Your question
Closed

Best Password Managers (Archive)

Tags:
  • Security
  • Managment
Last response: in Antivirus / Security / Privacy
March 30, 2017 11:50:46 AM

This article should be updated to include 1Password in the cloud-based managers. They do technically offer a standalone local vault product, but their main product is a cloud-based manager that offers easy syncing between devices (it's hard to even find the standalone version on their site anymore without doing some digging.)
Score
0
Related resources
April 9, 2017 2:26:35 PM

I use Password One on PC and phone, relatively easier to use than others.
Score
0
April 18, 2017 5:00:47 AM

I was really hoping this might be more detailed and insightful.
The review of 1password is out of date. At the end of Feb 2017, a month before this was published on march 30 2017, the developer AgileBits announced subscription based licensing with passwords etc to be synchronised and stored on the developers servers.

There's almost nothing in this article that speaks to the relative security of these types of software.

Nothing that addresses the security breaches that have impacted market leaders in the last few months and in the years prior.

Nothing that addresses the security profile of online developer hosted systems vs achieving multi device synchronisation via iCloud, Dropbox or wifi.

It's really just a checklist of marketing features.

There is comment about 2FA without any suggestion that it's only relevant if you have to logon to the developers web site to get your passwords. It's authentication, it's got zip to do with encryption.

There is no recognition of the demonstrated danger of poorly crafted browser plugins that password managers seem to rely upon. (See recent Tavis Ormandy findings)

Tom's Guide .... how about a more detailed assessment as a follow up on this basic introduction paper? It would be really helpful.
Score
-1
May 4, 2017 6:06:52 AM

Why was RoboForm excluded, it has the flexibility of syncing passwords across all your devices using a cloud-synced account.
Score
2
May 4, 2017 3:45:23 PM

I am shocked at your comments about KeePass.

First, opposite of what you claim, it is extremely as easy to use and extremely flexible as well. As a testimoney to this, it is simple enough that my sons, my daughters, and my extremely non-techincal wife all use Keepass and love it.

Second, sync is not a problem. I have it sync with a free DropBox account so it is available on my cell phone, my pc, my laptop, etc. On my cell phone, I just go to DropBox, click on the keepass data file to open it, DropBox downloads the latest file if there is one, kicks off KeePass, and away I go.

Even better, KeePass allows this sync via DropBox to be MORE secure than the others. Why? Because to open, keepass can require a combo of BOTH the password you type in, AND a local file with a very long 1k+ byte passcode. This local file never touches the internet. I will grant you that setting up this "dual-authentication" takes a small modicum of savvy, but the core strength is there to use. And it is fully explained in the manual, for those who will take a few moments to read it. The only savvy required is that you read a page explaining it.

Its "AutoType" feature allows KeePass to work with virtually everything. It does the typing for you.

As a testimony to its power and simplicity, my more inventive son dreamed up using it in for a very non-standard application. His job is renting apartments in at a very large complex. For a particular apartment style, he creates a KeePass entry that would normally just hold a username and password. But, since KeePass can save an arbitrarily large data base of user defined fields beyond just a username field and a password field, he creates fields AD1, AD2, AD3, etc. and types in slightly differently worded advertising text. He will then go onto Craig's List and have KeePass "Autotype" whichever AD he wants to post. This lets him easily and very quickly re-post a slightly changed AD to keep his AD near the top of the list, when people search Craig's List.

What's not to like about all this! And it is totally free!!
Score
1
May 17, 2017 8:55:32 PM

I've loved using Keeper for several years. It is easy to use, works on my phone, tablet, and laptop, and provides the kind of security I need. I give it a 10!
Score
0
August 9, 2017 7:43:42 AM

RoboForm has failed to keep up with Gmail's inane login process. I have more than one Gmail account, RoboForm has no way to get to a specific account and RoboForm/Gmail (not sure where most of the blame falls) insists on taking me to the last account I signed into.

Do any of these "2017" Password Keepers allow me to go straight to the account I wanted to use, or at a minimum, take me to the Gmail "choose an account" screen consistently?
Score
0
August 16, 2017 12:09:08 PM

LastPass is $24 a year not $12. Why are you misleading your readers? Guess how angry I was when I went to sign up and was asked for double? Jerk!

Score
0
a b 8 Security
August 16, 2017 12:19:32 PM

totallynuss said:
LastPass is $24 a year not $12. Why are you misleading your readers? Guess how angry I was when I went to sign up and was asked for double? Jerk!



Because the article came out before the price got change.
Score
0
August 23, 2017 4:37:24 AM

You need to get your facts straight (You published this article on Jul 21, 2017 according to yourself). 1Password has two factor authentication (either for login to it and for using saved logins for services). Also the Android version is very useful, it fills passwords in every app, you can manage your logins completely from the app and its performance is absolutely okay.
Score
0
September 9, 2017 11:09:29 AM

Good but now BAD: lost all my passwords

I had to change my Master Password prior to loosing face recognition. All went fine, till I tried to find a password. Revealing the password is BLANK. ALL passwords are BLANK. not a single character to be seen.

Customer service in India was useless and escslated. They said they research my "unique" problem. Not a sound or emsil since. No customer service. None. Only words

Therefore trust your passwords to anyone but NOT TO TRUEKEY.

If they fix their mess I will repost. I hope soon, it HAS been a week since I lost all fingers crossed.
Score
0
September 17, 2017 12:44:36 AM

I am afraid I am not very comfortable with most of these choices. While I am sure their servers are very secure, the platform that most of these are using (Web Extensions) has been hacked numerous times.

Last Pass has been hacked at least 3 times.

I may be old school, but for me there is something wrong if the only way you can interact with your personal information is by using a web browser.

Browsers are inherently insecure.

I would prefer a password manager that operated outside of web browsers and interacted with the browser in a limited fashion.

I also find it interesting that this article shows last pass for having support for all major browsers... how about browsers like Waterfox, Vivaldi, Slimjet

I was never impressed with google chrome and it seems all the browsers now are trying to emulate it.
Firefox seems to be moving backward, adding features I don't want and getting rid of features I liked.

Now with IE fading and Edge is there for what?

Yeah! No! I'll want a password manager that operates outside a web browser thank you.
Score
0
September 20, 2017 2:57:44 AM

Thank you for this great article! After many years of using 1Password, first on my iPhone and then on my windows pc (was it only 2014 this was available - seems much longer) have decided to try LastPass after your recommendation. The problem with 1Password is my frustrating experience with Chrome add-ins/extension which is just so unreliable! It regularly fails to load and then regularly fails to enter log in details when it does load. App on HTC android work phone is also pretty useless - but that could just be the phone constantly needing to be authorised after every app update.

Thanks again.
Score
0
September 20, 2017 1:36:51 PM

It doesn't work with the new Firefox and even when I rolled FF back a couple of versions now Lastpass refuses to remember my email address, and also refuses to remember my settings. Every single time I go to my vault I have to manually skip the tour and reconfigure the page view.

It no longer works well, if at all, on multiple gmail addresses. I have to manually enter my user name and then click, click, click to get the thing to pop up and give me option to choose account. Sometimes I can't get it come up at all and have to enter my password manually. Way to go Lastpass. Let's defeat the purpose of a password manager.

It no longer works with Chrome OS -- but one savvy user in the Chrome Store pointed people to a link from a legacy version. Fine, but I can't update it. There have been complaints dating back to the last Chrome OS update and they still haven't fixed it.

I would have to say at this point Lasspass is almost a total fail. But nothing else works with a Chromebook. I will revert to the free version but no way am I paying $24/year for this.
Score
0
September 23, 2017 5:28:43 PM

Finally a review _not_ sponsored by Agilebits (1Password). Thanks.
Score
0
September 29, 2017 3:29:46 AM

Hi Paul, When I search for "password manager" in the iPhone App Store, the first app listed is Datavault by Ascendo. It's number 3 for Mac. Any reason you didn't consider it for your review?
Score
0
October 6, 2017 2:10:00 AM

Edward Snowden said that Dropbox is not secure and doesn't care about your privacy. He said to avoid Dropbox.
Score
0
October 7, 2017 9:38:48 PM

Bitwarden seems like a drop-in replacement for Lastpass, judging by my experience with importing my passwords from lastpass to bitwarden.
Score
0
October 17, 2017 11:44:43 PM

If only need to save passwords & urls, just use ms word and save & password protect. & transfer to device if necessary. Super cheap.
Score
0
October 23, 2017 8:35:01 AM

Hey Ding Dong...Your so called ding against Keeper for not having a PIN is actually a huge advantage. See, where as a fingerprint is unique a PIN can easily be hacked. Just look over someones shoulder to get their pin, or on a camera replay, or look for the finger smudges on the phone and try that combination. I guess what you're saying is if want to make it easier for a malicious user to get your passwords go with Dashlane or Lastpass.
Score
0
November 3, 2017 11:28:30 AM

I wonder if everyone knows something I don't. I've been using BLUR by Abine for two years now. It does everything, form fill, credit cards, customizable as far as what kind and how complex you want your passwords to be. I bought a 3 year subscription. It operates as an APP on my iPhone and iPad, I can easily get into it, grab a password from one device and paste it into another, it works with my MacBook Pro - where I use Safari, Vivaldi (primarily) and Chrome, it works with Win10 where I use it with FF, Vivaldi (primarily), Opera, Pale Moon and Chrome - it sync's automatically across all those browsers and operating systems. Their customer service is outstanding. So how does that not even get a mention? What am I missing? Or everyone else? :^)
Score
0
November 4, 2017 8:22:01 AM

@ONE9712745
Super easy. Right.
Super secure. Wrong.
Access to a word doc can be gained in 2 mins. Tools are available.
Score
0
November 5, 2017 3:49:43 PM

Your review of KeePass is incomplete, yes tech savy, but yes to all features other solutions offered. It's not really for my Grandparents, and for good reason.

For example Keepass's Database files works just fine on your own self hosted or any other webdav service.

KeePassXC has browser plugins Safari/Chrome/Firefox.... Gosh what KeePass really is, is a Password keeper file type encrypted and has dozens of open source clients which work with it. OPEN AND PORTABLE FILEFORMAT ANYONE?
Score
0
December 6, 2017 11:39:32 AM

Lastpass biggest problem have, you cant on phone switch off autofill on the some webpage, like bank sites. For costumer be easy if have in the pop-up autofill window 3 buttons; "autofill", "add new" and "never".
But they dont want add more buttons.
Dashlane support not good (not answering within 24h at all). Dashlane not worked 100% for all countries ( problems with phone codes if your country not on the list and problems with adding banks) I not living Usa, but for Dashlane i most pick-up fake country.
And this is 2 top applications
Score
0
December 6, 2017 11:48:40 AM

If you have to pay to use it forget it. I'll stick with saving passwords in whatever browser
Score
0
December 29, 2017 9:30:16 PM

JOHNM719 (7 months ago) wrote, "I am shocked at your comments about KeePass." So you DELETED all mention of KeePass?!?!

Paul Wagenseil, what on earth possessed you to do THAT? How is it even possible to have an article about password managers with NO MENTION AT ALL of the oldest and most popular password manager, and the only one which is completely free?
Score
0
January 2, 2018 1:05:43 PM

I use Dashlane but it uses far too much resource on your computer. I've read complaints about this for quite some time and yet they haven't resolved the issue.
Score
0
January 27, 2018 5:18:13 PM

The last time I looked at Dashlane, it couldn't compete with LastPass for ease of use and feature set. This was particularly true for me, a Linux user. Inspired by your review, however, I decided to give it another go.

Linux support is now available in the form of a Chrome extension. This was trivial to install, but I couldn't work out how to import my exported LastPass passwords into it. Well, it turns out that you can't. You still need the stand-alone app for that, and there is still no stand-alone app for Linux. Many other features, such as the entire Security Dashboard, are also not available in the Chrome extension. That's a significant disadvantage compared to LastPass.

So, I used WINE to install and run the Windows app in Linux. This worked pretty much flawlessly and I was able to get my passwords imported from LastPass.

As a first test, I decided to log into bbc.com. Unfortunately, Dashlane didn't offer a password for the site. I thought about this for a second an then quickly realised the problem. My password is tied to the domain bbc.co.uk, with bbc.com defined as an equivalent domain in LastPass. A quick Google search revealed that Dashlane still has no notion of equivalent domains. That's another major disadvantage compared to LastPass, as I use equivalent domains a lot.

Next, it turns out that 2FA can't be used to log you into the web extension. It works only with the stand-alone apps. LastPass wins here again.

I abandoned by investigation at this point, since no matter what else Dashlane does right, it can't compensate for the three problems noted above. I don't want to have to use WINE to get to certain information or to configure certain features; I don't want to have to save the same password multiple times for equivalent domains, thereby also triggering reused password warnings; and I don't want to have to use an authenticator app to log into Dashlane when I have a perfectly good Yubikey in my desktop and laptop.

Oh, and Dashboard still costs $40 per annum, compared to LastPass' $24.

So, no contest, really. LastPass still wins hands down if one is a Linux user. Maybe in another year or two, Dashlane will have caught up. For now, however, the lack of equivalent cross-platform functionality and the omission of support for equivalent domains are both deal-breakers in their own right.
Score
0
February 22, 2018 6:19:16 AM

johnm719 said:
I am shocked at your comments about KeePass.

First, opposite of what you claim, it is extremely as easy to use and extremely flexible as well. As a testimoney to this, it is simple enough that my sons, my daughters, and my extremely non-techincal wife all use Keepass and love it.

Second, sync is not a problem. I have it sync with a free DropBox account so it is available on my cell phone, my pc, my laptop, etc. On my cell phone, I just go to DropBox, click on the keepass data file to open it, DropBox downloads the latest file if there is one, kicks off KeePass, and away I go.

Even better, KeePass allows this sync via DropBox to be MORE secure than the others. Why? Because to open, keepass can require a combo of BOTH the password you type in, AND a local file with a very long 1k+ byte passcode. This local file never touches the internet. I will grant you that setting up this "dual-authentication" takes a small modicum of savvy, but the core strength is there to use. And it is fully explained in the manual, for those who will take a few moments to read it. The only savvy required is that you read a page explaining it.

Its "AutoType" feature allows KeePass to work with virtually everything. It does the typing for you.

As a testimony to its power and simplicity, my more inventive son dreamed up using it in for a very non-standard application. His job is renting apartments in at a very large complex. For a particular apartment style, he creates a KeePass entry that would normally just hold a username and password. But, since KeePass can save an arbitrarily large data base of user defined fields beyond just a username field and a password field, he creates fields AD1, AD2, AD3, etc. and types in slightly differently worded advertising text. He will then go onto Craig's List and have KeePass "Autotype" whichever AD he wants to post. This lets him easily and very quickly re-post a slightly changed AD to keep his AD near the top of the list, when people search Craig's List.

What's not to like about all this! And it is totally free!!


Lately I have problems using Keepass with firefox. Do you know of any trick, update I could try?
I had it set up with the addon keepasshttp, but i can not get it working lately.
Score
0
February 22, 2018 10:25:58 PM

LastPass rocks!!!!!
Score
0
February 23, 2018 2:25:02 PM

cyberarkdemo said:
Hey Ding Dong...Your so called ding against Keeper for not having a PIN is actually a huge advantage. See, where as a fingerprint is unique a PIN can easily be hacked. Just look over someones shoulder to get their pin, or on a camera replay, or look for the finger smudges on the phone and try that combination. I guess what you're saying is if want to make it easier for a malicious user to get your passwords go with Dashlane or Lastpass.


We make that point in the current review.
Score
0
February 23, 2018 2:26:24 PM

geeksalive said:
JOHNM719 (7 months ago) wrote, "I am shocked at your comments about KeePass." So you DELETED all mention of KeePass?!?!

Paul Wagenseil, what on earth possessed you to do THAT? How is it even possible to have an article about password managers with NO MENTION AT ALL of the oldest and most popular password manager, and the only one which is completely free?


We didn't delete it. The KeePass review was done a few years ago, so it's no longer listed on this page. But here it is if you'd like to read it: https://www.tomsguide.com/us/keepass,review-3768.html
Score
0
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS