You probably don’t need to be told that using complex and lengthy passwords are essential to good security. Of course, creating such a password-- and then managing to remember it—takes a fair amount of effort.  Coming up with a unique password for each of the many Web sites/services you use regularly (not to mention password-protected applications and hardware devices) can be a Herculean chore, which explains why people take convenient-yet-insecure routes of jotting down passwords all over the place or using the same simplistic and easily-discovered password (kids’ names anyone?) every time one is called for.

But there’s no need to sacrifice your sanity for security, or vice-versa, because with password management software you can maintain good password practices while minimizing or eliminating most of the associated hassles. Password managers remember countless passwords so you don’t have to, but they can also help you create strong passwords, rate the strength of the ones you already use, and ensure that entering a password when needed is effortless--or very nearly so.  

keepass.jpg


KeePass Password Safe

There are many good password management tools to choose from, and most of them are available at low or even no cost depending on the specific features you need. Here are some of the things you should consider when choosing password management software, along with five specific products you should check out.

Platform Support

Password managers can take the form of stand-alone PC applications, portable apps that work off a USB storage device, Web browser plug-ins, mobile (phone) versions, or any combination of these. Browser plug- ins are the most convenient, as they generally capture account usernames and passwords when you log into different sites then automatically serve up the appropriate credentials the next time you visit. (Otherwise, password managers typically use clipboard/hotkey combos to save you from having to type.)  

If you typically work across a variety of different computing environments or devices, be sure to check that a password manager has support to match. Fortunately, the most popular password managers these days support a wide range of operating system, browser, and mobile platforms.

roboform.jpg

RoboForm

Storage and Synchronization

Password managers can store your password information either in an encrypted database file on your PC, or online on servers maintained by the software publisher (and in some cases, both). Ubiquitous access is an obvious benefit of storing your passwords “in the cloud,” but the flip side is that leaving the information under someone else’s control means trusting them to keep it secure and accessible.

Some password managers that store password information locally provide a synchronization feature so you can access your passwords from multiple devices. In other cases, you can usually use third-party file synchronization utilities, such as DropBox to keep your password database current on multiple devices. 

 Authentication Methods

The majority of password managers use a master password to safeguard access to your password data so you only have to keep track of a single password. That master password needs to be a complicated one, however, since it’s all someone would need to gain access to all of your other passwords. Since you choose the master password, not the software, you’re probably out of luck if you forget it, though some password managers offer password recovery under certain circumstances.  

For added security, some password managers offer multi-factor authentication, which supplements something you know—that master password—with something you have, such as a key file stored on a PC or USB device. If you don’t want to have to remember a master password, you may be able to use a key file in lieu of one, but then you’ll still need to protect access to the file. There are also biometric options available that can authenticate you via a fingerprint.  

Password Generation and Rating

If you don’t like coming up with strong passwords on your own, make sure any password manager you choose includes a password generator that will conjure one up based on parameters you specify, such as a minimum length or inclusion of a certain number of mixed-case or special characters. You’ll also want to be sure that a password manager can rate passwords (whether you created them or the software did) to make sure that they’re strong. 

1password_sm.jpg

1Password. Click to enlarge.

Data Import/Export

Chances are you already have a few passwords to bring into a new password manager, so unless you feel like typing them all in manually, you’ll want to consider a product’s data import capabilities. Many password managers can import a list of passwords from generic CSV or TXT files, a browser’s password cache, and in some cases from other password managers. Conversely, a password manager’s ability to export is important if you ever want to switch to another product, so be sure your data won’t be locked in.

In a nutshell, password managers are a great way to delegate the heavy lifting required to use secure passwords. Below are five diverse password managers to start you on your search.

5 Great Password Managers

LastPass lastpass.jpg

Arguably the most feature rich and flexible password manager out there, LastPass, which stores your password data online (but encrypts it both in storage and in transit), supports virtually every OS, Web browser, and handheld platform out there. It’s also free, at least for the standard version; to banish ads, use multifactor authentication, or get any of the mobile versions, you’ll have to ante up $1 per month (billed annually) for a LastPass Premium subscription. 

RoboForm

RoboForm offers good browser and mobile platform support, and offers optional—but free—online backup and synchronization for your password data. The free version limits you to ten logins, while the $30 RoboForm Pro removes the restriction and enables creation of multiple identities (to keep personal and work-related passwords separate, for example).

KeePass Password Safe

KeePass is an old-school password manager that lacks online storage or browser integration, but this open-source utility—which is completely free and available in multiple versions—will run on a USB key or a Windows PC without installation and can also use a key file or Windows account to authenticate in lieu of a master password.

Eikon to Go Digital Privacy Manager

The $50 Eikon to Go Digital Privacy Manager stores passwords not on your system or online, but rather on a USB-based fingerprint reader. Although not portable in the strictest sense (you can’t move it easily between computers) it has some unique features like the ability to automatically log you into the operating system (Windows or Mac) and lets you dismiss those annoying Vista/Windows 7 UAC prompts with a finger swipe.

1Password

At $40, 1Password is one of the pricier software-only password managers, but it’s got a Mac-centric approach (it requires Leopard or Snow Leopard) that integrates with the OS X Keychain and offers slick iPhone and iPad versions, as well.  (A Windows version is currently in beta.)

Honorable Mention:

Launched just this month, a new password management software package from SecurityCoverage, Password Genie is particularly well-suited for groups or businesses. A Windows-only utility with IE and Firefox browser support (but no portable or mobile options), Password Genie uses uses 256-bit AES encryption for local password storage and 128-bit SSL encryption when synchronizing between computers. For a subscription price of $36 (billed annually), it permits installation on up to five computers, keeps passwords synchronized between systems, and provides free technical support via toll free phone or chat.

Joseph Moran is a veteran technology writer and co-author of Getting StartED with Windows 7 from Friends of Ed. Follow eSecurityPlanet on Twitter @eSecurityP.