normally used together. Even better, come up with a pass phrase by taking the first letters of a memorable (long) sentence, appended with memorable dates and unusual (but memorable) substitutions.

For example, “During winter, she would hope for snow and be bitterly disappointed (1984)” might become “DWswh4s&BBD84” as a pass phrase.

Whatever you come up with, make sure you can remember it. Password managers don’t save master passwords and most don’t even save a password hint, so if you forget your master password, you’ll lose access to your data.

The best password manager features

To start cleaning up your password act, your password manager should meet  these screening criteria.

1. Ease of use

It should save passwords from apps and sites seamlessly, including passwords from your browser(s).

2. Password health check

Does it rate passwords and update weak ones?

3. Biometric log-in

Convenient, secure smartphone log-ins are a big deal.

4. Two-factor authentication

This system requires an additional offline code along with the master password, so even if your password gets compromised, other passwords remain safe.

5. Digital wallet

Can your digital wallet feature securely store credit card details and, even better, facilitate express checkout?

6. Online backup

The system should back up your information so passwords can be restored in the event of a lost or stolen device.

7. Sync across devices

The manager should let you access passwords on both work and home computers, as well as your smartphone.

All of our following picks meet these criteria, with the exception of the digital wallet. While a nice feature, we didn’t feel it was essential. 

Editor’s Pick: Dashlane

Techlicious Pick for Best Password Manager: Dashlane

Dashlane is a gorgeous, seamless app. Along with moving any passwords your browsers have already saved to its encrypted vault, it generates strong passwords and can automatically log you in to websites, something it says will save you 50 hours a year.

The app includes a digital wallet to store payment cards so you can pay online without having to remember your credit card info. It automatically takes screenshots of online receipts to help you track your spending.

Dashlane supports two-factor authentication so that any time you log in with your master password, whether that’s in a browser or on another device, you can choose to also require a security code from an offline app such as Google Authenticator (free for iOS and Android). 

If your passwords on any accounts are weak, you’ll be encouraged to update them, or if you spring for the Premium subscription, Dashlane can automatically replace these with strong alternatives.

There’s a secure notes feature, with templates for saving frequent flier numbers, Wi-Fi passwords, ID information and other sensitive info. It’s similar to your existing memos app but encrypted, so if your computer is breached, all is not lost.

The premium version of Dashlane also lets you sync them across unlimited devices and use its web app to securely log in to your accounts on a public computer. The Dashlane Web application only decrypts your passwords locally once the data has reached the computer (whether it’s a public computer or your own), so all information that is shared with the Dashlane servers remains encrypted. And since you need to be logged into Dashlane and decrypt the information with your master password, the next person won’t be able to read your data. It works with Chrome, Firefox, Internet Explorer, and Safari.

Imports browser passwords: Yes
Password health check: Yes, with alerts when weak or old passwords need to be updated
Biometric login: Yes, for Premium version
Two-factor authentication: Yes
Digital wallet: Yes
Online backup: Yes, for Premium version
Sync across devices: Yes, for Premium version
Platforms: Mac, Windows, iOS (free, premium), Android
Price: Free; $39.99/year for Premium version

RoboForm

RoboForm

RoboForm has a top-notch set of password security features for Safari, Firefox, Chrome, Opera, and Edge, as well as a number of lesser used browsers.  https://www.roboform.com/for-other-browsers-windows

Along with securely saving and auto-filling passwords, it can generate strong passwords and run a health check on existing logins. Its dashboard makes it easy to comb through hundreds of passwords, with folders and a powerful search feature, and you can also share logins – say for a joint bank account – with trusted recipients (so they can access accounts but not see the passwords).

RoboForm also securely saves commonly used online data such as your name, address and phone number (rather than trusting these details to your browser). Passwords aren’t the only loot after all – and to that end, if you’ve employed the method of saving important numbers such as tax references to a note file, you can encrypt and save the file to RoboForm.

Imports browser passwords: Yes
Password health check: Yes, with alerts when weak or old passwords need to be updated
Biometric login: No
Two-factor authentication: Yes
Digital wallet: No
Online backup: Yes
Sync across devices: Yes
Platforms: Mac, Windows, Linux, iOS, Android
Price: Free for up to 10 logins; $19.95/year for Premium version

LastPass

LastPass

LastPass works on Chrome, Firefox, Safari, Opera and Edge browsers and is the only one that plugs into the secure browser Epic (handy if you want to use a browser that doesn’t store history or input information but does offer the convenience of remembering your dozens of uncrackable passwords).

LastPass generates, encrypts and stores strong passwords as well as personal information used to auto-complete online forms. Like many other managers, it offers a secure notes feature with preset forms for storing Wi-Fi passwords, membership numbers and other sensitive information.

Get the lowdown on how secure your passwords are by heading into LastPass’s Security Challenge, which tells you how many weak, old or reused passwords you have and rates your security on a scale of 100. It alerts you about sites at which you have accounts that have experienced site compromises. In all of these cases, LastPass can update your passwords with new, generated strong passwords.       

Last Pass Premium syncs your stored passwords across all devices and lets you share passwords with others you trust so they can access your accounts temporarily (say, to stream TV) or permanently (say, to pay joint bills).  

It’s worth noting that LastPass was breached last year, although the company says it didn’t expose master passwords or decrypted user data. However, a security researcher has shown that a tool can be made that mimicks the LastPass login window exactly, allowing hackers to easily steal master passwords.

Imports browser passwords: Yes
Security health check: Yes, with alerts when weak or old passwords need to be updates
Biometric login: Yes, for Premium version
Two-factor authentication: Yes
Digital wallet: No (though you can store bank card info in the secure notes feature)
Online backup: Yes
Sync across devices: Yes, for Premium version
Platforms: Mac, Windows, iOS, Android, Windows Phone
Price: Free; $12/year for Premium

Sticky Password

Sticky Password

Designed by former execs behind the free antivirus software AVG, Sticky Password seamlessly encrypts and stores passwords and fills out a large variety of forms, recognizing fields such as job titles and company names and handling a range of online accounts. Its browser extension is available for Chrome, Firefox, Internet Explorer, Opera and Safari, plus some lesser-used ones.

The dashboard displays all your accounts and passwords, with weak passwords highlighted for updating. A secure memos feature lets you write down other sensitive passwords and membership numbers.

The premium version backs up passwords online and syncs all your devices. Choose to do this over your own Wi-Fi network (potentially more secure) or through the cloud. If you test out Sticky Password and love it, you can get a lifetime license for $149.99. 

Imports browser passwords: Yes
Password health check: Yes
Biometric login: Yes
Two-factor authentication: Yes
Digital wallet: Yes
Online backup: Yes, for Premium version
Sync across devices: Yes, for Premium version
Platforms: Mac, Windows, iOS, Android 
Price: Free; $29.99/year for Premium with 30-day free trial

LogmeOnce

LogmeOnce

LogmeOnce offers a ton of features with its free version, remarkably including the ability to sync passwords across multiple devices. The interface on its browser extension (available for Chrome, Firefox, Internet Explorer, and Safari) and mobile app is dated compared to Dashlane and LastPass, but it’s easy to use. As soon as you hit a site that asks for your password, LogmeOnce asks if you’d like to save it. If you’re signing up for a new account or changing a password, a pop-up auto-generates a complex password that you can use and save in a single click.

You can choose to save accounts by user-friendly names, handy if two people are using one computer for their Facebook, LinkedIn and so on. There’s also an auto-complete feature for forms requiring personal information like your name and phone number.

An automatic password changer prompts you to replace your old passwords with new, strong ones. The app provides free backup online, as well the option to share five passwords in the free version; 30 for the paid-for Professional version. You can also encrypt text files (three in the free version, 30 paid-for).

If your phone supports biometric log-ins, you can use your fingerprint in place of your master password to log in to sites, a godsend to avoid tapping uber-complex master passwords onto a smartphone screen. If the wrong details are entered, the Mugshot feature captures the phone’s GPS location and snaps a selfie on the presumption that it must have been a thief — pretty cute. The downside is that the LogmeOnce apps, both Android and iOS, are clunky in appearance and function.  

Imports browser passwords: Yes
Password health check:Yes
Biometric login: Yes
Two-factor authentication:Yes
Digital wallet: Yes
Online backup: Yes, for Professional version
Sync across devices: Yes
Platforms: Mac, Windows, iOS, Android
Price: Free; $1/month for Professional version 

[Image credits: password security via Shutterstock, Dashlane, LastPass, Sticky Password, LogmeOnce]

Updated on 2/22/2017 with new picks

PinIt
submit to reddit

Leave a Reply

Your email address will not be published. Required fields are marked *

Top
Web Design BangladeshWeb Design BangladeshMymensingh