topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Wednesday December 11, 2024, 5:30 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Comparative review of password managers  (Read 21122 times)

xtabber

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 618
    • View Profile
    • Donate to Member
Comparative review of password managers
« on: February 24, 2016, 09:44 AM »
Infoworld today has a comparative review of password managers.

You need to register for their "Business Insider" newsletter (it's free) to read the full article, which provides detailed comments on each program and a chart comparing their scores on various aspects. For those unwilling or unable to do so, here's the final takeaway:

Which of these password managers should you choose? Clearly, you have a number of great options.

KeePass, despite its occasional complexity, still tops the list of free and open source solutions, thanks to the breadth of plug-ins and its broad platform support. For those who want a free and open source solution, but in an implementation with fewer frills and less fuss, consider Password Safe. (That it comes with the imprimatur of a renowned security expert doesn’t hurt either.)

1Password takes the basic idea behind KeePass and lays on a veneer of commercial polish, making a good thing even better and easier to use, albeit at a cost. Dashlane is even sleeker, with a handy security auditing function, but unlike many competitors its Web version is available only as part of the for-pay package.

RoboForm, an app with a faithful following, has kept pace nicely with the competition over the years (by adding browser plug-ins, fingerprint authentication, and so on), and it offers a lot of functionality in the free version. The best part of Keeper is its mobile incarnation. Keeper is a product aimed mainly at business users, but it nonetheless provides plenty of utility for everyone else.

Finally, for those who want to tame a welter of website passwords, LastPass is an excellent place to start, considering its basic incarnation is a browser plug-in and a well-designed mobile app. SplashID is similarly designed, but much of what it does is executed better elsewhere.


This is a perennial topic of interest among DC members so plenty of older comments on most of these programs can be found by searching the forums.


Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,508
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #1 on: February 24, 2016, 12:27 PM »
LastPass is an excellent place to start, considering its basic incarnation is a browser plug-in and a well-designed mobile app.

I switched from LastPass (bad security reputation, payware Android support) to KeePass with KeeFox (in Firefox) resp. chromeIPass (in Vivaldi) and the well-designed mobile app Keepass2Android. YMMV.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,776
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Comparative review of password managers
« Reply #2 on: February 24, 2016, 03:58 PM »
LastPass is pretty good, but I had enough (relatively minor) complaints about it that I went looking for alternatives and decided to stick with EnPass.

It's free for Desktop platforms (including browser plugins) and has a one-time cost on mobile platforms (per platform). It stores your data locally with optional cloud sync via Dropbox, Google Drive, OneDrive, OwnCloud, Box, or iCloud.

I still have LastPass installed as a browser extension (as I'm still getting used to EnPass), but all new passwords are generated/stored in EnPass.

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,508
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #3 on: February 24, 2016, 04:07 PM »
What does EnPass do better than KeePass, except that it costs money?

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,964
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #4 on: February 24, 2016, 04:27 PM »
I switched from LastPass (bad security reputation, payware Android support) to KeePass with KeeFox (in Firefox) resp. chromeIPass (in Vivaldi) and the well-designed mobile app Keepass2Android. YMMV.

any chance of a brief pros/cons comparison of those two in terms of usage?
Currently using Lastpass myself (but only on windows).

The 'well-designed mobile app' wont help me on windows smartphone, but I see there is also a Keepass option there (sorry no link). But I'm mostly interested in desktop.
Tom

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,508
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #5 on: February 24, 2016, 04:48 PM »
"Brief". Heh. The problem is that both services have entirely different "use cases". I'll try to cover the more general pro/con.

LastPassKeePass
Pro
  • Pretty easy to set up, just register an account (or log in) and you're ready to go.
  • Well-established, highly unlikely to close in the near future.
  • Provides a complete infrastructure for you, you won't have to deal with synchronization anymore.
  • Many first-party integration capabilities, including desktop browsers and mobile apps.
  • Free and open-source software. (I know some people call that a "pro".)
  • Many third-party applications to integrate it with anything that handles passwords, including most browsers.
  • Portable stand-alone application, won't require you to store your passwords anywhere but on your own machine if you don't want to.
  • Supports all kinds of passwords, not only those from your supported browser.
  • Lets you choose your preferred "synchronization" storage (Dropbox, your own server, an USB thumb drive, ...)
Con
  • Many security breaches including potential corruption of the users' password databases, the latest (publicly known) one having happened in 2015.
  • Requires you to store your passwords "in the cloud" (thus, on other people's computers).
  • Only "freeware" for one platform (desktop or mobile); get a second platform and you'll have to subscribe to their services.
  • No automatic synchronization on the desktop, the mainline application always uses a local database. It's on you to update it. (This can be automatized through hardlinks and/or mobile applications like Keepass2Android.)
  • No "real" support in case of errors - open source project = open source community.
  • Might or might not break on different platforms when the database is saved with a newer application version. (Never happened to me though.)

Anything missing?

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,964
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #6 on: February 24, 2016, 05:39 PM »
"Brief". Heh.
:D

thanks Tuxman, that's really great :Thmbsup:
Tom

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,508
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #7 on: February 24, 2016, 05:40 PM »
One of them is.  ;D

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,776
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Comparative review of password managers
« Reply #8 on: February 24, 2016, 10:29 PM »
What does EnPass do better than KeePass, except that it costs money?

Using your own table for the KeePass/LastPass comparison, EnPass has none of the cons you listed for KeePass.

  • It has desktop synchronization via the optional cloud sync.
  • It has support, because they are a real company that earns money, so they can provide support for their product.
  • Updates all platforms consistently so that things don't break between them.

For some, that's worth ~$10. For others, it's not.

To be fair, here are some (potential) cons to EnPass:

  • NOT free (as in freedom/open source), therefore you have to trust that it works how they say it does and has no backdoors, etc. (This doesn't bother me.)
  • Not free (as in price) on mobile platforms. (The only non-free platform I use is Android, and I had enough Google Play Store credits to pay for the app, so this didn't bother me either.)
  • The interface and/or user experience is kind of clunky in places. (This bothers me but is relatively minor.)

YMMV, to each his own, etc. :)

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #9 on: February 25, 2016, 01:52 AM »
I've more or less switched from LastPass to Sticky Password for web passwords. It has the same auto-fill capabilities, but stores the database locally and lets you choose if you wish to sync it through WiFi or their cloud. No linux support sadly.

It's more expensive then LastPass though, but I got the lifetime premium really cheap at a sale.

I still use KeePass for other programs and passwords I want to keep more secure.

I've been meaning to try out SpiderOaks Encryptr.

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,645
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #10 on: February 25, 2016, 02:25 AM »
Putting in my 2 cents:

I use a Password Manager called SafeInCloud.

I don't use its browser integration features, so I don't know how well those work.  I chose it mainly because:

  - the UI hits pretty close to having enough features for me to not feel hampered by it, but is simple enough to be easy to use
  - there are versions for Windows (free) and the mobile devices I use, Android and iOS, (not free, but cheap).  And they all sync without troubles.
  - the synchronization uses generally available cloud services - it's not tied to a single vendor

Unfortunately, the synchronization configuration doesn't let me choose something under my own control (I've request support for SFTP, but there's no indication whether that ever got onto his radar).  So for cloud and sync support, you need to choose between Google Drive, Dropbox, OneDrive or Yandex Disk. 

While not precisely what I want, in my opinion this is far better than being dependent on a service that's run only by the software vendor.  If nothing else, it gives an opportunity to migrate to another cloud service if the one you originally choose turns out to unacceptable or stops working for some reason beyond your control.  Also, if the developer abandons the product, you still have some hope of it continuing to work.

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,266
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #11 on: February 27, 2016, 10:06 AM »
Like Jibz, I use Sticky Password. I'm a huge fan.

KeePass is awesome & powerful. It's not as plug-and-play as most solutions, but that's a minor quibble for a lot of people. This was the direction I was leaning before the Sticky Password people upgraded my license to lifetime for free.

Roboform is a product I would not trust. There are a lot of conversations in which their name comes up that leaves a bad taste in people's mouths.

LastPass seems to be the most well-known password manager and appears to be a lightning rod for hackers.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Comparative review of password managers
« Reply #12 on: February 29, 2016, 01:37 PM »
I'm on StickyPassword as well, for two reasons:

1) WiFi sync, no cloud crap necessary.
2) Portable between Windows and OSX (my work laptop).

The OSX version is pretttty bare-bones compared to the Windows version, and it's taking them unacceptably long to add 64bit Firefox support - other than that, it's a pretty decent password manager.

LastPass seems to do too much in the browser, I wouldn't touch it.
- carpe noctem

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,508
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #13 on: February 29, 2016, 01:40 PM »
The OSX version is pretttty bare-bones compared to the Windows version

The OSX version of KeePass is quite OK:D

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Comparative review of password managers
« Reply #14 on: February 29, 2016, 01:57 PM »
The OSX version is pretttty bare-bones compared to the Windows version
The OSX version of KeePass is quite OK:D
Does it have sync, though? The feature list doesn't mention it, and that's a crucial feature for me.

Also, "encryption of the database in 256 bit sized increments" is hopefully just bad English...
- carpe noctem

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,508
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #15 on: February 29, 2016, 02:03 PM »
Does it have sync, though?

The password database is one single file. No cloud crap necessary. Sync it in your preferred shared storage.  :D

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Comparative review of password managers
« Reply #16 on: February 29, 2016, 02:16 PM »
Does it have sync, though?
The password database is one single file. No cloud crap necessary. Sync it in your preferred shared storage.  :D
Not good enough - for my use cases, I need something that actually syncs entries, not requiring me to copy a file around.
- carpe noctem

highend01

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 188
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #17 on: February 29, 2016, 03:33 PM »
Sticky Password

Windows installation: 1259 files, 98 folders? Rofl!  :down: :down: :down:

rjbull

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 3,205
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #18 on: February 29, 2016, 04:53 PM »
I started with KeePass, the 1.xx series, which I still use.  I added AI RoboForm for more automation, which it does well.

When I bought an Android tablet, I installed KeePassDroid because it uses KeePass 1.xx series files, copied via Dropbox.  It works via the Android clipboard, which is a security risk if you run a clipboard manager, as I do.  In search of greater convenience I added Sticky Password (SP) when Bits du Jour had one of their deals on a lifetime license.  I chose SP largely because (a) Win-SP and Android-SP will sync over local WiFi without needing anything cloud and (b) it meant I wouldn't have to buy an upgrade to RoboForm if I didn't want to.  On limited acquaintance, my feeling is that Win-SP isn't as slick as RoboForm at figuring out login details, but it gives you quite good diagnostics and editing features to fix logins that don't quite work.

The Android experience is mixed, probably because of restrictions within the Android OS as well as sluggishness on the part of developers.  Android-SP only supports a few browsers; Firefox, which seems the most universally supported, Dolphin, and UC Browser, but not UC Browser HD which I sometimes use, nor Opera  either.  Success is variable.  Some logins work with some browsers but not others (though I don't use the very latest Android-SP).  To support everything for which Android-SP doesn't have a browser add-on, it offers a "floating window" making loginID and password readily available, but which in itself is little if anything of a step up from KeePassDroid, especially as it goes through the clipboard again.  A problem that sometimes arises is when the floating window sends the required data to the clipboard, but clears the clipboard immediately, so you can't use the data, unless you recall it with a clipboard manager.

I realise the thread is about password managers, but I was surprised and disappointed to find that Android-SP won't fill in details from an identity.  That is, it's OK for forum logins and the like, but not much use for online purchasing.  Given that online shopping is supposed to be going to destroy the retail sector, that seems a big omission.

Daleus

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 147
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #19 on: September 20, 2016, 07:49 AM »
I've been meaning to try out SpiderOaks Encryptr.

I've been a LastPass user for a couple of years.  Recently, when Copy shut it doors (damn them) I signed up for SpiderOAK.  I had no idea they had a password manager until now and I have just downloaded it for a try out.
Daleus, Curmudgeon-at-Large

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,964
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #20 on: September 20, 2016, 10:30 AM »
I've been meaning to try out SpiderOaks Encryptr.

I've been a LastPass user for a couple of years.  Recently, when Copy shut it doors (damn them) I signed up for SpiderOAK.  I had no idea they had a password manager until now and I have just downloaded it for a try out.

let us know how you find it !   :up:
Tom

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #21 on: September 20, 2016, 10:39 AM »
I've been meaning to try out SpiderOaks Encryptr.

I've been a LastPass user for a couple of years.  Recently, when Copy shut it doors (damn them) I signed up for SpiderOAK.  I had no idea they had a password manager until now and I have just downloaded it for a try out.

let us know how you find it !   :up:

I've gotten to the point where, other than software, I don't even take the time to look if you're not paying.  Infrastructure costs, and unless the company just has money to throw away, there will come a time that they need to charge, or go out of business.

danlock77

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 6
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #22 on: October 03, 2016, 05:41 PM »
Have a look at Password Safe, originally written by Bruce Schneier using Twofish encryption with security in mind and released into the public domain or essentially licensed as freeware (?). Many things have been added since those days and it's very nice IMO.  Shneier's original Password Safe page, last time I checked, was relatively outdated with links to different versions that were faulty links, etc. The current Windows and Linux versions are maintained by somebody on SourceForge (link below).

Availability: It's on SourceForge and an Android version is available on Google Play from Jeff <somebody>. Multi-platform, good encryption, etc. many features I haven't listed. Jeff (whoever) always seems to update the Android version as soon as a new version becomes available on SourceForge. It's a trustworthy version.

The PasswordSafe Sync program for Android makes syncing your password files via a cloud account easier, but it pops up a full-screen ad when you use it. I've found (for me) ways to get by without the separate PS Sync program, but they aren't as automated.

I'm pretty sure you'd be able to find a version of PS for any platform for which you desire a password manager.

Steven Avery

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 1,038
    • View Profile
    • Donate to Member
Re: Comparative review of password managers
« Reply #23 on: October 04, 2016, 03:25 AM »
LastPass is pretty good in searching a name ( e.g. Southwest) and say you have a few accounts (you handle some friends and family) they all show up and are easy to edit or delete or change the folder. They also give good info like when last accessed and let you place helpful info in the name field or the Notes.  Plus when a site is not picked up by LP, (e.g. some tricky pop-up signons.)  it is pretty easy to add by hand.  Properly done you end up not just with a Passwords Manager but a password information spot that becomes an easy "go-to".

If I move away from LastPass, I would like to know if other programs have comparable functionality.  I don't mind the idea of being USB or Dropbox based or simply a local file on my disk, which I xfer as needed.  However, I don't want to lose much of the reasonable elegance.

Your thoughts?

Steven

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,776
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Comparative review of password managers
« Reply #24 on: October 04, 2016, 10:16 PM »
Does anyone have any experience with SpiderOak's Encryptr?

SpiderOak have a good reputation for their "Zero Knowledge" cloud solutions. Encryptr might be a pretty cool/useful thing to use. And it's free, too.