10 Top Password Management Solutions
10 Top Password Management SolutionsPoor password management is a hacker's dreamwhich is why password managers are such an important tool for security pros.
LastPassLastPass (basic version is free; Premium costs $12/year) stores passwords and other saved data (including documents and images) in the cloud with AES 256-bit encryption and routinely-increased PBKDF2 iterations. All data is encrypted and decrypted locally before syncing with the cloud.
Several two-factor authentication options are supported, including Google Authenticator, Microsoft Authenticator, Duo Security, Transakt and Authy. The software includes a random password generator, browser plug-ins that automatically fill in passwords for you and the LastPass Security Challenge, which checks for duplicates and weak passwords and checks users' email addresses against known security breaches.
The basic version of LastPass is free. A Premium subscription costs $12 a year and adds the ability to sync data between an unlimited number of devices, along with premium support and additional two-factor authentication options including Yubikey, USB drive, fingerprint and smart card authentication.
A separate Enterprise offering ($18-24 per user per year) adds a unified admin console for IT, compliance reporting, customizable security and access policies, single sign-on, team-based sharing and integration with Active Directory.
1Password1Password ($34.99/year) stores passwords and other saved data locally on the user's computer with AES 256-bit encryption. Users can then sync that data between devices via Dropbox, iCloud or locally over Wi-Fi. Password vaults can be shared with family members or coworkers.
1Password supports time-based one-time passwords for two-step authentication as a login method for individual accounts stored in the system, but it doesn't support two-factor authentication to access the 1Password vault itself. A company blog post explains why.
The solution includes a Strong Password Generator and browser extensions that automatically fill in your username and password on saved sites. 1Password's Watchtower service checks saved logins for known vulnerabilities and prompts users to change passwords as needed.
In addition to versions for Mac, Windows, iOS and Android, 1Password for Apple Watch provides quick access to selected login information, notes, credit card numbers and one-time passwords.
The desktop version of 1Password costs $34.99 per year, with volume discounts available. The mobile apps for Android and iPhone are free, though a $4.99 Pro upgrade adds support for Apple Watch, shared vaults with automatic sync and additional customization.
KeeperKeeper ($9.99/year or $29.99/year for unlimited devices) protects stored data with multi-factor authentication, AES 256-bit encryption, PBKDF2 key generation, biometric login functionality and Keeper DNA, which uses personal devices like smartwatches to confirm a user's identity. Data can be stored either locally or in the cloud, though even for cloud storage the data is always encrypted and decrypted locally.
FastFill functionality auto-fills login credentials via plug-ins for all desktop and mobile Web browsers, and a Secure Password Generator creates and stores randomly generated passwords. Custom fields support storage of a wide variety of data beyond passwords, and Keeper's Apple Watch Favorite feature enables users to view selected records on a paired Apple Watch. Records are automatically synced between a user's desktop and mobile devices, and individual records can be shared with other Keeper users as needed.
Keeper places a greater focus on secure document storage than many competing solutions do. Keeper Secure File Storage is designed to store and protect confidential files, photos, videos and other documents. As with password information, stored files can be shared securely with other Keeper users. File storage is priced at $9.99 a year for 10GB, $39.99 a year for 50GB, $79.99 a year for 100GB, $199.99 a year for 250GB, $399.99 a year for 500GB or $749.99 a year for 1TB.
The separate Keeper Enterprise offering (starts at $750 per year for up to five users) provides enterprise admins with access to an administrative console that allows them to manage users, control the sharing of records and choose which devices are permitted to sync.
DashlaneDashlane (basic version is free; Premium costs $39.99/year) stores passwords, notes and other data with AES 256-bit encryption and 10,000-plus rounds of PBKDF2 salt. Several two-factor authentication methods are supported, including Authy, Google Authenticator and FreeOTP.
Users can choose to store their data either locally on their own device for free or on Dashlane's servers with a Dashlane Premium subscription. Dashlane Premium also adds unlimited secure sharing of passwords and notes, automatic data syncing, Web access to stored passwords and priority support.
Browser extensions allow Dashlane to autofill passwords and other personal information into Web forms. The software also includes a wallet, which can store and autofill all payment types and automatically save receipts and screenshots of purchases.
A security dashboard enables users to analyze saved data and view weak and reused passwords, and alerts users when a saved website suffers a security breach. Dashlane's password changer is able to update passwords automatically on 235 different websites.
Android and iOS apps support both in-app and in-browser autofill on mobile devices. The iOS app enables users to log into Dashlane via Touch ID, and Dashlane's Apple Watch app allows users to search and view passwords and notes, record notes vocally and change passwords instantly in response to a security breach.
SplashIDSplashID (basic version is free; Pro costs $19.99/year) uses a combination of encryption algorithms including 256-bit AES and 128-bit Rijndael to protect stored data, and supports two-factor authentication via email or SMS. Individual records can be designated as Local Only, meaning that record will stay local on the selected device and won't sync to the cloud or to another device.
Upgrading from the basic version to SplashID Pro adds access to priority support along with the ability to sync all data to the cloud and access it on any device, syncing either via the cloud or directly between devices over Wi-Fi. Pro users also get automated backups of saved data, a central dashboard that provides an overview of record security and the ability share SplashID records with others, whether they're SplashID users or not.SplashID Key Safe ($29.99, or five for $119.95) is a 4GB USB drive that comes with SplashID preinstalled for both Windows and Mac OS, enabling a user to plug the drive into any computer and temporarily launch SplashID without leaving any data on the computer itself.
The SplashID Pro Volume License Program gives companies access to an admin panel through which administrators can view a list of provisioned users, de-provision users, view plan details, upgrade, download and view invoices, and update billing information. Discounts increase with the number of usersfive licenses cost $18/user/year, 10 licenses cost $17/user/year, 25 licenses cost $16/year/user, 50 licenses cost $15/user/year and so on. Academic and non-profit organizations receive an additional 20 percent discount on all plans.
RoboFormRoboForm ($19.95/year for RoboForm Everywhere; $29.95 for RoboForm Desktop) uses AES 256 encryption to protect stored data, and supports two-factor authentication via email. Data can be stored locally on the user's device with RoboForm Desktop, or in the cloud with a RoboForm Everywhere subscription. The software is available for Windows, Mac, Linux, iOS, Android, BlackBerry, Windows Phone, Palm and Symbian.
Browser extensions automatically save and fill in login information as well as other personal information such as name, address, email and payment information. A customizable password generator creates strong, unique passwords for each site, and individual logins and notes can be shared securely. The RoboForm start page, which can be set as a browser home page, provides quick access to a user's most frequently used logins.
Roboform Enterprise ($39.95 per workstation plus $7.99 annual maintenance fee) adds integration with Active Directory and Group Policy, and an optional Enterprise Console ($1,995 plus $399 annual maintenance fee) adds full admin control over all user data, advanced reporting functionality and the ability to create and define groups, to share logins between users, to issue new credentials to any user or group and to issue logins for specific time periods.
Zoho VaultZoho Vault (basic version is free; versions for teams cost $1, $4 and $7 per user per month) protects all data with AES 256-bit encryption, and supports two-factor authentication via Google Authenticator, SMS message or voice call.
Files and documents can be stored along with passwords, and all stored data can be accessed via Mac, Windows, iOS and Android apps, or via a Web browser. The basic (free) version of Zoho Vault includes a password generator and browser extensions that enable automatic login to websites.
The Standard plan ($1/user/month) adds centralized admin controls, secure password sharing between team members, data backup, password expiration alerts, priority technical support, user provisioning and management, and the ability to restrict access based on IP address.
The Professional plan ($4/user/month, with a minimum of five users) adds the ability to create and manage user groups, to share groups of passwords between user groups and to generate user access and activity reports.
The Enterprise plan ($7/user/month, with a minimum of five users) adds Active Directory integration and user provisioning, notifications on password events and a password access control workflow.
mSecuremSecure ($19.99) uses 256-bit Blowfish encryption to protect saved data, which can be stored either locally on the user's device (and synced with other devices via Wi-Fi) or in the cloud via Dropbox or iCloud. Nineteen templates are available for data entry, though all data fields are customizable. All stored data can be sorted, filtered and searched. A Password Generator creates secure passwords with a password strength meter, and auto-lock and auto-backup features keep data safe and updated.
Android, iOS and Windows 8 Touch apps are available for $9.99, and a Windows Phone app is available for $4.99. The functionality of the mobile apps is similar to the desktop solutions, with a Password Generator, auto-backup, auto-lock and the ability to sync via Wi-Fi, iCloud or Dropbox. The mobile apps can be set to destroy all data in response to several failed login attempts. The Android and iOS apps also include an in-app mSecure browser with the ability to auto-fill passwords and other personal information.
OneSafeOneSafe protects saved data (including documents and files) with AES 256-bit encryption and PBKDF2 key protection, and supports syncing between devices via iCloud and Dropbox with automatic backup.
Additional security features include four different passcode options, auto-lock functionality and the ability to wipe all data automatically after three unsuccessful login attempts.
All stored data is searchable and can be organized into categories and favorites. The software also includes a random password generator and a password change reminder to encourage users to change their passwords frequently.
Pricing varies between platforms. The iOS software is $4.99, Android costs $5.99, and the Mac software costs $19.99. Beta versions for Windows Phone ($1.99) and Windows 8 and 10 (free) are also available.
Sticky PasswordSticky Password (basic version is free; Premium costs $19.99/year or $99.99 for a lifetime license) uses AES 256-bit encryption to protect saved data, which can either be stored in the cloud or kept on the user's device and synced between devices via Wi-Fi.
In addition to a master password, Sticky Password supports logging in via fingerprint authentication on devices that include fingerprint scanners, such as the iPhone 6s or Samsung Galaxy S6. Auto-fill functionality can be used to fill in passwords and personal information in 16 different browsers on Windows, Mac, Android and iOS devices.
A Premium subscription is required for cloud backup, cloud sync and local Wi-Fi sync between devices. Premium subscribers also receive priority support via email.
Most eSecurity Planet readers understand the importance of password management and its ability to improve password complexity and promote the use of unique passwords wherever users log in. In one recent example, the Mozilla Foundation acknowledged that a privileged user's account in its Bugzilla bug tracking tool was breached for more than a year due to password reuse.
A good password manager can both help you generate secure passwords and store them securely. In most cases, password managers can also store personal information, as well as sensitive documents and other files.
In assessing a password manager, the strength of encryption should be a key consideration, along with enhanced security options such as two-factor authentication. Some solutions store sensitive data locally, and others do so in the cloud; each has its benefits, depending on your needs.
As no password management solution is going to be useful if it doesn't become a comfortable part of your workflow, ease of use is crucial, not only for the password manager's own user interface but also for browser plug-ins and mobile apps.
The ability to sync data between desktop and mobile devices is also a key password manager feature. While there are mobile-only and desktop-only password managers available, all solutions discussed here allow you to switch back and forth between desktop and mobile device as needed.