You probably dont need to be told that using complex and lengthy passwords are essential to good security. Of course, creating such a password-- and then managing to remember ittakes a fair amount of effort. Coming up with a unique password for each of the many Web sites/services you use regularly (not to mention password-protected applications and hardware devices) can be a Herculean chore, which explains why people take convenient-yet-insecure routes of jotting down passwords all over the place or using the same simplistic and easily-discovered password (kids names anyone?) every time one is called for.
But theres no need to sacrifice your sanity for security, or vice-versa, because with password management software you can maintain good password practices while minimizing or eliminating most of the associated hassles. Password managers remember countless passwords so you dont have to, but they can also help you create strong passwords, rate the strength of the ones you already use, and ensure that entering a password when needed is effortless--or very nearly so.
There are many good password management tools to choose from, and most of them are available at low or even no cost depending on the specific features you need. Here are some of the things you should consider when choosing password management software, along with five specific products you should check out.
Password managers can take the form of stand-alone PC applications, portable apps that work off a USB storage device, Web browser plug-ins, mobile (phone) versions, or any combination of these. Browser plug- ins are the most convenient, as they generally capture account usernames and passwords when you log into different sites then automatically serve up the appropriate credentials the next time you visit. (Otherwise, password managers typically use clipboard/hotkey combos to save you from having to type.)
If you typically work across a variety of different computing environments or devices, be sure to check that a password manager has support to match. Fortunately, the most popular password managers these days support a wide range of operating system, browser, and mobile platforms.
Storage and Synchronization
Password managers can store your password information either in an encrypted database file on your PC, or online on servers maintained by the software publisher (and in some cases, both). Ubiquitous access is an obvious benefit of storing your passwords in the cloud, but the flip side is that leaving the information under someone elses control means trusting them to keep it secure and accessible.
Some password managers that store password information locally provide a synchronization feature so you can access your passwords from multiple devices. In other cases, you can usually use third-party file synchronization utilities, such as DropBox to keep your password database current on multiple devices.
The majority of password managers use a master password to safeguard access to your password data so you only have to keep track of a single password. That master password needs to be a complicated one, however, since its all someone would need to gain access to all of your other passwords. Since you choose the master password, not the software, youre probably out of luck if you forget it, though some password managers offer password recovery under certain circumstances.
For added security, some password managers offer multi-factor authentication, which supplements something you knowthat master passwordwith something you have, such as a key file stored on a PC or USB device. If you dont want to have to remember a master password, you may be able to use a key file in lieu of one, but then youll still need to protect access to the file. There are also biometric options available that can authenticate you via a fingerprint.
Password Generation and Rating
If you dont like coming up with strong passwords on your own, make sure any password manager you choose includes a password generator that will conjure one up based on parameters you specify, such as a minimum length or inclusion of a certain number of mixed-case or special characters. Youll also want to be sure that a password manager can rate passwords (whether you created them or the software did) to make sure that theyre strong.
Chances are you already have a few passwords to bring into a new password manager, so unless you feel like typing them all in manually, youll want to consider a products data import capabilities. Many password managers can import a list of passwords from generic CSV or TXT files, a browsers password cache, and in some cases from other password managers. Conversely, a password managers ability to export is important if you ever want to switch to another product, so be sure your data wont be locked in.
In a nutshell, password managers are a great way to delegate the heavy lifting required to use secure passwords. Below are five diverse password managers to start you on your search.
5 Great Password Managers
Arguably the most feature rich and flexible password manager out there, LastPass, which stores your password data online (but encrypts it both in storage and in transit), supports virtually every OS, Web browser, and handheld platform out there. Its also free, at least for the standard version; to banish ads, use multifactor authentication, or get any of the mobile versions, youll have to ante up $1 per month (billed annually) for a LastPass Premium subscription.
RoboForm offers good browser and mobile platform support, and offers optionalbut freeonline backup and synchronization for your password data. The free version limits you to ten logins, while the $30 RoboForm Pro removes the restriction and enables creation of multiple identities (to keep personal and work-related passwords separate, for example).
KeePass is an old-school password manager that lacks online storage or browser integration, but this open-source utilitywhich is completely free and available in multiple versionswill run on a USB key or a Windows PC without installation and can also use a key file or Windows account to authenticate in lieu of a master password.
The $50 Eikon to Go Digital Privacy Manager stores passwords not on your system or online, but rather on a USB-based fingerprint reader. Although not portable in the strictest sense (you cant move it easily between computers) it has some unique features like the ability to automatically log you into the operating system (Windows or Mac) and lets you dismiss those annoying Vista/Windows 7 UAC prompts with a finger swipe.
At $40, 1Password is one of the pricier software-only password managers, but its got a Mac-centric approach (it requires Leopard or Snow Leopard) that integrates with the OS X Keychain and offers slick iPhone and iPad versions, as well. (A Windows version is currently in beta.)
Launched just this month, a new password management software package from SecurityCoverage, Password Genie is particularly well-suited for groups or businesses. A Windows-only utility with IE and Firefox browser support (but no portable or mobile options), Password Genie uses uses 256-bit AES encryption for local password storage and 128-bit SSL encryption when synchronizing between computers. For a subscription price of $36 (billed annually), it permits installation on up to five computers, keeps passwords synchronized between systems, and provides free technical support via toll free phone or chat.