Best Password Manager?

grovesy15 on 06/06/2014 - 11:52
Last edited 06/06/2014 - 12:10 by 1 other user

Hey all…

Looking for a password manager. Essentially all I want is something secure, that allows me to store website account information, credit card info, bank account info, etc. The ability to sync from Mac to iPhone would also be ideal.

I've done some quick minor research…and my thoughts are that 1password looks way too expensive to get Mac and iOS, KeePass looks quite confusing, especially as a Mac user, and I don't know much about LastPass. Dashlane looks good, but still $30 a month for syncing I believe?

Let me know what you use, why you use it, and why you recommend it. Some info on it would be ideal as well, I.e. what you pay for it, and what you use it for.

Cheers!

MOD: Add poll & "Take Suggestions from Commenters"

Poll Options

Internet

Comments

  • timmypete on 06/06/2014 - 12:35
    Suggested 1Password

    I know you've said 1Password is too expensive when separate iOS and Mac OS X licences come into the equation and can't disagree. I've got a Mac OS X licence only and have been very happy with it over the years, but never found the need to shell out for the iOS app too.

    Depending on what you mean by "sync" it might be an option still. If you mean two way transfer you're out of luck unless you shell out for the app. If you merely mean read access to passwords while on the go, you should check out the 1PasswordAnywhere feature that the desktop version comes with. It essentially stores all of the passwords in a secure HTML file that you can open and unlock in a modern browser. I find its sufficient for the occasions I need to get a password on the go, even though typing my lengthy master password on a phone is a real pain.

    • timmypete on 06/06/2014 - 12:44

      I should also add that 1Password's Mac OS X client is well designed, good at what it does and apparently well received from a security perspective. I use it to store randomly generated single-use passwords for a range of sites, to store product licences, and to keep secure notes that I used to entrust to keychain manager.

      I've only ever dealt with their customer support once to sort a licence for a pre-Mac App Store machine and they were very helpful in securing a complementary legacy license. A downside is that the Android app is read-only, but you've said you are iOS and as my point above notes, I've never needed two-way sync on Android or iOS.

      • ozhunter on 06/06/2014 - 13:31
        +1

        I should also add that 1Password's Mac OS X client is well designed

        I bought 1Password because it looks good, but both it and Lastpass get great reviews. I wouldn't buy it again especially since you have to buy it for each platform.

    • Member 0230 on 07/06/2014 - 12:51

      I agree with tplen1. 1Password is an excellent product made by people who seem to really give a damn about its quality AND (as you'd hope) really know a thing or two about strong security. There are frequent updates, and its support channels and community are active and responsive in my experience. However, I also appreciate it is not the cheapest, so IF you are able to wait, agilebits (the company) puts it on 50% sale probably 2-3 times a year. In my experience it always goes on sale every American Thanksgiving. Most recently it had a 50% off Heartbleed sale. I have not experienced LastPass, it may well be a good product also, but going with what I know, 1Password is an excellent, well-backed product.

      • timmypete on 07/06/2014 - 20:23

        I should have added that I bought it during a 50% off sale from the Mac App Store. They then gave me a complimentary license for a machine that was pre-AppStore.

    • [Deactivated] on 09/06/2014 - 19:41

      As everyone else said, I'm using it and it's great.

  • ESEMCE on 06/06/2014 - 12:49
    +2
    Suggested LastPass

    I've been using LastPass for the last few years after a major security breach that I actually had an account with occurred.
    Works extremely well, never had any login issues and it's cross platform (Mac, Windows, Linux, Android, iOS, Windows Phone, Blackberry, Symbian) so works on pretty much everything.

    The free standard version is great but it's only $12/year to
    a) support the ongoing development and maintenance of an excellent service
    b) get mobile OS support.

    • timmypete on 06/06/2014 - 12:54

      LastPass also offers hardware 2FA with a Yubikey, which is something I'd like for 1Password but the developers have indicated won't occur.

      • ESEMCE on 06/06/2014 - 12:58
        +1

        Not just YubiKey, there's a few 2FA options.

      • scotty on 06/06/2014 - 12:59
        +1

        Yes I'm using Google Authenticator with my LastPass account.

  • scotty on 06/06/2014 - 12:56
    +11

    Personally I recommend LastPass.

    • You can try it out for free. Yes some features are not included (most importantly mobile device sync), but a lot of people use LastPass free edition on their browsers as it does most what they need.

    • If you are a uni student, you can try LastPass Premium for free for 6 months. Use the referral link there so someone (and you) will get extra month of premium.

    • Functionality wise it has almost everything I needed as a password manager. Sync across different browsers (IE, Chrome, Firefox), different computers (Windows, Mac, Linux), different devices (Android, iOS, Windows Phone). Secure notes. Everything encrypted locally using your password (and optional 2-factor authentication) and LastPass.com only gets encrypted blob. Actually they've added so many features that I've not yet checked (been using LastPass Premium for almost 5 years now).

    I'm fine paying USD$12/year for something that I use multiple times a day on multiple devices. YMMV.

    Edit: Argh someone already made that suggestion when I typed up my reasons.

    • grovesy15 on 06/06/2014 - 13:04
      +9

      You had me at "personally", Scotty.

      • scotty on 06/06/2014 - 13:09

        Simply because since switching to LastPass 5-6 years ago I haven't tried anything else :) Yes it's quite good, but unfortunately I cannot give comparison with other products.

      • Benji on 08/06/2014 - 18:57
        +3

        Make sure you remember your email password though, don't use Lastpass for that.

        I think it was a year or two ago Lastpass wanted everyone to reset their password and sent everyone emails. Problem was a lot of people use Lastpass to store their email password.

        If you can't access Lastpass, you can't access your email. If you can't access your email, you can't access Lastpass.

        They also can't restore your data for you either. If you lose your password and can't access a PC you signed into previously all your usernames/passwords are gone. That's another reason why it's a good idea to manually remember your email password, that way you can do password resets.

        • Richard Axe on 08/06/2014 - 23:32

          Lastpass passwords are stored locally in each machine that it is installed. If you want to know any password managed by lastpass, you just have to login locally and retrieve the password.
          No need to store email passwords separately.

    • snappy1234 on 10/06/2014 - 11:39

      I'm fine paying USD$12/year

      Just did that thru my Telstra linked play account the other day

      (was one of the $10 sims i had stocked up on :)

      edit: came to 13.77 aud

      • murkywater on 19/06/2014 - 16:09

        Wow, didn't know you could do that! Nice tip.

        Might have to get lastpass a try.

    • MJ101 on 01/09/2017 - 12:52

      How are you paying $12/year? when I click Go Premium it shows 'Just $2 /month, billed annually.'

  • grovesy15 on 06/06/2014 - 13:24

    I guess I was also looking for something that I could store bank account info, etc. in as well for reference on phone calls and customer service. Last Pass does not incorporate this, does it?

    • ESEMCE on 06/06/2014 - 13:27

      Not sure if it's you're after, but Lastpass has a Secure Notes feature

    • pax on 06/06/2014 - 14:25

      Try "Identities" in the LastPass Vault feature.

    • Richard Axe on 08/06/2014 - 23:37

      There is a notes section under each site stored where you can enter whatever you want in relation to that site.
      It is what I do.

  • hellbound on 06/06/2014 - 13:40
    +9
    Suggested KeePass

    I use Keepass with the kdb file stored on my dropbox. Version of the program available for pretty much any OS, open source and free.
    Not sure what about it you think is confusing, I found it only took a few minutes to set up.

  • m2000 on 06/06/2014 - 14:05

    I've been using DataVault Password Manager for 5-6 years (only one-off fee but need licence for each OS)
    http://www.ascendo.co/DataVault.html

  • pax on 06/06/2014 - 14:11

    I use LastPass and pay for premium option across all my devices. Quite happy with the results so far and trying to get the wife to switch to make her passwords more unique.

  • nobby on 06/06/2014 - 14:14

    I think you'll find the Dashlane pricing is USD$30 a year, not a month. I use that now, although I used to use LastPass as well. Reason I stopped using lastpass was due to some annoying bugs I was getting with the autofilling function. Haven't gone back for a while so those bugs may be gone now.

    I find both Dashlane and LP to be pretty much on par in terms of service offerings - multi browsers, sync with devices (premium), secure notes, etc.
    One gripe I have with Dashlane is that it has no linux support (there's supposedly a way to get it to work in browsers but I haven't bothered looking into it). Also, Dashlane runs as a stand-alone program outside the browser so there might be a bit more computer resources used, but I've never noticed any effect on my laptop.

    You might be able to get dashlane at a discount by trialling a premium account. I'm pretty sure they offered me a discount via the app when I got toward the end of the 30 day trial.

  • verio on 06/06/2014 - 14:31
    +1

    I would recommend you to watch for a sale of 1Password via appshopper or a similar website. 1Password is overpriced, but it is still a very good software.

  • sarakoth on 06/06/2014 - 15:54

    I use the android app called Pocket, which syncs with dropbox.

    I find I have my phone wherever I go so don't worry about multiplatform.

    • ESEMCE on 06/06/2014 - 16:16

      Much nicer to just have the password autofill though than have to copy it from your phone screen!

    • akd on 13/05/2015 - 14:14

      I also love that app. Simple to use and data is saved on phone not on cloud. There is desktop version also.
      Wish there was similar iOS app also.

  • The Buyer on 07/06/2014 - 07:54

    I've tried them all but keep coming back to Roboform.

    They've never been hacked either.

    • pax on 07/06/2014 - 10:01

      Famous last words?

    • Kempe on 08/06/2014 - 13:04

      Been using Roboform for years but started to get problems about a year ago in that it wont let me log onto one of the banks I use nor Centrelink.
      When I save the password it saves a changed password so it doesnt work.
      I emailed the bank and asked them if they had changed something to cause it but they hadnt so I'm confused why Roboform has problems with these 2 (higher security) websites

  • rbrb on 07/06/2014 - 08:09
    +1
    Suggested mSecure

    I know 1password is expensive but it's worth every cent. I've tried a lot of different apps but none really compare. The browser plugins are especially handy.
    I should also add that mSecure is a close second and well worth a look

  • RichardRides on 07/06/2014 - 09:20
    +1

    1Password is worth every penny.

    Buy both Mac OSX and iOS versions - occasionally on special or part of bundles.

    Sync via Dropbox, iCloud or local.
    Windows version if you're stuck using that OS at work or wherever.
    Identities and auto-complete for online shopping sites.
    And they keep developing it.

    (Posted from within the 1Password browser on my iPad!)

    RB

  • anna10 on 07/06/2014 - 09:41

    I have a mate who writes them all down and hides the paper 'carefully'. He changes them frequently and does not duplicate. He says if they can hack everything else in the world they can hack a p/w manger. Please discuss ….

    • ESEMCE on 07/06/2014 - 11:43

      Yep.. he's right
      But you lose all the convenience of autofill and true random generation..
      And what happens when he loses the piece of paper?

    • scotty on 07/06/2014 - 13:59
      +1

      Most "manager" is there for convenience, without sacrifice too much on security. The real paranoid would not trust a proprietary software solution, but most people are happy with a good enough solution.

      @grovesy15 - if your last name happens to be Snowden or intend to do something similar, maybe none of the suggestions here would satisfy you.

    • Diji1 on 08/06/2014 - 11:48

      That's really, really inconvenient aka a waste of time - why does he not just use Keepass? He's probably more insecure doing it that way owing to the possibility of keyloggers.

  • expertreader on 08/06/2014 - 08:05
    Suggested Norton ID SAFE

    I have been using Norton ID SAFE for over 6 months now. Been using it on my iphone, windows 7 and android tablet and it works flawlessly. It's free and has online and offline access for tablet and iphone. Worth a try to see if it works for you. No ads either.

  • zultan on 08/06/2014 - 09:20

    www.passpack.com is my personal preference.

  • Diji1 on 08/06/2014 - 11:53
    +2

    I use Lastpass. For me it strikes the right balance between security and convenience particuarly on mobile devices.

    Storing passwords remotely is theoretically less secure than a purely local solution like Keepass but just like music quality for a lot of people convenience trumps going the extra distance for marginal gains. Provided you use Lastpass correctly it is leaps and bounds ahead of not using a password manager both in time and security gained.

    I do however not use it for anything that may lead to me losing money eg PayPal, credit card numbers and banking. There is nothing to indicate that Lastpass has ever been compromised thus far however … I'm still cautious.

  • p1 ama on 08/06/2014 - 13:43
    -8

    Use your memory? You can remember things with a little bit of work.

    I remember my bank login account number, credit card details, all of my passwords and PINs (around about 5 - 6 in total) and which sites I use…etc.

    It's not that hard.

    • ESEMCE on 09/06/2014 - 09:20

      Do you have unique and truly random passwords with Symbols, Digits, Upper and Lower Case and at least 16 characters for each site, or do you reuse passwords or have a "system"?

      • p1 ama on 10/06/2014 - 11:10

        For things that matter, yes, I have unique passwords.

        For things that don't, i.e. for things such as OzBargain, other forums…etc. where there isn't any risk if my account is compromised, then no, I don't have unique passwords for them.

        But why waste the effort and time.

        I just find it ridiculous. Imagine if the password manager you use goes under or their database goes corrupt, you'll be left clueless as to what your passwords are.

        • ESEMCE on 10/06/2014 - 11:21

          Lastpass caches locally so you can export if necessary.

        • p1 ama on 10/06/2014 - 11:29

          Firstly, I'd rather not compromise everything with the compromising of one password. With the system I have, you find one of my passwords, fine, I'll change that one. None of my passwords will give you access to anything else that's of importance.

          These systems are like having a number of keys for your house, but storing them in a safe with one master key, when that key's loose, guess what…you're done for.

          If you're using one password to keep all your other passwords secure, what happens when that password is compromised?

          What if it's an emergency and you really need access to a single password immediately?

          What if you're at a friend's place and you want to log on somewhere and you're using their computer?

          When we get technology to "remember" things for us, we're way too reliant on technology.

          It's sad how many people can't even remember their own phone number, nor the numbers of the top 3 people they call.

          Ridiculous.

        • ESEMCE on 10/06/2014 - 12:22
          +1

          I similarly don't use a Password Manager for directly financial related stuff for that exact reason.

          "If you're using one password to keep all your other passwords secure, what happens when that password is compromised?"
          Ask yourself that question? You're actually the one who is more vulnerable to this situation cause you use the same password for everything you deem "unimportant". The problem is the information that can be compiled from those unimportant sites could well provide sufficient info to "backdoor" one of your important sites.
          With 2FA on Lastpass, having my password compromised is only half of the required key.

          If I'm at a friends place/emergency, I can pull out my USB key and load up Portable Firefox (with Lastpass) or get out my phone and hand type the stored password.

    • chipstss on 09/06/2014 - 17:09

      5-6 passwords? Try 49 passwords(complex variations of characters with length of 18+ Chars) not to mention the ability to store private notes securely.

  • surethang on 08/06/2014 - 14:18
    +2

    Call me paranoid, but with all the confirmations about the NSA making vendors put back doors into their security products, I am very wary of closed-source and online-based products. Then there's the seemingly weekly reports of site hackings and issues like the Heartbleed Bug that can let evil-doers bypass all that lovely security.

    So for me, it's KeePass.

    • Benji on 08/06/2014 - 19:00
      +1

      Lastpass uses your password locally to encrypt your DB file before sending it to them. They do not have your password and therefore can't access your data.

      That's also the reason why Heartbleed didn't really matter to Lastpass. Yes people could've accessed Lastpass' data, but because it's encrypted with a key only you know, the data would've been worthless.

      • ESEMCE on 09/06/2014 - 09:22

        Well Heartbleed is still an issue…
        Just cause the password is encrypted before sending to Lastpass doesn't mean it isn't retrieveable from the memory of your Heartbleed vulnerable Service provider.
        But no matter what password system you use, Hearbleed was an issue for everyone!

        • chipstss on 09/06/2014 - 17:13

          I don't use Lastpass nor am I trying to defend them but if I understand correctly, your DB is encrypted locally and then sent to LP's servers, your password has no opportunity to be compromised on LP's servers and thus isn't affected by heartbleed.

      • surethang on 09/06/2014 - 18:06

        They do not have your password and therefore can't access your data

        If you could guarantee that was true now and into the future, then I'd happily use LastPass, but as I said, there are just too many examples of where the NSA and the like have backdoors.

        http://www.google.com/search?q=nsa+backdoor

        But if you're going to use LastPass, make sure you have a damn strong master password. Unfortunately, most people are ignorant of what is a good password. As Ars Technica showed, 90% of passwords can be cracked in a few hours.

        https://www.schneier.com/blog/archives/2013/06/a_really_good…

        Granted, the average LastPass user is probably more knowledgeable, but I wouldn't be surprised if the majority of user's DB passwords could still be cracked.

        Most people are also ignorant of just how fast their password can be brute forced. If in doubt, test it here:

        https://howsecureismypassword.net/

        And even if you have a strong master password now, they've got your DB. And all that lovely faster computing power and things like quantum computing coming in the future is another concern - albeit for another day.

        As for vulnerabilities like Heartbleed, SQL injections, phishing, etc., yes they won't decrypt your DB, but as you say they're the sort of thing that will help get access to your raw DB file in the first place.

        In the end, it's an issue of control versus risk. For me, putting my DB in someone else's hands is just a higher level of risk than I'm willing to take at the moment, but as I said, I'm cautiously paranoid ;)

  • jerjergege on 08/06/2014 - 15:09
    -3

    Your brain.

  • snvl on 08/06/2014 - 16:50

    Has anyone used last pass and msecure? I have been using msecure but would like to know if I am missing something. I read last pass do auto fill on chrome / android which could be nice.

  • zeomega on 08/06/2014 - 20:41

    Personally, I'd rely on none of them.

    Use either your brain/memory or some personal form of cryptography in a list. Also all passwords to be non-dictionary, so that it can withstand bruteforce attacks.

  • Diji1 on 08/06/2014 - 21:46

    "Use your memory? You can remember things with a little bit of work."

    I'm simply not interested in doing "a little bit of work" to remember hundreds of logins of which a majority are 64 random characters. I'm not even interested in doing that for passwords that are six random characters which are an easy target for an attacker. Not too mention that I'll simply forget many of them leading to tedious password resetting.

    I also recommend generating another password and using that as the security question answer where applicable given that some are susceptible to brute forcing methods (as well as the more determined attacker that may use social media to discover information) such as names or cities for example.

  • meatgasm on 09/06/2014 - 03:40
    +1

    Keepass, because its open source, and thus security issues tend to be exposed and patched more quickly.

    • Member 0230 on 11/06/2014 - 12:18

      I appreciate the sentiment, and I tend to agree in principle. However, we recently saw a dramatic anti-demonstration of this: veteran encryption software TrueCrypt — I'm a long-time, once-happy user, now not so sure. http://steve.grc.com/2014/05/28/whither-truecrypt/

      • mooboy on 11/06/2014 - 16:09
        +1

        OMG - I didn't know that. That is so depressing :(

  • boxall on 09/06/2014 - 22:18

    Dashlane for me…I pay nothing, so not sure why people are saying it is $$.

    • grovesy15 on 10/06/2014 - 09:48

      When did you start using it? Are you still in the premium trial?

  • kcyw on 10/06/2014 - 09:29

    I don't really understand how all the different encryption systems work or how they can be hacked, so could someone tell me which one is the most secure? Convenience is not a top priority for me.

  • TrendyTim on 10/06/2014 - 09:33

    I am trying out dashlane at the moment, i tried last pass but its just not cutting it for me.

    Shameless plug: Get 6months free premium dashlane using this referral (disclaimer: i get 6months free as well)
    https://www.dashlane.com/en/cs/3bb8c77c

    Premium gets you syncing between devices, the annual fee of $30 is a bit much, and the ram usage is a little high, but so far its my favorite.

    • grovesy15 on 10/06/2014 - 09:47

      Have you tried 1password?

      • TrendyTim on 10/06/2014 - 10:27

        Yep, got it on my iphone (bought v3 then v4 like a month later) but i just don't like it, they are too mac centric as well.

    • TrendyTim on 10/06/2014 - 11:54

      I did notice though the fees via In App Purchases on iOS are 30% higher than on their website, when only 10% can be attributed to currency exchange.

  • irajohn90 on 10/06/2014 - 10:32
    Suggested Safe in Cloud

    I've found Safe In Cloud to be a great companion for me. Nice GUI and works for Android, iOS, Windows and MAC (beta at this stage). The good thing I liked about it is that you store your credentials database to your favorite cloud service (eg. dropbox, google drive, skydrive), so you don't have worry about your data being stored on the developers servers.

    • TrendyTim on 10/06/2014 - 11:53

      Its got potential but from the screenshot its chrome addin design isn't as nice as dashlane or last pass.

      No recurring fees and potentially no dependence on one potential fly by night host is a positive though.

  • bohn on 10/06/2014 - 12:28

    Lastpass with two factor authentication.

  • umoddbro on 10/06/2014 - 15:13
    +1

    I use Lastpass. Probably the best password manager out there, I highly recommend it!

  • Randxyz123 on 10/06/2014 - 17:44
    Suggested Dashlane

    Recommend Dashlane. You don't need to pay to sync between devices. You can store all your details such as your passport number, credit card number, drivers license number and of course passwords are synced and stored in one place. You can install the "helper" app on safari, chrome and firefox on mac and windows which will automatically fill in and remember passwords for you.

    • grovesy15 on 10/06/2014 - 17:47

      How do you sync without paying?

      • Randxyz123 on 10/06/2014 - 18:00

        I am not paying and mine syncs fine….

    • scotty on 10/06/2014 - 20:45

      Here's the difference between free and premium (premium being USD$29.99/year). Free accounts don't have:

      • No backup to the cloud
      • No sync across devices
      • No web access
      • No priority support

      Yeah would like to know how you can sync without paying. Do you need to put your password file on another cloud storage like Dropbox?

      • TrendyTim on 11/06/2014 - 10:26

        My guess is he either constantly refers people to get 6months free access (like my shameless attempt above), or he doesn't actually sync.

  • [Deactivated] on 11/06/2014 - 13:34
    +1

    For me it's 1password as I can sync to my own local network (via local file sync feature) and am not forced to use any NSA-approved cloud services. I also love Safe in Cloud and would stick with that if it wasn't forced to use a 3rd party cloud service.

  • shaiguy on 17/07/2014 - 12:19

    Has anyone tried STRIP?

  • boxall on 13/05/2015 - 16:12

    Dashlane for me. Somehow I have free syncing…must have been on a trial or something.

Login or Join to leave a comment
Login Join